Comparing Different Load Balancers? Get our free guide
  • Support
  • Blog
  • +1 866 998 0508
The latest insights from the load balancing experts | Loadbalancer.org
  • Solutions
  • Services
  • Products
  • Resources
  • Get Started
  • Support
  • Blog
Buy Now
  • Solutions
  • Services
  • Products
  • Resources
  • Get Started
  • call
  • contact

The latest insights from the load balancing experts | Loadbalancer.org

  • Latest posts
  • By topic
    • How Tos
    • Events
    • Guest Blogs
    • Top Ten Blogs
    • HA Proxy
  • By sector
    • Healthcare
    • Storage
    • Security
    • Print
    • Microsoft
  • How-To's
  • High Availability
  • HAProxy
  • Just for Fun
  • Security
  • Amazon AWS
  • News
  • Events
  • Linux
  • Healthcare
  • Top 10 Blogs
  • Reviews and Comparisons
  • SSL
  • Microsoft Azure
  • Web Application Firewall (WAF)
  • Case Studies
  • Microsoft Exchange
  • Disaster Recovery
  • Direct Server Return (DSR)
  • Global Server Load Balancing (GSLB)
  • Microsoft
  • Google Cloud Platform (GCP)
  • Print
  • Denial of Service
  • Microsoft Remote Desktop Services
  • Web Filters / Proxy
  • Guest Blogs
  • Object Storage
  • Broadcast Media
  • X-Forwarded-For Header (XFF)
  • VMware
  • Nutanix
  • open source
See more tags

IIS and X-Forwarded-For Header (XFF)

4 February 2011 / 4 min read / X-Forwarded-For Header (XFF)

Although it's not technically a standard, the X-Forwarded-For (XFF) header is incredibly useful if you have any kind of proxy in front of your web servers.

What's the issue?

When you load balance your website at layer 7, it will become non-transparent. This means that the actual client source IP address is replaced by the load balancer's own IP address - and only this address will be recorded in the IIS logs.

One way around this is to insert XFF headers on the load balancer to track the actual client source IP address. IIS can then be reconfigured to make this data available in the logs.

NB. The other options to gain source IP transparency are to configure the load balancer in layer 4 NAT mode, layer 4 DSR mode or Layer 7 with TPROXY enabled.

--> Did you want to learn about XFF on Apache?

The solution - how to modify logging behaviour

The steps required depend on your version of IIS.

IIS 8.5 & later

A custom logging field can be added to record XFF headers.

To enable this feature:

  1. Start IIS Manager, then on the Connections pane on the left, click the appropriate website where you want to enable XFF logging. The Home page is then displayed in the main panel.
  2. From the Home page, double-click Logging.
    1Annotated-1
  3. From the Log File section, click Select Fields.
    2Annotated-1
  4. From the bottom left corner, click Add Field.
    3Annotated-1
  5. In the Add Custom Field window, complete the following:
    4-1
  • in Field Name, type X-Forwarded-For
  • in Source, type X-Forwarded-For
  • leave Source Type set to ‘Request Header’
  • click OK on the Add Custom Field window
  • click OK on the W3C Logging Fields window
  1. From the Actions pane on the right, click Apply to implement the change.
    5Annotated-1
  2. The log files are located by default in the directory %SystemDrive%\inetpub\logs\LogFiles. IIS creates new log files and appends “_x” to the log file names to indicate that they contain custom fields.

UIIS 7 & IIS 7.5

For IIS 7 & 7.5 the Advanced Logging add-on must be installed. This can be downloaded here. Once installed on the IIS server, you'll see an extra option called 'Advanced Logging' in IIS.

To configure and enable Advanced Logging:

  1. Start IIS Manager, then on the Connections pane on the left, click the server, website or directory where you want to configure Advanced Logging. The related Home page is displayed in the main panel.
  2. From the Home page, under IIS, double-click Advanced Logging.
    iis1 - Copy
  3. From the Actions pane on the right, click Enable Advanced Logging.
    iis2-Copy
  4. From the Actions pane on the right, click Edit Logging Fields.
    iis3-Copy
  5. On the Edit Logging Fields window click Add Field, and then complete the following:
    iis4a-Copy
  • in Field ID, type ClientSourceIP
  • in Category, type *Default *
  • in Source type, select Request Header
  • in Source name, type X-Forwarded-For
  • click OK on the Add Logging Field form
  • click OK on the Edit Logging Fields form
  1. From the Actions pane on the right, click Add Log Definition.
    iis5-Copy
  2. Enter Client Source IP in the Base file name field.
    iis6a-Copy
  3. Click Select Fields.
    iis7-Copy
  • Check (enable) the ClientSourceIP field created earlier
  1. Click OK on the Select Logging Fields form, then click Apply in the actions pane.
  2. Click Return To Advanced Logging in the actions pane.
  3. Run iisreset /restart to apply the new settings.
  4. The advanced log must be viewed rather than the default log. The advanced log is located in %SystemDrive%inetpublogsAdvancedLogs. To view the logs, right-click the Client Source IP log definition and click View Log Files.
    iis8-Copy

IIS 6

Unfortunately, the Microsoft solution mentioned above is not available for IIS 6. Luckily there are a number of other solutions - some costing money and others that have been released as open source. One excellent example that we've tested with our products is F5's X-Forwarded-For ISAPI filter. It's available in both in 32- and 64-bit versions.

  1. Download the zipped archive from here and extract to an appropriate folder.
  2. Navigate to the relevant version (32- or 64-bit).
  3. Copy F5XForwardedFor.dll to a suitable location on your server, e.g. C:ISAPIfilters.
  4. Make sure you have ISAPI Filters enabled on your IIS server.
  5. Open IIS Manager, right-click the site and select Properties.
  6. Select the ISAPI Filters tab.
  7. Click add, then in the popup enter a suitable name and select the DLL file stored in step 3.
  8. Restart your website.

Problem solved - for IIS 7 and above, you should see an additional column named X-Forwarded-For which contains the IP addresses of client PC’s. For IIS 6 the IP address of the load balancer should be replaced with the IP address of client PC’s.

Found in

X-Forwarded-For Header (XFF), Top 10 Blogs

About the author

Rob Cooper-profile-image
Rob Cooper

Rob's been with the company since 2010 and helps to maintain the critical link between the Sales, Support and Development departments by providing deployment, testing and documentation skills. He’s also responsible for all Microsoft and VMware approvals and certifications and ensuring ongoing compliance. When not at the Loadbalancer.org offices he enjoys getting out on his boat as well as playing bass guitar.

Read More

Related posts

X-Forwarded-For Header (XFF)
X-Forwarded-For Header (XFF)
12 Dec 2020
NGINX and X-Forwarded-For Header (XFF) Dave Saunders
The X-Forwarded-For Header is a simple yet powerful solution to a very common problem. I'm not sure why, but for some reason it also seems to cause a lot of confusion. NGINX is often deployed

2 min read

Read more
HAProxy
18 Jun 2014
Stunnel X-Forward-For (XFF) with HAProxy and the PROXY Protocol Rob Cooper
When using proxies such as stunnel and HAProxy it's easy to loose track of the client source IP address. This occurs for example when HAProxy is used in it's default configuration to load balance a

3 min read

Read more
X-Forwarded-For Header (XFF)
9 Feb 2011
Apache and X-Forwarded-For Header (XFF) Rob Cooper
It's easier to get Apache to log client IP addresses utilizing X-Forwarded-For Headers than it is using IIS. By default, the logs do not record source IP addresses for clients - but as of Apache

4 min read

Read more

Get started

Get in touch

Start a conversation about the right solution for your business.

Get in touch

Create your quote

Transparent pricing you can see straight away.

Create your quote

Download now

Try us free for 30 days – see why our customers love us.

Download now

Schedule a virtual meeting with us

Working remotely or from home? Let’s meet on a call or online.

Let's meet

Follow Loadbalancer.org

+1 833 274 2566
  • Company
    • Solutions
    • Services
    • Load balancer
    • Why Loadbalancer.org
    • Blog
    • Professional services
    • Sitemap
  • Load balancer
    • Get a quote
    • Free trial
    • Online demo
  • Resources
    • Manuals
    • Deployment guides
    • Applications
    • White papers
    • Case studies
    • Solutions
  • Support
    • FAQ's
    • Open a ticket
    • Security news
  • Applications
    • Healthcare
    • Storage
    • Print
    • Security
    • Microsoft
The latest insights from the load balancing experts | Loadbalancer.org

The latest insights from the load balancing experts | Loadbalancer.org. All rights reserved

  • Contact Us
  • Terms & Conditions
  • Privacy Policy