X-Forwarded-For Log Filter for Windows Servers

For those that don't know what X-Forwarded-For is, then you might as well close your browser because this post likely will mean nothing to you… A Little Background Now, if you are still reading...
Published Aug 19, 2009
Version 1.0
application
applications
BIG-IP
hardware
infrastructure
management
microsoft
monitoring
partner
proxy
Joe_Pruitt's avatar
Joe_Pruitt
Jun 17, 2010
Shawn, the filter doesn't modify any inbound variables. On the inbound stream in IIS before it get's to the web application, it stores the value contained in the "X-Forwarded-For" HTTP header value (if it exists). Then after the server responds and IIS is about to add an entry into the IIS HTTP Logs, it replaces the value of the internal "c-ip" value (client ip) with the value contained in the X-Forwarded-For header. the REMOTE_ADDR server variable isn't a HTTP header, it's a value IIS sets based on the clients address that established the connection (in this case the LTM). As far as I know, the REMOTE_ADDR server variable is read-only from the context of a filter.

 

 

If you are flowing through a BIG-IP, then you can always write an iRule that creates a custom HTTP header containing the value of the client's address on the virtual but it won't replace the REMOTE_ADDR variable because, as I said, that isn't a HTTP header, just a server variable inside of IIS.

 

 

Hope this helps...

 

 

-Joe