Lithnet Access Manager
PricingRequest a trial or quoteDownloads
v1.0
v1.0
  • Home
  • How does Access Manager help prevent lateral movement
  • Access Manager Editions
  • Licensing
  • Change log
  • Installation
    • Downloads
    • Creating a service account for the Access Manager service
    • Choosing between the Microsoft and Lithnet agents for LAPS support
    • Installing Access Manager
      • Access Manager Agent
      • Access Manager Service
  • Configuration
    • Setting up Authentication
      • Setting up smart card authentication
      • Setting up authentication with ADFS
      • Setting up authentication with Azure AD
      • Setting up authentication with Okta
    • Deploying features
      • Setting up Microsoft LAPS
      • Setting up Bitlocker access
      • Setting up Just-in-Time access
      • Setting up password encryption and history
      • Installing in a Failover Cluster
      • Integrated Windows authentication
    • Importing authorization rules
      • Importing BitLocker permissions
      • Importing local administrators group membership
      • Importing Microsoft LAPS permissions
      • Importing mappings from a CSV file
      • Importing rules from Lithnet LAPS web app
  • Help & Support
    • Frequently asked Questions
    • Troubleshooting
    • Getting Support
  • Advanced help
    • Advanced help topics
      • Access evaluation in Access Manager Service (AMS)
      • Performing an offline discovery of local admins
      • Script-based authorization
      • Backing up Access Manager
      • Recovering from a lost encryption certificate private key
    • Application help pages
      • Active Directory
      • Audit variables
      • Auditing Page
      • Auditing scripts
      • Authentication Provider
      • Authorization Page
      • BitLocker Page
      • Effective Access Page
      • SMTP Server Settings
      • High Availability Page
      • Proxy Settings
      • Jit Access Page
      • Licensing-Page
      • Local Admin Passwords Page
      • Rate Limits Page
      • User Interface Page
      • Web Hosting Page
Powered by GitBook
On this page

Was this helpful?

  1. Advanced help
  2. Application help pages

Proxy Settings

PreviousHigh Availability PageNextJit Access Page

Last updated 2 years ago

Was this helpful?

If you place AMS behind a reverse proxy or load balancer, you'll need to configure AMS to correctly find the real client IP address from the X-Forwarded-For header. This will ensure that rate limiting and audit logging are working against the correct IP.

Resolve client IP address from X-Forwarded-For headers

Indicates that the client IP address should be extracted from the X-Forwarded-For headers. If this setting is off, the client IP address is determined from the IP address of the machine that connects to the AMS service.

Maximum allowed entires in the header

The X-Forward-For header can be set by the client, and therefore can be spoofed. If you have a single load balancer or proxy in front of the AMS service, then set this to 1. This indicates that only the first entry in the X-Forwarded-For header should be used, and the others ignored.

Known proxy IP addresses

If you know the IP addresses of your proxy servers, you can add them here. AMS will use the IP address in the X-Forwarded-For header that appears after these known IP addresses.

Known proxy networks

If you know the network range that your proxy servers live in, you can use that instead of individual IPs. Any IP addresses in these ranges will be treated as trusted proxy addresses when resolving the real client IP.