Forum Discussion
NimbostratusHow to Log Client IP in IIS logs other than x-forward-for?
I have web services that are setup as Passthrough on F5. I am trying to find a way to log client source ip in IIS logs. x-forward-for don't seem to work in Passthrough setup. Is there any other way to capture client source IP other than x-forward-for?
All our web services are Kerberos encrypted at the source sent over http. That's the reason there are setup as passthrough.
Simon_BlakelyEmployee
What do you mean by Passthrough - do you mean a standard virtual server performing SNAT with no client or server SSL profile?
If so, then you might be able to use
Implementing Proxy SSL on a Single BIG-IP System
to insert the x-forwarded-for header while allowing the client and server to directly authenticate.However, this does depend on whether the negotiated TLS cipher is an RSA cipher.
Otherwise, there is nothing you can do without disabling SNAT on the virtual and routing all the server responses back via the LTM, or using a FastL4 virtual with loose-initiation/loose close and Direct Server Return/nPath routing.
Only1masterbla1Cirrus
Other than design change where you don't need to use SNAT, there isn't any other solution.
Omar_69447The web service runs over http for internal requests and over SSL for external. x-forwarded-for is not working for http traffic as well.
- Simon_Blakely
Then you need to be more specific about your configuration and the problem you are having.
Is the x-forwarded-for header being applied by the LTM?
Is IIS configured to use X-Forwarded-For?
Can you post your Virtual Server config and HTTP profile configuration?
tmsh list ltm virtualtmsh list ltm profile http