Forwarded For is the de facto standard for identifying the originating IP address of a client connecting to a web server through Layer- 7 load balancers and proxy servers.
Forwarded-For Output
|
Option
|
Description
|
|
Off
|
ADC does not alter the Forwarded-For header.
|
|
Add Address and Port
|
This choice will append the IP address and port, of the device or client connected to the ADC, to the Forwarded-For header.
|
|
Add Address
|
This choice will append the IP address, of the device or client connected to the ADC, to the Forwarded-For header.
|
|
Replace Address and Port
|
This choice will replace the value of the Forwarded-For header with the IP address and port of the device or client connected to the ADC.
|
|
Replace Address
|
This choice will replace the value of the Forwarded-For header with the IP address of the device or client connected to ADC.
|
Forwarded-For Header
This field allows you to specify the name given to the Forwarded-For header. Typically, this is “X-Forwarded-For” but may be changed for some environments.
Advanced Logging for IIS – Custom Logging
You can obtain the X-Forwarded-For information by installing the IIS Advanced logging 64-bit app. Once downloaded, create a Custom Logging Field called X-Forwarded-For with the settings below.
Select Default from the Source Type list from the Category list, select Request Header In the Source Name box, and type X-Forwarded-For.
HTTP://www.iis.net/learn/extensions/advanced-logging-module/advanced-logging-for-iis-custom-logging
Apache HTTPd.conf changes
You will want to make several changes to the default format to log the X-Forwarded-For client IP address or the actual client IP address if the X-Forwarded-For header does not exist.
Those changes are below:
|
Type
|
Value
|
|
LogFormat:
|
“%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” combined
|
|
LogFormat:
|
“%{X-Forwarded-For}i %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” proxy SetEnvIf X- Forwarded-For “^.*\..*\..*\..*” forwarded
|
|
CustomLog:
|
“logs/access_log” combined env=!forwarded
|
|
CustomLog:
|
“logs/access_log” proxy env=forwarded
|
This format takes advantage of Apache’s built-in support for conditional logging based upon environmental variables.
Line 1 is the standard combined log formatted string from the default.
Line 2 replaces the %h (remote host) field with the value(s) pulled from the X-Forwarded-For header and set the name of this log file pattern to “proxy”.
Line 3 is a setting for the environment variable “forwarded” that contains a loose regular expression matching an IP address, which is ok in this case since we care more whether an IP address exists in the X-Forwarded-For header.
Also, line 3 could be read as: “If there is an X-Forwarded-For value, use it.”
Lines 4 and 5 tell Apache which log pattern to use. If an X-Forwarded-For value exists, use the “proxy” pattern, else use the “combined” pattern for the request. For readability, lines 4 and 5 do not take advantage of Apache’s rotate logs (piped) logging feature, but we assume that almost everyone uses it.
These changes will result in logging an IP address for every request.
