All well and good, but how exactly do we get IIS to log that XFF value to the c-ip field?įirst, why would you want to? That’s easy enough to answer: if all you’re logging in c-ip is the IP address of your load balancer or proxy, it makes it harder to distinguish between requests from different clients, which can impact troubleshooting, reporting, or even forensic analysis of the logs should any penetration attempts occur. These days, most load balancers (and proxy servers) should have the ability to preserve the original client IP in an optional header: X-Forwarded-For. If you’re using load balancing with IIS (who isn’t these days?), then you’ve probably seen that by default, the load balancer’s IP address is generally what’s logged as the client IP in the c-ip field in your IIS logs. I’ve seen questions around logging the real client IP in the IIS logs come up a handful of times in the past few weeks, so I figured I’d try and tackle that here.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |