A few weeks ago, I noticed a post in the General discussions area that I want to share with the community at large.
X-Forwarded-For (XFF) is an http header field that allows for the original IP address to be identified for connections going through a proxy. This helps with identifying the original requestor of a web page rather than hiding all outbound connections behind the IP of the proxy server.
If you create a URL filtering profile, you can also enable logging for this header. @BrianTaggart created a how-to that outlines how to create a URL filtering profile that doesn't require a URL-Filtering license, that leverages the X-Forwarded-For logging feature, and exports the logs to an external syslog server.
Brian Taggart is a Systems Engineer with Clearshark, a Palo Alto Networks Partner. Brian covers the Northern Virginia region, and when he is not having fun with all things Palo Alto Networks, he is busy obeying his wife and daughters (and sometimes restoring classic Pontiacs).