Fortinet black logo

CLI Reference

Home FortiWeb 7.4.1 CLI Reference
7.4.1
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.8
7.0.7
7.0.6
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.3
6.4.2
6.4.1
6.4.0
6.3.23
6.3.19
6.3.18
6.3.17
6.3.16
6.3.15
6.3.14
6.3.13
6.3.11
6.3.10
6.3.9
6.3.7
6.3.6
6.3.5
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.2
6.1.1
5.7.0
5.6.1
5.6.0

waf ip-intelligence-ignore-x-forwarded-for

waf ip-intelligence-ignore-x-forwarded-for

Use this command to configure ignoring x-forwarded-for in reputation-based source IP blacklisting.

To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

Syntax

config waf ip-intelligence-ignore-x-forwarded-for

set ignore-x-forwarded-for {enable | disable}

end

Variable Description Default

ignore-x-forwarded-for {enable | disable}

By default, FortiWeb scans the IP addresses in the X-Forwarded-For header at the HTTP layer. This causes high resource consumption. To enhance the performance, you can enable Ignore X-Forwarded-For so that the IP addresses can be scanned at the TCP layer instead. This avoids HTTP packets being processed unnecessarily.

disable

Related topics

Previous
Next

waf ip-intelligence-ignore-x-forwarded-for

Use this command to configure ignoring x-forwarded-for in reputation-based source IP blacklisting.

To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

Syntax

config waf ip-intelligence-ignore-x-forwarded-for

set ignore-x-forwarded-for {enable | disable}

end

Variable Description Default

ignore-x-forwarded-for {enable | disable}

By default, FortiWeb scans the IP addresses in the X-Forwarded-For header at the HTTP layer. This causes high resource consumption. To enhance the performance, you can enable Ignore X-Forwarded-For so that the IP addresses can be scanned at the TCP layer instead. This avoids HTTP packets being processed unnecessarily.

disable

Related topics

Previous
Next