Forum Discussion

Nimbostratus

Feb 13, 2018

How to Log Client IP in IIS logs other than x-forward-for?

I have web services that are setup as Passthrough on F5. I am trying to find a way to log client source ip in IIS logs. x-forward-for don't seem to work in Passthrough setup. Is there any other way t...

Employee

Feb 13, 2018

What do you mean by Passthrough - do you mean a standard virtual server performing SNAT with no client or server SSL profile?

If so, then you might be able to use

Implementing Proxy SSL on a Single BIG-IP System

to insert the x-forwarded-for header while allowing the client and server to directly authenticate.

However, this does depend on whether the negotiated TLS cipher is an RSA cipher.

Otherwise, there is nothing you can do without disabling SNAT on the virtual and routing all the server responses back via the LTM, or using a FastL4 virtual with loose-initiation/loose close and Direct Server Return/nPath routing.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

How to Log Client IP in IIS logs other than x-forward-for?

F5 Academies Are Back – And We’re Coming to a City Near You

Introducing the F5 Application Study Tool (AST)

Recent Discussions

Rewrite content in XML schema file.

DNS Request to VS?

Guide for exam 402 F5 Certified Solution Expert

HA pair when both Tenants reside on the same Velos chassis

SMTP SNAT vs iRule header

Related Content

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

X Forwarded For Single Header Insert

X-Forwarded-For on L4 VS

Bypass WAF for X-forwarder IP in XC

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS