>
    HTTP Header Logging
    Focus
    Download PDF
    Focus
    1. Home
    2. Advanced URL Filtering
    3. Monitoring
    4. HTTP Header Logging
    Download PDF
    Advanced URL Filtering

    HTTP Header Logging

    Table of Contents

    HTTP Header Logging

    Configure a URL Filtering profile that logs HTTP header attributes included in web requests for more visibility into the content your users are accessing.
    Where can I use this?What do I need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)
    • NGFW (Managed by Strata Cloud Manager)
    • NGFW (Managed by PAN-OS or Panorama)
    Notes:
    • Legacy URL filtering licenses are discontinued, but active legacy licenses are still supported.
    • Prisma Access licenses include Advanced URL Filtering capabilities.
    URL filtering provides visibility and control over web traffic on your network. For improved visibility into web content, you can configure the URL Filtering profile to log HTTP header attributes included in a web request. When a client requests a web page, the HTTP header includes the user agent, referer, and x-forwarded-for fields as attribute-value pairs and forwards them to the web server. When enabled for logging HTTP headers, the firewall logs the following attribute-value pairs in the URL Filtering logs.
    You can also use HTTP headers to manage access to SaaS applications. You don’t need a URL Filtering license to do this, but you must use a URL Filtering profile to turn this feature on.
    Attribute
    Description
    User-Agent
    The web browser that the user used to access the URL, for example, Internet Explorer. This information is sent in the HTTP request to the server.
    The HTTP header does not contain the full string for the User Agent. The maximum logged bytes from the packet preceding the packet containing the header-end is 36 bytes.
    Referer
    The URL of the web page that linked the user to another web page; it is the source that redirected (referred) the user to the web page that is being requested.
    X-Forwarded-For (XFF)
    The option in the HTTP request header field that preserves the IP address of the user who requested the web page. If you have a proxy server on your network, the XFF allows you to identify the IP address of the user who requested the content, instead of only recording the proxy server’s IP address as source IP address that requested the web page.
    Headers Inserted
    The type of header and the text of the header that the firewall inserts.

    © 2024 Palo Alto Networks, Inc. All rights reserved.