Cisco Cisco Web Security Appliance S670 User Guide
5-38
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 5 Web Proxy Services
Advanced Proxy Configuration
Mode of the proxy:
1, 2, 3
2
Yes
Choose how to deploy the Web Proxy
using one of the following options:
using one of the following options:
•
1. Explicit forward mode only
•
2. Transparent mode with L4
Switch or no device for
redirection
Switch or no device for
redirection
•
3. Transparent mode with
WCCP v2 Router for redirection
WCCP v2 Router for redirection
For more information, see
Spoofing of the client IP
by the proxy:
by the proxy:
1, 2, 3
1
No
Choose whether or not the Web
Proxy should spoof IP addresses
when sending requests to upstream
proxies and servers using one of the
following options:
Proxy should spoof IP addresses
when sending requests to upstream
proxies and servers using one of the
following options:
•
1. Disable
•
2. Enable for all requests
•
3. Enable for transparent
requests only
requests only
When IP spoofing is enabled,
requests originating from a client
retain the client’s source address and
appear to originate from the client
rather than from the Web Security
appliance.
requests originating from a client
retain the client’s source address and
appear to originate from the client
rather than from the Web Security
appliance.
Note
When IP spoofing is enabled
and the appliance is
connected to a WCCP router,
configure a WCCP service to
redirect the return path.
and the appliance is
connected to a WCCP router,
configure a WCCP service to
redirect the return path.
Do you want to pass
HTTP X-Forwarded-For
headers?
HTTP X-Forwarded-For
headers?
Yes, No
(Boolean)
Yes
No
Choose whether or not the Web
Proxy retains any
“X-Forwarded-For” header included
in the requests it receives.
Proxy retains any
“X-Forwarded-For” header included
in the requests it receives.
When set to No, the Web Proxy
removes any “X-Forwarded-For”
header from requests that enter the
Web Proxy from a downstream proxy
server. You might want to do this if
the downstream proxy server
includes client IP address in the
header and you do not want to expose
those IP addresses to servers outside
your network.
removes any “X-Forwarded-For”
header from requests that enter the
Web Proxy from a downstream proxy
server. You might want to do this if
the downstream proxy server
includes client IP address in the
header and you do not want to expose
those IP addresses to servers outside
your network.
Table 5-15
advancedproxyconfig CLI Command—Miscellaneous Options (continued)
Option
Valid
Values
Values
Default
Value
Value
Web Proxy
Must Restart
Must Restart
Description