When using a Cloud-based Web Application Firewall (WAF), which IP address will appear in IBM Digital Analytics reports ? the actual user IP address o

Answer

A Cloud based Web Application Firewall (WAF) is a cloud application designed to protect web applications/servers from web-based attacks by acting as an intermediary and monitoring traffic to and from web applications/servers, and scanning for suspicious activity based on rules and/or other criteria.

It is possible that the cloud based WAF at your end uses the X-FORWARD-FOR HTTP header field (a common standard) to identify the originating IP address of a client connecting to a web server.

However, IBM Digital Analytics does not use the X-FORWARD-FOR value, and instead uses the IP address from the X-CLIENTIP HTTP header field found in tag request properties.

What this means is that when visitors to your website send tag requests through the WAF, IBM Digital Analytics Technical Properties/Geography and other IP-based reporting will display the IP address of the WAF in reports, only if the X-CLIENTIP HTTP header field is changed from the originating Client IP address to the WAF?s IP address. Your WAF provider can assist you to determine if this behaviour occurs with your WAF.