How to Enable HTTP Header Logging and Track URLs Accessed by Users

How to Enable HTTP Header Logging and Track URLs Accessed by Users

55902
Created On 09/25/18 17:15 PM - Last Modified 01/30/25 00:21 AM


Objective


Overview

HTTP header logging was introduced in PAN-OS 6.1. This document explains how to enable the HTTP header logging and how to track URLs accessed by individual users in the network.

 

Environment


  • Palo Alto Firewall
  • PAN-OS 6.1

Procedure


Steps

  1. Configure a URL Filtering Profile under Objects > Security Profiles.
    x.JPG
  2. Configure necessary actions for each respective category.
  3. Navigate to settings in the URL filtering profile and enable User-Agent, Referer, X-Forwaded-For checkboxes under HTTP Header Logging.
    y.JPG
  4. Create a security policy for traffic of interest.
  5. Under Profile Settings, call the configured URL Filtering Profile and select OK.
    xx.JPG
  6. Commit the configuration.
  7. Navigate to Monitor > Logs > URL filtering. Use the filter to select the source user.
    Note: The referrer field will list out the URLs visited by the end user. The individual log will look like this:
    zz.JPG
  8. Under HTTP header, use the referrer field to get the actual URLs each user accessed.

 

owner: skumar1
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClERCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language