X-forwarded-for logging for and by the community!

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cyber Elite
Cyber Elite

A few weeks ago, I noticed a post in the General discussions area that I want to share with the community at large.


X-Forwarded-For (XFF) is an http header field that allows for the original IP address to be identified for connections going through a proxy. This helps with identifying the original requestor of a web page rather than hiding all outbound connections behind the IP of the proxy server.


If you create a URL filtering profile, you can also enable logging for this header. @BrianTaggart created a how-to that outlines how to create a URL filtering profile that doesn't require a URL-Filtering license, that leverages the X-Forwarded-For logging feature, and exports the logs to an external syslog server.


Brian Taggart is a Systems Engineer with Clearshark, a Palo Alto Networks Partner. Brian covers the Northern Virginia region, and when he is not having fun with all things Palo Alto Networks, he is busy obeying his wife and daughters (and sometimes restoring classic Pontiacs).


Here's his post:

Configuring XFF logging without a URL Filtering License


Don't have a Live Community account? It's simple and free to register for one, with just your name, email address, and country. Click here to sign up and start engaging with our community members!




Stay frosty!

  • 325 Subscriptions
Register or Sign-in
About the Author
I drink and I know things