I've got an F5 Big-IP that is mangaged by our hosting provider. It's dedicated to our private VLAN, etc. Works great :)
We requested them to add in an X-Forwarded-For HTTP-Header field. They've done that and we can now access that in the code. Awesome :)
But .. for our IIS logs, it's still the IP of the F5 machine. I think I was told that we need to apply an ISAPI filter (cringe!) to the IIS server(s).
- Can someone confirm this?
- If #1 == yes, is there a file/instructions how to do this for our IIS7 web servers on windows 2008 machines.
I published an ISAPI filter to work with our BIG-IP's and have just updated it with full x86 and x64 support. Check out the blog post I wrote on it a while ago. Just copy the enclosed F5XForwardedFor.dll to your server and reference it in the ISAPI section of your virtual site.
http://devcentral.f5.com/weblogs/joe/archive/2005/09/23/1492.aspx
This is discussed in this thread of the IIS Microsoft Community. It seems there is a helper to do that for IIS (Especifically stated to work with Microsoft ARR but it should work for any reverse proxy or load balancer).
While the question is tagged with iis-7, this is the top hit when searching on X-Forwarded-For so I thought I would go ahead and provide this information for IIS 8.5.
IIS 8.5 and later IIS 8.5 introduced the Enhanced Logging feature that easily allows the administrator to log HTTP request headers such as X-Forwarded-For. This answer is adapted from the linked page.
Open IIS Manager.
Select the site or server in the Connections pane, and then double-click Logging. Note that enhanced logging is available only for site-level logging - if you select the server in the Connections pane, then the Custom Fields section of the W3C Logging Fields dialog is disabled.
In the Format field under Log File, select W3C and then click Select Fields....
In the W3C Logging Fields dialog, click Add Field.... Note that enhanced logging is available only for site-level logging - if you selected the server in the Connections pane, then Add Field... is disabled.
In the Add Custom Field dialog, enter a Field Name such as
c-ip-original
to identify the custom field within the log file. Please note that the field name cannot contain spaces.Select Request Header in the Source Type list.
Enter
X-FORWARDED-FOR
in Source.Click OK.
Click OK.
Click Apply in the Actions pane to apply the new configuration.
Once the custom fields have been configured, IIS will create new text log files with "_x" appended to the file name to indicate that the file contains custom fields.
Note that the total size of data collected from all custom fields cannot exceed 65,536 bytes. If the total exceeds 65,536 bytes, then IIS will truncate the data.