Thank you for supporting the Cloud Customer Connect Community in 2024. It's a gift to work with you!

Look back
You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

Does Fusion Apps (HCM, ERP) honour the X-Forward-For (XFF) HTTP header for client IP decisions?

edited Jun 7, 2024 9:59AM in Applications Security 1 comment

Summary:

Does Fusion Applications (HCM or ERP) honour the X-Forward-For (XFF) HTTP request header for client IP decisions like environment IP "allowlisting" or LBAC?

Content (please ensure you mask any confidential information):

It is common for end users to access web user interfaces on cloud based SaaS services through web proxies. The XFF HTTP request header stores both the original client IP and any web proxy IPs the HTTP request has traversed through. Fusion Applications makes decisions on client IP, so which client IP does it use? Original end user client IP, or latest web proxy IP? or other?

Version (include the version you are using, if applicable):

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!