Log the domain used for virtual web servers in WAF
Currently, Web Server Protection logs only note the first listed domain to identify which virtual web server was used by the client.
• server: first domain name of the virtual server serving the request
Since there can be a number of domains used by the same virtual web server, it would be much more useful to log the actual domain requested in the host header. As different domains can be used for different environments, this would provide much better analytics on how the virtual web server is being used.