This article explains how to configure the Barracuda Web Application Firewall to allow Proxy protocol traffic.
The Proxy Protocol is used to carry the client’s source IP address and other originating information to the Barracuda Web Application Firewall when traversing intermediate devices. A standard usecase for the usage of Proxy protocol is to identify the originating source IP address when the traffic traverses an AWS Classic load balancer. Enabling the Proxy protocol allows the AWS CLB to append the source information as new headers that the Barracuda Web Application Firewall can use to perform various actions.
Enabling Proxy Protocol for a Service
- Perform the following steps to enable proxy protocol:
- Go to the ADVANCED > System Configuration page.
- In the Advanced Settings section, set Show Advanced Settings to Yes and click Save.
- Go to the BASIC > Services page.
- In the Services section, click Edit next to the service to which you want to enable proxy protocol.
- In the Service window:
- Scroll down to the Advanced Configuration section.
- Set Enable Proxy Protocol to Yes.
In the Accept List box, enter the source IP address(es) that do not contain a proxy header.
In the Proxy list box, enter the IP address(es) that contain proxy headers.
Note : The Accept List and the Proxy List accepts a single, or a range of IP addresses, or a combination of both with comma (,) as a delimiter without any space. Example: 10.10.10.10,220.127.116.11,10.10.11.11
Always, ensure that the range of the IP addresses is separated by a hyphen and there is no overlapping IP ranges. Example: 10.10.10.1-10.10.10.10