Whitelist X-forwarded Header Information from PCAP File
This document discusses how to retrieve the X-Forwarded-For (XFF) IP address from packet captures (PCAP) files after creating the case from events.
X-Forwarded-For is an HTTP header used to track the original IP address of a user connecting to a web server through a proxy or load balancer.
UI Implementation
Add X-Forwarded-IP as a new field in the UI.
![](../../__attachments/278430175/image-20230803-063926.png?inst-v=938f44a8-f9af-41c4-9e43-aa7b0251a73d)
Specify the necessary information about inserting the whitelist into a table along with the X-Forwarded-IP field.
![](../../__attachments/278430175/image-20230803-064608.png?inst-v=938f44a8-f9af-41c4-9e43-aa7b0251a73d)
Add a Whitelist in the Case Events page as below.
![](../../__attachments/278430175/image-20230803-065029.png?inst-v=938f44a8-f9af-41c4-9e43-aa7b0251a73d)