The Barracuda Web Application Firewall, when configured in proxy mode, will by default use its LAN/WAN IP Address to talk to the back-end server, and therefore the back-end server will not see the actual client IP coming from clients.
In order to log the actual client IP in IIS7/7.5, please proceed with the following steps:
- We can install the "Advanced Logging" extension for IIS 7.5 (from Microsoft) to log the client ip in IIS 7.5.
- Please download and install this IIS extension from:
- http://www.microsoft.com/web/gallery/install.aspx?appsxml=&appid=AdvancedLogging%3bAdvancedLogging using the web platform installer.
- Alternately, the 64bit MSI package can be downloaded from: http://go.microsoft.com/?linkid=9689843
- Note: You can select the individual site for enabling and configuring advanced logging options at the site level instead of at the server level.
- The default Client IP field uses the TCP client IP address to log the IP address in the log files.
- You can delete it and create a custom field by clicking on "Add Field".
#Software: IIS Advanced Logging Module
#Start-Date: 2011-12-15 14:50:56.261
#Fields: date time cs-uri-stem cs-uri-query s-contentpath sc-status s-computername cs(Referer) sc-win32-status sc-bytes cs-bytes X-Forwarded-For
2011-12-15 14:50:55.949 / - "C:\inetpub\wwwroot" 401 "CAS2" - -2147024891 1554 556 "10.11.29.138"
Link to this page: