Cisco Cisco Email Security Appliance C160 Mode D'Emploi

AsyncOS provides administrators controls to manage users’ access to the Email 
Security appliance, including a timeout for Web UI session and an access list that 
specifies the IP addresses from which users and your organization’s proxy servers 
can access the appliance.

You can control from which IP addresses users access the Email Security 
appliance by creating access lists for users who connect directly to the appliance 
and users who connect through a reverse proxy, if your organization uses reverse 
proxies for remote users.

You can specify the IP addresses, subnets, or CIDR addresses for machines that 
can connect to the Email Security appliance. Users can access the appliance from 
any machine with IP address from the access list. Users attempting to connect to 
the appliance from an address not included in the list are denied access.

If your organization’s network uses reverse proxy servers between remote users’ 
machines and the Email Security appliance, AsyncOS allows you create an access 
list with the IP addresses of the proxies that can connect to the appliance. 

Even when using a reverse proxy, AsyncOS still validates the IP address of the 
remote user’s machine against a list of IP addresses allowed for user connections. 
To send the remote user’s IP address to the Email Security appliance, the proxy 
needs to include the 

x-forwarded-for

 HTTP header in its connection request to 

the appliance. 

The 

x-forwarded-for

 header is a non-RFC standard HTTP header with the 

following format:

x-forwarded-for: client-ip, proxy1, proxy2,... CRLF

.

The value for this header is a comma-separated list of IP addresses with the 
left-most address being the address of the remote user’s machine, followed by the 
addresses of each successive proxy that forwarded the connection request. (The