How to see the Client's Source IP Address on the Real Server

There are a few options to see the client's IP address on a Real Server. These are listed below.

Transparency

For transparency, two rules must be followed:

  • The clients must be on a different subnet to the Real Server
  • The Real Server’s default gateway must be the LoadMaster’s interface address

For further details on transparency, refer to the following document:
https://support.kemptechnologies.com/hc/en-us/articles/203126369-Transparency

Direct Server Return (DSR)

For DSR the Virtual Service must be running at Layer 4. This can only be used in a one-armed scenario.

For further details on DSR, refer to the following document:
https://support.kemptechnologies.com/hc/en-us/articles/203861685-Configuring-DSR

X-Forward-For header

With the X-forward-for header, the LoadMaster places the client's IP address in a header called “X-Forward-For”.

From a networking point of view, the Real Server sees traffic originating from the LoadMaster but it can read the X-forward-for header to record the client’s IP
Note: This can only be used for HTTP, SSL-offloaded or SSL re-encrypted HTTPS services.

For further details, refer to the following article:
https://support.kemptechnologies.com/hc/en-us/articles/202744899-X-Forwarding-For-and-IIS-logging-for-non-transparent-services 

Edge Security Pack (ESP)

ESP can be setup to record the client’s IP address. This information is never sent to the Real Server but you are able to see which clients made a request to the LoadMaster.

For further details, refer to the following article:
https://support.kemptechnologies.com/hc/en-us/articles/205844396-Log-Virtual-Service-Connections-Using-ESP-without-authentication

Was this article helpful?

0 out of 0 found this helpful

Comments