Add XFF Values to URL Filtering Logs

You can configure the firewall to add the XFF values from web requests to URL Filtering logs. The XFF values that the logs display can be client IP addresses, usernames if available, or any values of up to 128 characters that the XFF fields store.
This method of logging XFF values doesn’t add usernames to the source user fields in URL Filtering logs. To populate the source user fields, see Use XFF Values for Policies and Logging Source Users.
  1. Configure a URL Filtering profile.
    1. Select
      Objects
      Security Profiles
      URL Filtering
      .
    2. Select an existing profile or
      Add
      a new profile and enter a descriptive
      Name
      .
      You can’t enable XFF logging in the default URL Filtering profile.
    3. Select the
      Settings
      tab and select
      X-Forwarded-For
      .
    4. Click
      OK
      to save the profile.
  2. Attach the URL Filtering profile to a policy rule.
    1. Select
      Policies
      Security
      and click the rule.
    2. Select the
      Actions
      tab, set the
      Profile Type
      to
      Profiles
      , and select the
      URL Filtering
      profile you just created.
    3. Click
      OK
      and
      Commit
      .
  3. Verify the firewall is logging XFF values.
    1. Select
      Monitor
      Logs
      URL Filtering
      .
    2. Display the XFF values in one of the following ways:
      • To display the XFF value for a single log—Click the icon_spyglass_log.png icon for the log to displays its details. The HTTP Headers section displays the X-Forwarded-For value.
      • To display the XFF values for all logs—Open the drop-down in any column header, select
        Columns
        , and select
        X-Forwarded-For
        . The page then displays an X-Forwarded-For column.

Related Documentation