| Description | This article describe how to get referrer URI in web filter logs. |
| Scope | FortiGate. |
| Solution |
In HTTP, Referrer is the name of an optional HTTP header field that identifies the address of the web page (URI), from which the resource has been requested. By checking the referrer, the server providing the new web page can see where the request originated.
Go in FortiGate web filter and policy config requirement to get referrer URI in web filter logs.
Web filter profile.
config webfilter profile
The same result can be achieved for the Explicit Web Proxy by enabling SSL Deep Inspection and applying a customized web filter profile to the explicit proxy policy.
config firewall proxy-policy
edit <proxy_policy_id>
set proxy transparent-web
set service "webproxy"
set action accept
set schedule "always"
set logtraffic all
set ssl-ssh-profile "deep-inspection"
set webfilter-profile "<Web_filter_Name>"
next
end
Detailed logs, including the URI and HTTP Method, can be accessed by navigating to 'Log & Report -> Security Events -> Logs -> Web Filter'.
Note: When an SSL profile is configured to use deep SSL inspection, end users will likely see certificate warnings unless the CA certificate of the FortiGate is installed in their browser.
|
