How to Capture IP Address with XFF Header Enabled

How to Capture IP Address with XFF Header Enabled

18386
Created On 09/25/18 17:59 PM - Last Modified 06/13/23 04:21 AM


Resolution


If the traffic is coming to the firewall (e.g firewall sits between the load balancer and webserver), enabling the XFF feature on the Palo Alto Networks device will show the ip address in the username column of the URL log.

To enable XFF:

# configure

# set deviceconfig setting ctd x-forwarded-for yes|no

Or, it can be changed from operational command (not-persistent):

# set ctd x-forwarded-for yes|no

owner: mbutt
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClMKCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language