X-Forwarded-For causing issue with authentication

Suresh Thakur, Kirti 86 Reputation points
2021-11-02T09:45:33.7+00:00

When APIM forward request to backend it adds 'X-Forwarded-For' header. Is there any way to remove this header? I tired adding inbound policy (set-header - delete) but it does not actually remove this header. This header with IP address is causing me trouble for authentication at backend api.

If I cannot remove the header what is the alternate way to get my request authenticate as due to this header i am getting 401 Unauthorized error.

Backend system is SAP S/4 HANA

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,768 questions
0 comments
Accepted answer
  1. MayankBargali-MSFT 68,656 Reputation points
    2021-11-02T10:18:44.167+00:00

    @Suresh Thakur, Kirti API Management is a reverse proxy and it must add X-Forwarded-For header to each request that passes through it per the HTTP spec. Therefore there is no way to remove it.
    You can configure the ICM parameter icm/HTTPS/accept_ccert_for_x_forwarded_for_requests and set it value to true so the request that has X-Forward-For are not denied at the SAP end. The default value is false for icm/HTTPS/accept_ccert_for_x_forwarded_for_requests at SAP end.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest