Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Shay_Levin
Admin
Admin

Log the real IP address of the client user - X-Forwarded-For (XFF)

In today’s web environment, many web servers utilize CDNs or application load balancers.

It is beneficial to log the real IP address of the client user rather than the IP address of the CDN or load balancer server.

Fortunately, CDNs and load balancers send requests with the X-Forwarded-For (XFF) header, which includes the real IP of the client user.

We can use the value of the X-Forwarded-For header in our Check Point logs.

When a Check Point Gateway is positioned between a CDN or an application load balancer and your web servers, the gateway will log the private IP address of the load balancer as the source.

1.png

 

 

 

 

In order to see the client user’s real IP on the Check Point logs, follow the below steps:

1. On the Gateway object , enable the application control blade.

3.png

 

 

 

 

 

 

2. On the policy , enable application control

4.png

5.png

 

 

 

 

 

 

6.png

 

 

 

 

 

3. On the access rule , enable extended logging

8.png

 

 

4. On the logs , add the field , Proxied Source IP

2.png

 

 

 

*** If the session is encrypted , enable HTTPS Inspection on the Gateway and upload the Web Server SSL Private key to the GW,  Step by Step Guide is here

    

0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.