Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dmelamed
New Contributor

reqtype= "direct" vs "referral"

what is the difference between reqtype "direct" and "referral"? (in the log message)

 

I saw in the documentation that:

"The request type, either direct or referral."

 

I'll be glad to get an in-depth explanation, please.

3 REPLIES 3
AlexC-FTNT
Staff
Staff

This definition is not strictly related to Fortinet products.
The "direct" request is when you write in the browser: www.fortinet.com
The "referral" request is when you click a link on a site, and this automatically redirects you to that page you want to visit, for example, www.fortinet.com/post?referer=somerandomwebsitewhereyouclicked.com/

In HTTP, "Referer" (a misspelling of Referrer) is the name of an optional HTTP header field that identifies the address of the web page (i.e., the URI or IRI), which is linked to the resource being requested. By checking the referrer, the server providing the new web page can see where the request originated (wiki)


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
dmelamed

Is it possible that we will see logs marked as "referral" even if the user didn't click on a link?

For example, when visiting a news website, most of the traffic will be for ads websites (behind the curtain). Will we see these websites URLs as part of the logs at all?

and if so, is there a way to differentiate between sites that the user was aware of visiting and  "behind the curtain" sites?

AlexC-FTNT

Yes, it is possible, as most websites (news sites included) load some of the data from other sources through HTTP requests with referrer field for tracking. You can tweak this behavior in some of the browsers, but there is no possibility to differentiate this in the FortiGate. It sees and logs all the traffic originating from the user (can't tell if the user clicked a link, or a specific element or section was loaded by another page) 


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -