Hi,
We are considering implementing policies that whitelist traffic based on the ABP IP field. We are running an NGINX integration connector on-prem that sits between our F5 WAF and the websies/API's being called.
My questions where this value comes from: TCP/IP layer or http headers? My assumption would be that NGINX as a reverse proxy knows the client's IP from the Transport Layer and then adds that to the http headers in the ABP API call using this line from a given lua block:
"proxy_set_header X-Forwarded-For $remote_addr;".
i.e. the remote_addr being the client Ip and the X-Forwarded-For header what the ABP picks up and logs in the traffic logs, and what ultimately is used for IP whitelisting in the policies.
Reason for wanting to known is th-o be able to assess the risk of this IP being spoofed by scrapers.
Many thanks
Johan
#AdvancedBotProtection------------------------------
Johan Genbrugge
IT Solution Architect
Halle
------------------------------