Unable to determine client IP - please help!

Question

Hi Folks,
&nbsp;   we're using an F5 BIG-IP to load balance our windows IIS servers. We host our sites at some hosting company. Everything seems to be working fine. &nbsp;
&nbsp;When i check the LOG FILE, every ip address of the client (requesting data from the IIS server) is an IP address from (i'm guessing) within the hosting company : 64.151.105.* I know this is not the real client IP because i created a support ticket a while back and they somehow created an extra custom x-header (HTTP_RLNCLIENTIPADDR) with the real ip of the request (which i've confirmed is correct with various IP's on public machines, when i dump the request information to the web page).&nbsp;
&nbsp;So ... without knowing the exact version the BIG-IP hardware machine we are using is ...&nbsp;
&nbsp;** Is it possible to replace the client-ip value with the user's real one? If so, is there a help doc that can explain this please?&nbsp;
&nbsp;this way, our IIS logs will report the REAL client IP for accurate analysis.&nbsp;
&nbsp;thank you kindly.&nbsp;
&nbsp;-PK-

hooleylist · Answer

Hello there,&nbsp;
&nbsp;If you can't change the default gateway on the IIS servers to the self IP of the BIG-IP, you can configure the BIG-IP to insert the original client IP address in a custom HTTP header named X-Forwarded-For.  Joe Pruitt wrote an ISAPI DLL you can install on your IIS servers to log the custom header in the IIS logs.  Here are some related posts:&nbsp;&nbsp;&nbsp;
&nbsp;SOL4816: Using the X-Forwarded-For HTTP header to preserve the original client IP address for traffic being translated by a SNAT&nbsp;Click here&nbsp;
&nbsp;IIS ISAPI DLL to log x-forwarded-for&nbsp;Click here&nbsp;
&nbsp;Aaron&nbsp;

hooleylist · Answer

Based on a read through of other users and Joe's comments (Click here), it looks like the DLL will replace the value of the C-IP field in the IIS logs with the parsed value of the X-Forwarded-For header.  I believe he parses out internal IP addresses and writes the remaining IPs in a comma plus (1.1.1.1, +2.2.2.2) separated list.  So if the BIG-IP is configured to insert the X-Forwarded-For header and you enable this DLL on your web server(s), you should see in the C-IP field, what the BIG-IP got as the source IP of the TCP packet it received.&nbsp;
&nbsp;A self IP address is an address the BIG-IP uses to source requests as well as receive them as a gateway.  Take a look at the Network &amp; System Mgmt Guide for details (Click here).&nbsp;
&nbsp;The reason that you are seeing the BIG-IP address in the IIS logs is that you either have SNAT enabled on the virtual server or you have a default SNAT defined which matches the requests to the IIS servers.  Typically the reason you would have a SNAT enabled is because the web servers do not have their default gateway set to the BIG-IP.  Enabling SNAT in this scenario forces the web servers to respond back to the BIG-IP and ensures symmetric routing.  I was suggesting that if you were able to set the default gateway of the web servers to the BIG-IP's floating self IP address (or static self IP if you have a standalone unit), you could avoid the need to translate the source address of requests to the web servers.&nbsp;
&nbsp;Aaron

Forum Discussion

Unable to determine client IP - please help!

2 Replies

Recent Discussions

ASM - Parent policy vs OWASPcompliance

Rewrite uri translation not working

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

APM OCSP Responder Issues

no available managed rule groups for Israel il-central-1

Related Content

Unable to access GUI

Unable to define WSS client certificate in F5-ASM

iRule based RADIUS Client Stack

unable create service case in my.f5.com

Using BIG-IQ to Determine Differences Between Advanced WAF Policies