Monday, May 13, 2013

Using the X-Forwarded-For HTTP Module For IIS7

Are you having problems with logging client IP addresses in server logs because your web servers are using proxies or load balancing? This is a common issue with proxies and fortunately there is a solution. The standard for forwarding client information is the HTTP X-Forwarded-For header, which is handled by most proxies.

What is X-Forwarded-For?

The "X-Forwarded-For" HTTP request header is used to allow a proxy server or load balancer to inject the true originating IP address of a client connection into the HTTP request allowing the application server to know the caller's true identity.

The Solution

The version 7.0 release of IIS (Windows Server 2008) introduced the ability to integrate HTTP modules. In comparison to classic ISAPI filters http modules are much more flexible and much easier to integrate with IIS. Joe Pruitt at F5 DevCentral developed a module for IIS7 that extracts the X-Forwarded-For header value and replaces the CIP value (client IP address) that is stored in the server logs.

How to Setup the Module

  1. Download the X-Forwarded-For HTTP Module binaries at F5 DevCentral and unpack the archive into the local file system of the web server.
  2. Create a new sub folder in the file system root (e.g. HttpModules) and add two additional sub folders for x86 and x64. Now copy the .DLL library and the ini.bak file from the unpacked folders into the appropriate folders. Remove the .bak file ending.
    *Implement both the x64 version and x86 version of the module. Otherwise, 32-bit applications may crash.

  3. Edit the .ini file to configure the individual http header variable which will contain then IP address of the client and therefore serve as the source for the c-ip value in the IIS log file. In this example X-Cluster-Client-Ip.
  4. Open the IIS MMC and select the web server node from the configuration tree. Open the Modules settings page.
  5. Select Configure Native Modules in the Action Pane.
  6. Click Register and select the file path to the x86 DLL and name the module configuration accordingly. Repeat this step for the x64 version of the DLL.
  7. Click OK to apply the new module configuration. Sometimes a restart of W3SVC service is required.
  8. After successful installation the IP address will be stored in the CIP column of the IIS log file.