cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Adding a X-Forwarded-For (XFF) header

Highlighted
Conversationalist

Adding a X-Forwarded-For (XFF) header

I have a MX100 with two WAN connections.  Is there any way to add a XFF HTTP request header to outgoing traffic?  We've had a number of instances of Wikipedia vandalism from within our campus network (students experimenting, mostly) and Wikipedia attributes these edits to our shared public IP addresses, using the XFF header is one way Wikipedia recommends dealing with this.  I haven't found a way to configure the MX100 to append this header.  Any ideas?

3 REPLIES 3
Highlighted
Kind of a big deal

Re: Adding a X-Forwarded-For (XFF) header

No.

 

I would configure a syslog server and record all the flows.  Then when an incident happens examine who was talking to Wikipedia at the time.

https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Syslog_Server_Overv... 

 

If you are not using authenticated WiFi - considering changing to it.  Hopefully, users will do less dumb things if they know they are being tracked by their login.  Also, the login name will be written out to syslog to make it easier to identify who is doing it.

Highlighted
Kind of a big deal

Re: Adding a X-Forwarded-For (XFF) header

ps. I recommend a simple free Ubuntu server for syslog.

Highlighted
Conversationalist

Re: Adding a X-Forwarded-For (XFF) header

Thanks for these recommendations!  I had dabbled with syslog (Kiwi) quite a while ago, but didn't have time to dive into it and was a bit overwhelmed at the volume of data it generated.  Do you use syslog-ng as described in the article you linked to, or do you use another syslog server on Ubuntu?

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.