The X-Forwarded-For (XFF) request header is a de-facto standard header for identifying the originating IP address of a client connecting to a web server through a proxy server.

When a client connects directly to a server, the client's IP address is sent to the server (and is often written to server access logs). But if a client connection passes through any forward or reverse proxies, the server only sees the final proxy's IP address, which is often of little use. So, to provide a more useful client IP address to the server, the X-Forwarded-For request header is used.

HTTP Proxy can understand and parse related headers however there is a need to add X-Forwarded-For HTTP Header to packages that were sent by the client. Usually, Load Balancers handle this process. If Load Balancer adds this header to the client’s requests before it forwards to HTTP Proxy, then HTTP Proxy parses the header, and the real client IP address can be shown in HTTP Proxy Logs instead of the Load Balancer IP address.

The following steps should be followed to benefit from this feature:

If the page to be accessed by the client uses the HTTP protocol, the Load Balancer can add this tag to the plain text transmitted packets.

However, if the page to be accessed through the HTTP proxy uses the HTTPS protocol, since the incoming packets will be in encrypted form, these packets must be decrypted on the Load Balancer and then re-encrypted on the Load Balancer and sent to the HTTP Proxy after the relevant header is added. This process can only be done by SSL Offloading on the Load Balancer.

To avoid complex configurations, the most suitable method for transmitting the client IP address directly to the HTTP Proxy over the Load Balancer would be to run the Load Balancer in transparent mode.

Learn how to identify the original IP address of a client connecting to a web server through a proxy server using the X-Forwarded-For request header. Enable this feature by setting the http.proxy.client.ip.header configuration to X-Forwarded-For in the ht

Connection Reservation Usage on HTTP Proxy Auto-Login Feature

X-Forwarded-For

Brute Force Protection

[NEWUI] PAM BU Kron PAM- Reference Guide

Kron PAM Web GUI

License Manager

Email Server Configuration

Language Settings

Menu Lists Management

System Configuration Parameters

Enabling Push Notifications for Mobile Application

Enabling HTTPS on the Kron PAM Web GUI

802.1x Authentication

SAML Authentication

Hardware Security Module (HSM) Integration

Windows Authentication on the Kron PAM GUI

Multitenancy

Kron PAM Administration

Manual User Creation

Kron PAM Users Search

User Definition Option Menu

Editing Kron PAM Users

User Properties Set up 

Temporary User

Local User Bulk Import

New User Request

Force New User to Change Password 

User Password Strength Settings 

User Password Hash Algorithm Settings

Notifying Inactive Users Before Lock

LDAP/Active Directory Integration

User Group Creation

Assigned Credentials

SSH Keys Manager

User Management

Element Type

Device Groups

Device Inventory

Device Management

Policy Key Definition

Policy Groups Definition

Policy Realm Definition

Policy Tracking

Policy Management

Managerial Approval for Connections 

Managerial Approval Reservation

Managerial Approval for Commands

Managerial Approval in Shared Account Password Manager (SAPM)

Approval Workflow

Approval Workflow SMS Settings

Approval Management

SSH Proxy

RDP Proxy

HTTP Proxy

Advanced Authorization Methods

User and Entity Behavior Analytics

Session Manager

Password Vault

Application Token

Secrets

Sending the MFA QR Code to Users

Creating a Connection Between Kron PAM and the Kron PAM Mobile Application

Enabling Multi-Factor Authentication (MFA)

Using MFA to Log in to the Kron PAM Web GUI

Using MFA to Log in to the Kron PAM Desktop Client

Using MFA for SSH Connections

Using MFA for RDP Connections

Using MFA for SSH Proxy

Using MFA for HTTP/HTTPS Proxy

Using MFA for SFTP Proxy

Using MFA for TACACS+ Manager

Using MFA for Radius

Using MFA for Mobile Application

Offline Mode Settings

Using SMS for MFA

Using Hardware Tokens for MFA

Using Authentication Key (FIDO Key) for MFA

Using Keystroke to User Behavior Analytics

MFA Configurations for VPN Services

External MFA Providers

Multi-Factor Authentication

Basic Configurations for TACACS+ Devices

MSCHAPv2 RADIUS Configuration

TACACS+ Management Configuration Page 

TACACS+ Access Manager

SQL Proxy

Sensitive Data Discovery

SFTP Proxy

Data Access Manager

Importing Devices from Amazon Web Services

Importing Devices from Microsoft Azure

Importing Devices from the Google Cloud Platform

Cloud PAM

Cloud Infrastructure Entitlement Management (CIEM)

Kron PAM Logs

Active Sessions and Dual Control

System Log Viewer

SIEM Configuration

Reports

Threat Analytics and Response Dashboard

Tamper Proof Logging

Kron PAM Reporting and Logging Functions

Monitoring

Alarms

Alarm Configuration

Monitoring & Alarms

Watchdog Configuration 

Watchdog Mechanism

High Availability

Failover Scenario

Visualizing Reports and User Rights

Creating Charts for Reporting

Creating Dashboards

Dynamic Reports

Reporting

Logical Architecture

Tenant Management Requirements 

Tenant Management Interface

Administration by Tenant Admins

System Config Manager Parameters

DevOps Integration

Kron PAM Remote Access Portal

Secure Remote Access Connector

Remote Access Configuration in Kron PAM

Kron PAM Remote Access

APPENDIX 1: System Config Manager Parameters

APPENDIX 2: Job Descriptions for Job Scheduler

Reference Guide