Fortinet black logo

Handbook

Logging options in web proxy profiles

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:618605
Download PDF

Logging options in web proxy profiles

There is an option on what action to take regarding the authenticated user's name in the header information for reading by upstream proxies and systems. This option can be used when a FortiGate is operating as an explicit proxy and authenticating users. The header is the x-authenticated-user and is used by the upstream proxy to ensure correct policy enforcement and to log the user's activity.

The log-header-change option enables the logging of any header changes in the web-proxy profile, including changes to authenticated users or groups.

Syntax

config web-proxy profile

edit <profile ID#>

set header-x-authenticated-user {pass|add|remove}

set header-x-authenticated-groups {pass|add|remove}

set log-header-change {enable|disable}

end

Option Description
header-x-authenticated-user

Action to take on the HTTP x-authenticated-user header in forwarded requests:

  • pass - Forward the same HTTP header
  • add - Add the HTTP header
  • remove - Remove the HTTP header
header-x-authenticated-groups

Action to take on the HTTP x-authenticated-groups header in forwarded requests:

  • pass - Forward the same HTTP header
  • add - Add the HTTP header
  • remove - Remove the HTTP header
log-header-change enable or disable the logging of HTTP header changes

Logging options in web proxy profiles

There is an option on what action to take regarding the authenticated user's name in the header information for reading by upstream proxies and systems. This option can be used when a FortiGate is operating as an explicit proxy and authenticating users. The header is the x-authenticated-user and is used by the upstream proxy to ensure correct policy enforcement and to log the user's activity.

The log-header-change option enables the logging of any header changes in the web-proxy profile, including changes to authenticated users or groups.

Syntax

config web-proxy profile

edit <profile ID#>

set header-x-authenticated-user {pass|add|remove}

set header-x-authenticated-groups {pass|add|remove}

set log-header-change {enable|disable}

end

Option Description
header-x-authenticated-user

Action to take on the HTTP x-authenticated-user header in forwarded requests:

  • pass - Forward the same HTTP header
  • add - Add the HTTP header
  • remove - Remove the HTTP header
header-x-authenticated-groups

Action to take on the HTTP x-authenticated-groups header in forwarded requests:

  • pass - Forward the same HTTP header
  • add - Add the HTTP header
  • remove - Remove the HTTP header
log-header-change enable or disable the logging of HTTP header changes