I use the SA as a reverse proxy for outside users that want to access internal web servers no authorization, configured as a Virtual hostname with the backend URLs.
In our logging I always coming from the IP of internal port of the SA. Is it possible to have the Juniper send an extra header with the real client IP as in most reverse proxies? (X-Forwarded-For_?)
Solved! Go to Solution.
I did try your advice.
It was effective. My application is able to read and consumer the session variable "x-forwarded-for" created using this method.
No, this cannot be done. The external user IP is not available internally.
You can *try* a header policy (users>resource policies>web>sso>headers/cookies) and set the value of sourceIP or x-forwarded-for (if you have something that sets that value)