The following CPL will achieve two things
- it will copy the contents of the X-Forwarded-For field into an existing field in all access logs, in this example we have chosen an unused field, the x-virus-id field, other fields may be used such as the c-ip field but then you will lose this data. an alternative is to create a new log format just for this purpose.
- to avoid user IP address leaking out onto the internet this policy suppresses the X-Forwarded-For field
The following policy needs to be applied to the parent ProxySG. This policy can also be created from the VPM
; This rule rewrites the x-virus-id field to the value of the x-forwarded field to all access logs
;; Tab: [Web Access Layer (1)]
<Proxy>
log.rewrite."x-virus-id"("$(cs(X-Forwarded-For))") log.suppress."x-virus-id"(no) ; Rule 1
;the following will stop the x-forwarded for value from leaking out onto the internet ;; Tab: [SuppressXheader]
<Proxy>
action.SuppressHeader(yes) ; Rule 1
define action SuppressHeader
delete(request.header.X-Forwarded-For)
end action SuppressHeader