- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Log the real IP address of the client user - X-For...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Log the real IP address of the client user - X-Forwarded-For (XFF)
In today’s web environment, many web servers utilize CDNs or application load balancers.
It is beneficial to log the real IP address of the client user rather than the IP address of the CDN or load balancer server.
Fortunately, CDNs and load balancers send requests with the X-Forwarded-For (XFF) header, which includes the real IP of the client user.
We can use the value of the X-Forwarded-For header in our Check Point logs.
When a Check Point Gateway is positioned between a CDN or an application load balancer and your web servers, the gateway will log the private IP address of the load balancer as the source.
In order to see the client user’s real IP on the Check Point logs, follow the below steps:
1. On the Gateway object , enable the application control blade.
2. On the policy , enable application control
3. On the access rule , enable extended logging
4. On the logs , add the field , Proxied Source IP
*** If the session is encrypted , enable HTTPS Inspection on the Gateway and upload the Web Server SSL Private key to the GW, Step by Step Guide is here