X-Forwarded-For
(QW.HdrXFwFor)
Overview
This is a private feature developed by Qwilt.
Use this feature to include the X-Forwarded-For header in the origin request and specify which IP addresses to include in it. This header helps identify the originating IP address of a client connecting through the CDN.
About the X-Forwarded-For Header
The X-Forwarded-For header is an HTTP header used to identify the originating IP address of a client (end-user) when a request passes through intermediaries like proxies, load balancers, or CDNs. Without this header, the client's IP address would be hidden, as the server would only see the IP of the last intermediary.
The structure of this header is:
X-Forwarded-For: client1, proxy1, proxy 2
- client1: IP address of the original client
- proxy1, proxy2: IP addresses of any intermediaries.
The header always includes the detected IP address of the entity directly connecting to the CDN to request content. If the request is made through a proxy server, the detected IP is the proxy server's IP address and not the actual end-user's IP address.
Default Behavior
By default, the CDN excludes the X-Forwarded-For header incoming client requests before forwarding them to the origin. The header is excluded unless this feature is explicitly enabled.
Security Note
The IPs in the X-FORWARDED-FOR header are transmitted as plain text.
Examples
This example configuration directs the CDN to send a header containing only the detected IP address of the entity that directly connected to the CDN to request content. If the request is made through a proxy server, the detected IP is the proxy server's IP address instead of the actual end-user's IP address.
{
"generic-metadata-type": "MI.PrivateFeature.Qwilt.QW.HdrXFwFor",
"generic-metadata-value": {
"sendXFFHeader": true,
"existingValues": "remove",
"appendQwiltNodeIPs": false
}
}
Preserve Existing Values
In this example:
-
If the client request includes the X-Forwarded-For header, the CDN preserves the existing header values and appends the detected client IP.
-
If the client request does not include the X-Forwarded-For header, the CDN adds the header to the origin request with the detected client IP as its value.
{
"generic-metadata-type": "MI.PrivateFeature.Qwilt.QW.HdrXFwFor",
"generic-metadata-value": {
"sendXFFHeader": true,
"existingValues": "preserve",
"appendQwiltNodeIPs": false
}
}
Preserve Existing Values and Append Qwilt Node IPs
In this example:
-
If the client request includes the X-Forwarded-For header, the CDN preserves the existing header values and appends the detected client IP along with the Qwilt node (Qwilt cache) IPs.
-
If the client request does not include the X-Forwarded-For header, the CDN adds the header to the origin request, setting its value to the detected client IP and Qwilt node (Qwilt cache) IPs.
{
"generic-metadata-type": "MI.PrivateFeature.Qwilt.QW.HdrXFwFor",
"generic-metadata-value": {
"sendXFFHeader": true,
"existingValues": "preserve",
"appendQwiltNodeIPs": false
}
}
Remove Existing Values and Append Qwilt Node IPs
In this example:
-
If the client request includes the X-Forwarded-For header, the CDN removes the existing header values and replaces them with the detected client IP and the Qwilt node (Qwilt cache) IPs.
-
If the client request does not include the X-Forwarded-For header, the CDN adds the header to the origin request, setting its value to the detected client IP and Qwilt node (Qwilt cache) IPs.
{
"generic-metadata-type": "MI.PrivateFeature.Qwilt.QW.HdrXFwFor",
"generic-metadata-value": {
"sendXFFHeader": true,
"existingValues": "remove",
"appendQwiltNodeIPs": true
}
}
Supported Properties
| Field | Description | Valid Values | Default |
|---|---|---|---|
| sendXFFHeader | Specifies whether the X-Forwarded-For header is included in the origin request. If the client request does not already include the header, it is added to the request by the CDN. | true, false | false |
| existingValues | Defines whether to retain existing X-Forwarded-For values from the client request. | preserve, remove | remove |
| appendQwiltNodeIPs | Determines whether the IP addresses of the CDN caches in the request path are appended to the header. | true, false | false |