We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Logging Actual Client IP Address In the IIS 7 and IIS 7.5 Server

  • Last updated on

When the Barracuda Web Application Firewall is configured in Proxy mode, it uses the LAN/WAN IP address to communicate with the back-end server. Hence, the back-end server will not see the actual client IP address coming from clients. By default, the Barracuda Web Application Firewall forwards the client IP address as the header X-Forwarded-For.

To log the actual client IP address instead of the WAN IP address (in case of One-Arm Proxy), or LAN IP address (in case of Two-Arm Proxy) of the Barracuda Web Application Firewall in the IIS logs, do the following:

  1. Download and Install the Microsoft Advanced Logging extension on the IIS 7.5 server to log the client IP address in IIS 7.5. Alternatively, download the 64bit MSI Package.
  2. After installation, open IIS Manager, select the server root and then Advanced Logging.

    Select the individual website if you wish to enable and configure advanced logging options at the site level instead of server level.


    Step_1_Open_IIS_Manager.png

  3. Click Enable Advanced Logging under Actions.

    Step_2_Enable_Advanced_Logging.png

  4. Click Edit Logging Fields under Actions.

    Step_3_Edit_Logging_Fields.png

  5. On the Edit Logging Fields window, click Add Field and then enter the details as shown in the image below in the Add Logging Field window.

    Step_4_Adding_Logging_Field.png

    The Source name should be same as the value specified in Header for Client IP Address on the BASIC > Services page. This is applicable ONLY if the upstream device is adding a header containing client IP address. If not, it should be X-Forwarded-For that is been set in the WEBSITES > Website Translation page.

  6. Click OK, and then scroll down and verify that the new Logging Field is listed.

    Step_5_Verify_the_New_Logging_Field.png

  7. Click Add Log Definition under Actions.

    Step_6_Click_Add_Log_Definition.png

  8. On the Log Definition window, enter the Base file name and click Select Fields.

    Step_7_Log_Definition.png

  9. On the Select Logging Fields window, select the Client IP Header logging field created in step 6 and click OK.

    Step_8_Select_Client_IP_Header_Field.png

  10. Click Apply and then click Return to Advanced Logging under Actions.
  11. Now, the Client IP Header log definition will be listed on the Advanced Logging window. Select Client IP Header, right click and then select View Log Files.

    Step_9_View_Logs.png
  12. The advanced logs should be available in the default location or the location you specified.

    Step_10_Advanced_Logs.png

  13. Open the log file and view the Client IP address logging.

    Step_11_Open_the_log_file..png

  14. If you want to log additional fields, add the required logging fields as mentioned in step 8 and then repeat the steps from 9 to 13.

    Step_12_Multiple_Logging_Fields.png

    Step_13_Log_File_with_Multiple_Fields.png

To log the actual client IP address in IIS 8.5, follow the steps listed in Microsoft’s Enhanced Logging for IIS 8.5 article.

Last updated on