Using Client Identification Headers with an upstream proxy

You can add Client Identification Headers to requests that are sent to upstream proxies. The Gateway passes these transparently, potentially removing an additional authentication step and improving the browsing experience.

You can add the following types of header to your configuration of the upstream proxy:

Forward Headers: This type contains the client IP address, and includes two headers: X-Forwarded-For and Forwarded.

For example, X-Forwarded-For: 10.44.1.3 and Forwarded: for=10.44.1.3
X-Authenticated-User Headers: An X-Authenticated-User Header contains authenticated user credentials (domain and/or user name). For example, X-Authenticated-User: WinNT://mycompany.com/mikes

The Gateway sends the client identification headers to the upstream proxy in readable unencrypted text.

How to add Client Identification Headers to your upstream proxy configuration

From the Upstream Proxy Settings page, click the Client Identification tab.

Select the headers you want to add.

Select Use Base64 Encoding to encode user name headers between the Gateway and the upstream proxy.

Enter the Header format you want to use for X-Authenticated-User headers. You can use tokens to specify the format as appropriate: For example, WinNT://%DOMAIN%/%USER%

%DOMAIN% and %USER% are the only permitted tokens for the Header format.