Adding a X-Forwarded-For (XFF) header

MikeFus
Conversationalist

Adding a X-Forwarded-For (XFF) header

I have a MX100 with two WAN connections.  Is there any way to add a XFF HTTP request header to outgoing traffic?  We've had a number of instances of Wikipedia vandalism from within our campus network (students experimenting, mostly) and Wikipedia attributes these edits to our shared public IP addresses, using the XFF header is one way Wikipedia recommends dealing with this.  I haven't found a way to configure the MX100 to append this header.  Any ideas?

3 REPLIES 3
PhilipDAth
Kind of a big deal
Kind of a big deal

No.

 

I would configure a syslog server and record all the flows.  Then when an incident happens examine who was talking to Wikipedia at the time.

https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Syslog_Server_Overv... 

 

If you are not using authenticated WiFi - considering changing to it.  Hopefully, users will do less dumb things if they know they are being tracked by their login.  Also, the login name will be written out to syslog to make it easier to identify who is doing it.

PhilipDAth
Kind of a big deal
Kind of a big deal

ps. I recommend a simple free Ubuntu server for syslog.

Thanks for these recommendations!  I had dabbled with syslog (Kiwi) quite a while ago, but didn't have time to dive into it and was a bit overwhelmed at the volume of data it generated.  Do you use syslog-ng as described in the article you linked to, or do you use another syslog server on Ubuntu?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels