A large majority of our traffic comes from our CDN provider. However, the GEO location is only picking up the source address of the CDN. Barracuda Web Application Firewalls allow us to configure "Header for Client IP Address".
Specify the header name appended by the Proxy server which contains the actual client IP address. The standard headers used to store the actual client IP address are:
If you give this functionality to the WAF, why can't we have it on our F600 firewalls to QOS, allow/deny, etc. traffic from the true GEO location of the client IP?