IIS X-Forward-For ISAPI Filter
Published Sep 23, 2005
Version 1.0Was this article helpful?
Currently the code does a straight replacement IF the X-Forwarded-For header exists.
I guess I'm not clear on why internal networks are different than external ones. In your case doesn't the internal proxy add the X-Forwarded-For header with the true client address? If so, then this filter will replace the address.
The real problem is that the proxy is hiding the original source address and throwing in it's own. So there is no way for the filter to know what the true address is unless the proxy is passing it through directly. In which case you don't need the X-Forwarded-For header. Am I missing something?
I'd be glad to make modifications to the filter if it makes sense to a wide audience. The C++ code is very simple...
-Joe