IIS X-Forward-For ISAPI Filter

A recent customer issue came up where they were load balancing servers but we unable to get the true client address logged in their IIS logs. They had their servers fronted by a BIG-IP and wh...
Published Sep 23, 2005
Version 1.0
application delivery
BIG-IP
iis
isapi
Joe_Pruitt's avatar
Joe_Pruitt
Oct 19, 2005
John,

 

 

Currently the code does a straight replacement IF the X-Forwarded-For header exists.

 

 

I guess I'm not clear on why internal networks are different than external ones. In your case doesn't the internal proxy add the X-Forwarded-For header with the true client address? If so, then this filter will replace the address.

 

 

The real problem is that the proxy is hiding the original source address and throwing in it's own. So there is no way for the filter to know what the true address is unless the proxy is passing it through directly. In which case you don't need the X-Forwarded-For header. Am I missing something?

 

 

I'd be glad to make modifications to the filter if it makes sense to a wide audience. The C++ code is very simple...

 

 

-Joe