cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who rated this post

XFF Value 1.1.1.1 when "Strip X-Forwarded-For Header" enabled

L0 Member

Hello,

 

Looking for some help if possible?

 

Trying to set up XFF (PA-3250, 8.1.12), I have tried to set it up following this tutorial:

https://live.paloaltonetworks.com/t5/General-Topics/Configuring-XFF-logging-without-a-URL-Filtering-...

 

The only part I have not configured is pushing the URL logs to the syslog server.

The problem is, when "Strip X-Forwarded-For Header" is enabled the URL Filtering monitor displays the XFF value as 1.1.1.1.  I temporarily disabled this feature and the internal client was displayed as expected, however, we would want to strip it and not make this information public.  As soon as I enabled the strip feature again the value changed back to 1.1.1.1.  I would have expected the XFF value to be displayed as the internal address and then as it leaves the firewall this information will be stripped from the HTTP header?

 

The clients go through a proxy server (Smoothwall), then to the FW and out.  We do not have access to the proxy but have been assured this has been set up correctly.

 

Is there something I am missing in the set up?

 

Any help would be greatly appreciated!

 

Thanks.

Who rated this post