Create custom access log containing the X-Forwarded-For header field
search cancel

Create custom access log containing the X-Forwarded-For header field

book

Article ID: 172411

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

When there are several clients behind the same IP, the X-Forwarded-For header takes is usually used to identify the client that performed a specific request.

By default the access logs from the proxy don't show the content of this field. The purpose of this article is to create a new access log with the content of this particular header in such scenario.

Resolution

To create, use and monitor the new Access Log:

 

Step 1: Create the log Format

  • Browse to Management Console > Configuration > Access Logging > Formats > New

Format Name: Format_With_XForwardedFor (or any name you see fit)

Paste this string to replace the original string under "W3C Extended Log File Format (ELFF) String (Specify below)":

date time time-taken c-ip cs(X-Forwarded-For) cs-username cs-auth-group s-supplier-name s-supplier-ip s-supplier-country s-supplier-failures x-exception-id sc-filter-result cs-categories cs(Referer)  sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-bluecoat-application-name x-bluecoat-application-operation x-bluecoat-application-groups cs-threat-risk x-bluecoat-transaction-uuid x-icap-reqmod-header(X-ICAP-Metadata) x-icap-respmod-header(X-ICAP-Metadata)


Note: This format is simply the format called bcreportermain_v1 but with the X-Forwarded-For field added next to the client IP field (although it can be set as needed as long as the field is there).

 

Step 2: Create the log facility

  • Browse to the Management Console > Configuration > Access Logging > Logs > New

Log Name: AccessLog_With_XForwardedFor (or any name you see fit)

Log Format: Format_With_XForwardedFor (the new logs format that are created earlier)

 

Step 3: Define policy to write logs into the new file

  • In the Management Console > Policy > Visual Policy Manager > Launch > Create new Web Access Layer > New Rule.
  • Define the rule with the following details:

Source: Any

Destination: Any

Action: Set > New > Modify Access Logging > Name the Access Logging Object > Enable logging to: AccessLog_With_XForwardedFor (the new logs created in step 2) click Ok.

  • Click Install Policy to commit the new rule.
     

Step 4: Validate

  • In the Management Console > Statistics > Access Logging > Select log "AccessLog_With_XForwardedFor" > Start Trail
  • Use a Client machine whose request has the X-Forwarded-For header and verify that the log entries appear in the proxy.
Powered by Wolken Software