Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
romank
New Contributor III

X-Forwarded-for in Debug Logs

Hello,

Im trying to figure out if I am able to see if X-Forwarded-for header is being really forwarded to destination server. 

I did try those debug commands:

 

diagnose debug reset
diagnose debug timestamp enable
diagnose debug flow filter server-ip 10.144.155.10
diagnose debug flow filter flow-detail 7
diagnose debug flow filter session-detail
diagnose debug flow filter http-detail 7
diagnose debug flow filter module-detail module x-forworded-for # also did try ALL
diagnose debug flow filter module-detail status on
diagnose debug flow trace start
diagnose debug enable

 

I didnt get any results that would show me that such header was passed. Is it possible? Service is using SSL - so packet capture wont show me encrypted data.

rkr
rkr
5 REPLIES 5
marioeet1
New Contributor

Debug log in developer console will only show the current running user. You can set the debug level to the user running the apex job. The logs can also be downloaded from the setup app, but it's pretty useless way to debug. Generally speaking if I have a problem in prod, I refresh my partial sandbox and recreate it there so I have access to everything there https://speedtest.vet/ .

AEK
SuperUser
SuperUser

Hi Roman

I didn't try to show it in debug log before but you may check if it is well configured as follows:

  • Create a new X-Forwarded-For policy (menu Server Objects > X-Forwarded-For)
  • In this new policy, enable "Add X-Forwarded-For"
  • In the Web Protection Profile that you are using in your server policy, select the newly created X-Forwarded-For policy in the X-Forwarded-For field

This should forward the header to the back-end server.

AEK
AEK
romank
New Contributor III

Hi AEK,

thx for answer - of course X-Forwarded-for is working, but I just wanna have a proof from WAF that it was actually forwarded. :) Otherwise I must rely on the other side.

rkr
rkr
AEK

Did you try packet capture (menu Network > Packet Capture)?

Otherwise I'd also see if I can check it from server side;

Otherwise I'd temporarily disable SSL (if not in prod) between FWB and back-end server to see the clear traffic.

AEK
AEK
romank
New Contributor III

Yeap I did try. Sure thats one of solution it showed me already. But i was hoping that maybe, I could see it in the debug logs directly without disabling ssl or decryption traffic. :) 

rkr
rkr
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors