Load balancer External IP in IIS logs and in .net code

0

Hello,

I have 2 KEMP VLM1000's which run in HA mode. I'm load balancing some IIS 7.5 web servers, but I have 2 major issues.

1) The EXTERNAL client IP address is NOT getting logged in the IIS logfiles. It's the IP of the KEMP VS that's getting logged.

2) In code (asp.net), we need (realtime) to get the EXTERNAL client IP address, because we do some security stuff. It's the IP of the KEMP VS which we get via Request.ServerVariables("REMOTE_HOST")

Could you please give some detailed instructions on how we can fix these 2 issues? Perhaps you could include in detail how to "tweak" IIS and maybe also exactly what to do in Request.ServerVariables?

/Regards
a very frustrated KEMP customer!

3 comments

Avatar
James Rago -- K360 Technical Product Manager Official comment

Sorry you're frustrated! Both of these issues sound like you are looking for transparency. When LoadMaster forwards client requests, it can do so in one of two ways, transparently or non-transparently. Transparency preserves the original client IP when forwarding to the real server. Non-transparency NATs the source address to simplify the traffic path. When operating non-transparently, your server logs and application code can display incorrect information.
By default, LoadMaster uses non-transparent mode as it will work without configuration changes on the server. In order for transparency to work correctly, the default gateway of the real server must be set to LoadMaster's interface. This ensures that traffic follows the same path to and from the real server.
With transparency enabled, the IIS log files will show the external client IP address. Additionally, the ASP code should also be able to access the true client IP address using Request.ServerVariables("REMOTE_HOST"). All you need is to set the default gateway to LoadMaster's IP address.
If changing the default gateway is not an option due to other requirements, there is another way to accomplish this by inserting an HTTP header. LoadMaster can insert either the X-ClientSide or X-Forwarded-For header which contains the original source IP. With this, you can install an ISAPI X-Forwarded-For module which will allow your IIS logs to record the original client IP, rather than the one which is received. Additionally, your ASP code can be modified to look for X-Forwarded-For instead of the REMOTE_HOST.
I hope this information helps get you on the right track, write back and let us know if the above solved the problem.

Avatar
0
John Smith

I'm on the right track now. We're running non-transparent, and I'm catching the x-forwarded-for in code.
Thanks for helping out

Avatar
0
James Rago -- K360 Technical Product Manager

Excellent, glad to hear it!