Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

verify-proxy-chain

Syntax

Hierarchy Level

Description

Enable to improve security against untrusted proxies modifying request headers.

When enabled, all XFF header addresses must be in the trusted proxy set. If any address in the XFF headers is missing from the set, the entire chain is invalid, and the source identity is declared UNKNOWN with the source IP.

Options

Configure trusted-proxy with verify-proxy-chain option.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 25.4R1.