6.12 Ensure all HTTP Header Logging options are enabled - Log Container Page

Information

Enable all options (User-Agent, Referer, and X-Forwarded-For) for HTTP header logging.
Rationale:
Logging HTTP header information provides additional information in the URL logs, which may be useful during forensic investigations. The User-Agent option logs which browser was used during the web session, which could provide insight to the vector used for malware retrieval. The Referer option logs the source webpage responsible for referring the user to the logged webpage. The X-Forwarded-For option is useful for preserving the user's source IP address, such as if a user traverses a proxy server prior to the firewall. Un-checking the Log container page only box produces substantially more information about web activity, with the expense of producing far more entries in the URL logs. If this option remains checked, a URL filter log entry showing details of a malicious file download may not exist.

Solution

Navigate to Objects > Security Profiles > URL Filtering > URL Filtering Profile > Settings.
Un-check Log container page only
Check the User-Agent box
Check the Referer box
Check the X-Forwarded-For box
Default Value:
Not Configured

See Also

https://workbench.cisecurity.org/files/1664

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c., CSCv6|6.5, CSCv6|7.4

Plugin: Palo_Alto

Control ID: 0b4f6d9ff32520cc97e7937166eb5f7196bc39586f213f4c8e8e0fb5ea3b7912