Add XFF Values to URL Filtering Logs
You can configure the firewall to add the
XFF values from web requests to URL Filtering logs. The XFF values
that the logs display can be client IP addresses, usernames if available,
or any values of up to 128 characters that the XFF fields store.
This
method of logging XFF values doesn’t add usernames to the source
user fields in URL Filtering logs. To populate the source user fields,
see Use XFF Values for Policies and Logging Source Users.
- Configure a URL Filtering profile.
- Select .
- Select an existing profile orAdda new profile and enter a descriptiveName.You can’t enable XFF logging in the default URL Filtering profile.
- In theCategoriestab, Define how to control access to web content.
- Select theSettingstab and selectX-Forwarded-For.
- ClickOKto save the profile.
- Attach the URL Filtering profile to a policy rule.
- Select and click the rule.
- Select theActionstab, set theProfile TypetoProfiles, and select theURL Filteringprofile you just created.
- ClickOKandCommit.
- Verify the firewall is logging XFF values.
- Select .
- Display the XFF values in one of the following ways:
- To display the XFF value for a single log—Click the
icon for the log to displays
its details. The HTTP Headers section displays the X-Forwarded-For
value. - To display the XFF values for all logs—Open the drop-down in any column header, selectColumns, and selectX-Forwarded-For. The page then displays an X-Forwarded-For column.