locked
Remove "X-Forwarded-For" header RRS feed

  • Question

  • Hi

    We are using API Mngt. in front a test backend api which is partly protected through IIS IP Restrictions, when ever accessing the API from an "not" approved IP (like when testing on a mobile connection) we get a 401 as IIS parses the X-Forwarded-For header.

    I have tried to manipulate the header with the <set-header> policy but this apparently do not apply to the X-Forwarded-For header.

    Does any one have input on how to either remove the header or at least to override the value with an "valid" IP so traffic is allowed.

    Br.

    Tom

    Tuesday, September 1, 2015 2:13 PM

Answers

  • If you have a Standard or Premium API Mgmt instance, the IP address of the proxy server will stay constant and you can simply whitelist that IP address in your IIS. 
    • Proposed as answer by Asha99 Monday, September 7, 2015 3:52 AM
    • Marked as answer by Asha99 Tuesday, September 8, 2015 7:11 AM
    Friday, September 4, 2015 9:06 PM

All replies