Populating URL Filtering Log without a URL Filtering License when Using X-Forwarded-for

Populating URL Filtering Log without a URL Filtering License when Using X-Forwarded-for

17562
Created On 09/25/18 19:21 PM - Last Modified 06/06/23 16:57 PM


Resolution


When parsing of the "X-forwarded-for" attribute is enabled and the source user is unknown, the leftmost IP address (client's IP address) is stored in the source user column of the URL log. If the firewall is not licensed for URL filtering, perform the following to enable sessions to populate the URL log.

  • Create a URL filtering profile object
  • Under the block list, add the following two entries:

*.*
*.*.*

  • Set the action for the block list to alert.
  • Add the url filtering profile to your policy.
  • Commit.

 

owner: swhyte
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClW5CAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language