Monday 25 July 2016

Working with the x-forwarded-for header and IIS 7.0 / 7.5

Sadly IIS 7.0 / 7.5 does not provide in-built support for the x-forwarded-for header - which when working with load balancers is a very important element when it comes to obtaining useful logging information.

In order to get x-forwarded-for headers working with IIS we must firstly install the Advanced Logging add-on - which can be obtained here:

Click on the webserver node in the IIS manager and then double click 'Advanced Logging' and finally hit the 'Enable Advanced Logging' link in the left hand pane.

** NOTE: As far as I am aware you must create / define all logging fields from the 'Advanced Logging' feature on the Server node (not the website / web application node) you wish to enable the logging for and double click 'Advanced Logging' under the IIS section.

From the right-hand navigation pane select 'Edit Logging Fields' then hit 'Add Field' and enter as follows:

Field ID = ClientSourceIP
Category = Default
Source Type = Request Header
Source Name = X-Forwarded-For

Then click 'OK' on the 'Add Logging Field' dialog and the 'Edit source fields' dialog.

Now on the main view right-hand click on the '%COMPUTERNAME%' item and select the 'Edit log definition.'

Then under the 'Selected fields' section click 'Select fields...' and ensure 'ClientSourceIP' is ticked.

Hit apply and then reset the server with iisreset.

Generate some traffic and you should now find the logs being generated in:



Post a Comment