We use a bot defender and it can’t recognize the IP addresses we would like to whitelist Zscaler IP ranges.
Can you please help me decide by answering these questions:
-is it secure to add all the IP ranges to the bot defender? and what are the pros and cons
-or we can enforce the access through a specific ZEN, but we may have latency issues, what do you think?
-Or can we add some kind of header to our traffic?
Do you have any other suggestions?
Thanks in advance
Better do some kind API of automation that takes the ip addresses from Zscaler Data Center VIPs JSON | Zscaler and adds the to your bot system and maybe check the list every hour.
Zscaler by default inserts a header with the real client ip whent traffic passes through their cloud but it is easy to someone to add such a header to their packets and with this way to bypass your bot system.
Still the best security will be to ask the Zscaler team if they can add a customer header that the Zscaler cloud will add when talking to the servers as if the attacker in the rare case is using Zscaler ZIA they will bypass your bot system but you may check with Zscaler about that as they may block users and companies that use their service for attacks.
Also the source ip Anchoring is a nice option to send a traffic to your servers from a single zscaler source IP address that you can review like Zscaler ZIA and office 365 for example.
Did you manage to work around this issue ? Also I forgot to mention that if your Bot system can use the real client ip address in the XFF for whitelisting this could be a nice workaround.
I will share your solutions today , thank you .