Log the real IP address of the client user - X-For...

This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.

Reject

Preferences

ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ Sign In

Products
Learn
Local User Groups
Partners
- Welcome Partners!
More

Products
Learn
Local User Groups
- Upcoming Events
- Americas
- EMEA
- APAC
  - Korea
  - Mongolia
  - Bangalore
  - Greater China
  - Australia/New Zealand
  - Philippines
  - Japan
  - Singapore
  - India
  - Thailand
  - Taiwan
  - Hong Kong
  - Indonesia
Partners
- Welcome Partners!
More
ABOUT CHECKMATES & FAQ
- About CheckMates & FAQ
- Community Guidelines
Sign In
Leaderboard
Events

Hunting Malware Using Memory Forensics
Join us on June 26th at 5:00 PM CET

CheckMates Toolbox Contest 2024
Make Your Submission for a Chance to WIN up to $300 Gift Card!

LEARN MORE!

Harmony Endpoint:
Packing a Punch in 2024

WATCH NOW

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
The Difference Is In The Details

LISTEN NOW

Create a Post

CheckMates
:
Products
:
CloudMates Products
:
Cloud Network Security
:
Discussion
:
Log the real IP address of the client user - X-For...

Options

Subscribe to RSS Feed
Mark Topic as New
Mark Topic as Read
Float this Topic for Current User
Bookmark
Subscribe
Mute
Printer Friendly Page

cancel

Turn on suggestions

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Showing results for

Search instead for

Did you mean:

Are you a member of CheckMates?

Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!

Shay_Levin

Admin

a week ago

Mark as New
Bookmark
Subscribe
Mute
Subscribe to RSS Feed
Permalink
Print
Report Inappropriate Content

Log the real IP address of the client user - X-Forwarded-For (XFF)

In today’s web environment, many web servers utilize CDNs or application load balancers.

It is beneficial to log the real IP address of the client user rather than the IP address of the CDN or load balancer server.

Fortunately, CDNs and load balancers send requests with the X-Forwarded-For (XFF) header, which includes the real IP of the client user.

We can use the value of the X-Forwarded-For header in our Check Point logs.

When a Check Point Gateway is positioned between a CDN or an application load balancer and your web servers, the gateway will log the private IP address of the load balancer as the source.

In order to see the client user’s real IP on the Check Point logs, follow the below steps:

1. On the Gateway object , enable the application control blade.

2. On the policy , enable application control

3. On the access rule , enable extended logging

4. On the logs , add the field , Proxied Source IP

*** If the session is encrypted , enable HTTPS Inspection on the Gateway and upload the Web Server SSL Private key to the GW, Step by Step Guide is here