traffic coming over APM XforwardedIP not being recorded by IIS

Question

Environment : &nbsp;
IIS windows host : Windows 2008R2 serverf5 : 12.1 Basic virtual server : http only - one server in the pool
Handling a strange issue. virtual server has x-forwarding http profile turned on. It records all x-forwarded IPs expect for the traffic originating from VPN clients who are getting i.e. 192.168.10.0 IP range. &nbsp;
Capture on the windows host clearly suggests that X-forwarded stamp is being passed through but IIS logs doesnt have any reference. IIS logs only records the selfIP of the f5 and not X-forwarded stamp. IIS logs configs are set to capture everything. &nbsp;
I tried installing f5 recommended isapi filter - no effect. &nbsp;
Any pointers will be appreciated. &nbsp;

kai_wilke · Answer

Hi Jim,
IIS has a very poor support for X-Forwarded-For headers... 😞
I usually tend to write the original client IP into an additional cookie (via HTTP::cookie insert name "OrigIP" value [IP::client_addr] ) and collect those information by turning on IIS cookie logging. Its much easier, doesn require any bits'n'bytes on your servers and may already satisfy your needs... 😉
If you're still looking for a native X-Forwarded-For support, then take a look to the following blog site. The site outlines and compares different techniques which are more or less supported/maintained by Microsoft or F5. 
https://blogs.iis.net/deanc/iis7-8-logging-the-real-client-ip-in-the-iis-hit-logs
Cheers, Kai

Forum Discussion

traffic coming over APM XforwardedIP not being recorded by IIS

1 Reply

Recent Discussions

Unwinding the Benefits of Investing in White Label Crypto Wallet

SMTP profile not visible & showing

About AWAF "Redirect URLs" in "Responses and Blocks"

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

Related Content

Persistence records point to 127.0.0.1:10001

fellow traffic

Enabling DNSSEC for 1 record only

Managing ZoneRunner Resource Records with Bigsuds

Block traffic