Imperva Cyber Community

Hi,

We are considering implementing policies that whitelist traffic based on the ABP IP field. We are running an NGINX integration connector on-prem that sits between our F5 WAF and the websies/API's being called.

My questions where this value comes from: TCP/IP layer or http headers? My assumption would be that NGINX as a reverse proxy knows the client's IP from the Transport Layer and then adds that to the http headers in the ABP API call using this line from a given lua block:
"proxy_set_header X-Forwarded-For $remote_addr;".
i.e. the remote_addr being the client Ip and the X-Forwarded-For header what the ABP picks up and logs in the traffic logs, and what ultimately is used for IP whitelisting in the policies.

Reason for wanting to known is th-o be able to assess the risk of this IP being spoofed by scrapers.

Many thanks
Johan
#AdvancedBotProtection

------------------------------
Johan Genbrugge
IT Solution Architect
Halle
------------------------------

Hi Johan,

I think you should be able to find the answer to your query here: 

https://docs.imperva.com/bundle/advanced-bot-protection/page/77896.htm 

Let me know if you have any further questions.

Thanks,

------------------------------
John Cosgrove
------------------------------

Original Message:
Sent: 09-27-2021 06:19
From: Johan Genbrugge
Subject: Advanced Bot Protection IP Whitelisting

Hi,

We are considering implementing policies that whitelist traffic based on the ABP IP field. We are running an NGINX integration connector on-prem that sits between our F5 WAF and the websies/API's being called.

My questions where this value comes from: TCP/IP layer or http headers? My assumption would be that NGINX as a reverse proxy knows the client's IP from the Transport Layer and then adds that to the http headers in the ABP API call using this line from a given lua block:
"proxy_set_header X-Forwarded-For $remote_addr;".
i.e. the remote_addr being the client Ip and the X-Forwarded-For header what the ABP picks up and logs in the traffic logs, and what ultimately is used for IP whitelisting in the policies.

Reason for wanting to known is th-o be able to assess the risk of this IP being spoofed by scrapers.

Many thanks
Johan
#AdvancedBotProtection

------------------------------
Johan Genbrugge
IT Solution Architect
Halle
------------------------------

Thanks John, That is indeed exactly what I'm looking for. And yes, we do use that setting in the website policies. Many thanks and have a great week-end!

------------------------------
Johan Genbrugge
IT Solution Architect
Halle
------------------------------

Original Message:
Sent: 09-29-2021 11:03
From: John Cosgrove
Subject: Advanced Bot Protection IP Whitelisting

Hi Johan,

I think you should be able to find the answer to your query here: 

https://docs.imperva.com/bundle/advanced-bot-protection/page/77896.htm 

Let me know if you have any further questions.

Thanks,

------------------------------
John Cosgrove

Original Message:
Sent: 09-27-2021 06:19
From: Johan Genbrugge
Subject: Advanced Bot Protection IP Whitelisting

Hi,

We are considering implementing policies that whitelist traffic based on the ABP IP field. We are running an NGINX integration connector on-prem that sits between our F5 WAF and the websies/API's being called.

My questions where this value comes from: TCP/IP layer or http headers? My assumption would be that NGINX as a reverse proxy knows the client's IP from the Transport Layer and then adds that to the http headers in the ABP API call using this line from a given lua block:
"proxy_set_header X-Forwarded-For $remote_addr;".
i.e. the remote_addr being the client Ip and the X-Forwarded-For header what the ABP picks up and logs in the traffic logs, and what ultimately is used for IP whitelisting in the policies.

Reason for wanting to known is th-o be able to assess the risk of this IP being spoofed by scrapers.

Many thanks
Johan
#AdvancedBotProtection

------------------------------
Johan Genbrugge
IT Solution Architect
Halle
------------------------------

Hey Johan,

I'm not sure if you've seen the events page, but we have an "Ask Me Anything" around Advanced Bot Protection on Oct 13. Advanced Bot Protection AMA (Ask Me Anything) - Imperva Customer Community

Come along with your ABP questions. You can also submit questions here to be addressed during the event! John and Jim are a great AMA team so this will be a great one to catch!!

THanks,

Sarah

------------------------------
Sarah Lamont(csp)
Digital Community Manager
------------------------------

Original Message:
Sent: 09-27-2021 06:19
From: Johan Genbrugge
Subject: Advanced Bot Protection IP Whitelisting

Hi,

We are considering implementing policies that whitelist traffic based on the ABP IP field. We are running an NGINX integration connector on-prem that sits between our F5 WAF and the websies/API's being called.

My questions where this value comes from: TCP/IP layer or http headers? My assumption would be that NGINX as a reverse proxy knows the client's IP from the Transport Layer and then adds that to the http headers in the ABP API call using this line from a given lua block:
"proxy_set_header X-Forwarded-For $remote_addr;".
i.e. the remote_addr being the client Ip and the X-Forwarded-For header what the ABP picks up and logs in the traffic logs, and what ultimately is used for IP whitelisting in the policies.

Reason for wanting to known is th-o be able to assess the risk of this IP being spoofed by scrapers.

Many thanks
Johan
#AdvancedBotProtection

------------------------------
Johan Genbrugge
IT Solution Architect
Halle
------------------------------