Is it possible to traceback customer Public IP Address for egress traffic passing through zscaler proxy? I’m trying to understand if it is possible for anyone outside the customer and zscaler team to traceback the customer IP address.
It depends on two things, Zscaler proxy can (either HTTP or decrypted traffic of HTTPS) or cannot see the payload (encrypted, HTTPS, No SSL inspection).
If the egress traffic passing through the Zscaler proxy is unencrypted, then it is possible to trace back the customer’s public IP address. Zscaler, like most proxies, will forward the IP address of the client in the headers of the requests. This means that the destination server will see the IP address of the Zscaler proxy as the source IP address, but it will also see an X-Forwarded-For (XFF) header that contains the client’s IP address.
However, if the egress traffic passing through the Zscaler proxy is encrypted (e.g., HTTPS), then it is not possible to trace back the customer’s public IP address without breaking the encryption. Zscaler does not have access to the decrypted traffic, so it cannot read or modify the headers in the encrypted traffic.
It’s worth noting that some websites and services may use additional measures to hide the client’s IP address, such as using a CDN (content delivery network) or a reverse proxy. In those cases, tracing back the customer’s public IP address may be more difficult.