Adding The X-Forwarded-For Header and Configuring IIS Logging

The X-Forwarded-For (XFF) HTTP header field is a standard method for identifying the originating IP address of a client connecting to a server through the KEMP LoadMaster or any proxy.

The KEMP LoadMaster allows us to give the client's IP address to the destination Real Server by inserting the X-Forwarded-For when L7 is used with non-transparency.

Inserting the X-Forwarded-For header allows the Real Server to log the client source IP address in it's logs.

Adding the X-Forwarded-For using the LoadMaster can be done either as a global setting or as a per-Virtual Service setting. Refer to the relevant section below for steps on how to add the header.

Note: The addition of the X-Forwarded-For header is only available for HTTP and HTTPS traffic with SSL Offloading.

 

Setting The Additional X-Forwarded-For Header Globally

In the main menu of the LoadMaster Web User Interface (WUI), select System Configuration > Miscellaneous Options >  L7 Configuration > Additional L7 HeaderX-Forwarded-For

 

Setting The Additional X-Forwarded-For Header Per Virtual Service

  1. In the main menu of the LoadMaster WUI, select Virtual Services > View/Modify Services.
  2. Click Modify on the relevant Virtual Service.
  3. Expand the Advanced Properties section.
  4. Add HTTP Headers > Select either X-Forwarded-For (No Via) or X-Forwarded-For (+ Via) option 

 

Configuring Custom IIS Logging Fields on Microsoft Server 2012 

In IIS 8.5 and later custom logging fields can be added to record X-Forwarded-For headers to record a client's source IP address when transparency is not being used.

 

Navigate to the site which will use X-Forwarded-For logging and click Logging and Open Feature.

xff--8.png

 

Click the Select Fields... option

xff--9.png

 

Click the Add Field... option.

Configure the fields as indicated below:

Field Name: X-Forwarded-For

Source type: Request Header

Source name: X-Forwarded-For (syntax important)

Click OK twice.

xff--10.png

 

Click Apply in the top right of the logging options page.

xff--11.png

 

Now generate some log traffic by navigating to the Virtual Service and hitting refresh a few times.

Go to the location of the advanced logfiles and open the newly created logfiles.

The default location is C:\inetpub\logs\LogFiles\W3SVC1.

xff--12.png

 

 

Configuring Custom IIS Logging Fields on Microsoft Server 2008 

As a prerequisite Advanced Logging must be downloaded and installed on each of the IIS servers. Here is a link to the Advanced Logging Download:

https://www.microsoft.com/en-us/download/details.aspx?id=7211

By default, IIS Advanced Logging is disabled after install. To enable the feature open it at the server level in IIS Manager, and then in the Actions pane, click Enable Advanced Logging.

After installing the Advanced Logging Feature, go to the IIS Manager and navigate to the appropriate website, select Advanced Logging and Open Feature.

xff--1.png

 

Click Edit Logging Fields and Add Field

Configure the fields as indicated below:

Field ID, a friendly name

Category: Default

Source type: Request Header

Source name: X-Forwarded-For (syntax important)

xff--2.png

 

Then click Add Log Definition in the Actions pane.xff--3.png

 

Assign a name to Base file name.

Click Select Fields.

Select the new rule from the list.

Click OK and Apply in the Action pane. Click Return to Advanced Logging. The new rule is listed.xff--4.png

 

KEMP recommends changing the Required field to Yes.

xff--5.png

 

xff--6.png

 

Now generate some log traffic by navigating to the Virtual Service and hitting refresh a few times.

Go to the location of the advanced logfiles and open the newly created logfiles.

The default location is C:\inetpubs\logs\AdvancedLogs\DEFAULT WEB SITE.

xff--7.png

 

Was this article helpful?

0 out of 0 found this helpful

Comments