@Suresh Thakur, Kirti API Management is a reverse proxy and it must add X-Forwarded-For
header to each request that passes through it per the HTTP spec. Therefore there is no way to remove it.
You can configure the ICM parameter icm/HTTPS/accept_ccert_for_x_forwarded_for_requests
and set it value to true
so the request that has X-Forward-For are not denied at the SAP end. The default value is false for icm/HTTPS/accept_ccert_for_x_forwarded_for_requests at SAP end.
X-Forwarded-For causing issue with authentication
Suresh Thakur, Kirti
86
Reputation points
When APIM forward request to backend it adds 'X-Forwarded-For' header. Is there any way to remove this header? I tired adding inbound policy (set-header - delete) but it does not actually remove this header. This header with IP address is causing me trouble for authentication at backend api.
If I cannot remove the header what is the alternate way to get my request authenticate as due to this header i am getting 401 Unauthorized error.
Backend system is SAP S/4 HANA
Accepted answer
-
MayankBargali-MSFT 68,656 Reputation points
2021-11-02T10:18:44.167+00:00