We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

How do I Log Actual Client IP Address in WAF access logs, when Barracuda Web Application Firewall is Deployed Behind a Proxy?

  • Type: Knowledgebase
  • Date changed: 7 years ago
Solution #00006081


Scope:
All Barracuda Web Application Firewalls, 7.6 firmware and above

Answer: 
If the Barracuda Web Application Firewall is deployed behind a Proxy server all requests have their client IP address as the address of the Proxy server which is logged as the Client IP on the Basic > Access Logs page. To log the actual client IP address, we need to specify the header name appended by the Proxy server which contains the actual client IP address in the 'Header for Client IP Address' field in the Basic > Services page. 


Steps To Configure the Header Name:


Edit the Service from the Basic > Services page.
Scroll down to the Basic Security section and specify the header name in the 'Header for Client IP Address' field. The standard headers used to store the actual client IP address are:


X-Forwarded-For
X-Client-IP

Specify values for other fields as required and click Save Changes.

Note: If the Proxy is appending a custom header then specify that header in the 'Header for Client IP Address' field.

When a request is received the Barracuda Web Application Firewall gets the actual client IP address from the specified header and displays it in the Client IP field of the Access Logs.

Example:
If the client IP addresses are 174.15.230.2 and 174.15.230.3 and the proxy IP address is 174.15.230.254. When the client sends a request the proxy receives the request and stores the IP address of the client in the X-Forwarded-For or X-Client-IP header and forwards the request to the Barracuda Web Application Firewall. 
The Barracuda Web Application Firewall extracts the client IP address from the specified header and displays it in the Access Logs.


Link to This Page: 
https://campus.barracuda.com/solution/50160000000IxcdAAC