Palo Alto Networks Knowledgebase: How to Capture IP Address with XFF Header Enabled

How to Capture IP Address with XFF Header Enabled

2280
Created On 02/07/19 23:52 PM - Last Updated 02/07/19 23:53 PM
Content Release Deployment
Resolution

If the traffic is coming to the firewall (e.g firewall sits between the load balancer and webserver), enabling the XFF feature on the Palo Alto Networks device will show the ip address in the username column of the URL log.

To enable XFF:

# configure

# set deviceconfig setting ctd x-forwarded-for yes|no

Or, it can be changed from operational command (not-persistent):

# set ctd x-forwarded-for yes|no

owner: mbutt



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClMKCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language