It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Logging Actual Client IP Address In the IIS 7 and IIS 7.5 Server

  • Last updated on

When the Barracuda Web Application Firewall is configured in Proxy mode, it uses the LAN/WAN IP address to communicate with the backend server. For this reason, the backend server does not see the actual client IP address coming from clients. By default, the Barracuda Web Application Firewall forwards the client IP address as the header X-Forwarded-For.

To log the actual client IP address instead of the WAN IP address (in case of one-arm proxy), or LAN IP address (in case of two-arm proxy) of the Barracuda Web Application Firewall in the IIS logs, do the following:

  1. Download and install the Microsoft Advanced Logging extension on the IIS 7.5 server to log the client IP address in IIS 7.5. Alternatively, download the 64bit MSI Package.
  2. After installation, open IIS Manager, select the server root and then Advanced Logging.

    Select the individual website if you wish to enable and configure advanced logging options at the site level instead of server level.


    Step_1_Open_IIS_Manager.png

  3. Click Enable Advanced Logging under Actions.

    Step_2_Enable_Advanced_Logging.png
  4. Click Edit Logging Fields under Actions.

    Step_3_Edit_Logging_Fields.png

  5. On the Edit Logging Fields window, click Add Field and then enter the details as shown in the image below in the Add Logging Field window.

    Step_4_Adding_Logging_Field.png

    The Source name should be same as the value specified in Header for Client IP Address on the BASIC > Services page. This is applicable only if the upstream device is adding a header containing client IP address. If not, it should be X-Forwarded-For that is been set in the WEBSITES > Website Translation page.

  6. Click OK, and then scroll down and verify that the new Logging Field is listed.

    Step_5_Verify_the_New_Logging_Field.png
  7. Click Add Log Definition under Actions.

    Step_6_Click_Add_Log_Definition.png
  8. On the Log Definition window, enter the Base file name and click Select Fields.

    Step_7_Log_Definition.png
  9. On the Select Logging Fields window, select the Client IP Header logging field created in Step 6 and click OK.

    Step_8_Select_Client_IP_Header_Field.png
  10. Click Apply and then click Return to Advanced Logging under Actions.
  11. Now, the Client IP Header log definition will be listed on the Advanced Logging window. Select Client IP Header, right-click and then select View Log Files.

    Step_9_View_Logs.png
  12. The advanced logs should be available in the default location or the location you specified.

    Step_10_Advanced_Logs.png
  13. Open the log file and view the client IP address logging.

    Step_11_Open_the_log_file..png
  14. To log additional fields, add the required logging fields as mentioned in Step 8 and then repeat Steps 9 to 13.

    Step_12_Multiple_Logging_Fields.png

    Step_13_Log_File_with_Multiple_Fields.png

To log the actual client IP address in IIS 8.5, follow the steps listed in Microsoft article Enhanced Logging for IIS 8.5.