How to best configure IIS7 logging to capture "HTTP_X_FORWARDED_FOR" header
We have IIS7 servers sitting behind an nginx reverse proxy.
The reverse proxy is sending the standard "HTTP_X_FORWARDED_FOR" header with the visitor IP address, but IIS7 logging is only logging the IP address of the nginx server (which makes sense, but it's not what I want).
How can I tell IIS7 to instead log the "HTTP_X_FORWARDED_FOR" header (or additionally log it)?
(note: I'm a linux admin, not a windows one, so explicit instructions & links are sincerely appreciated)
Solution 1:
This isn't built into IIS, but there is a module you can install that will perform this functionality. It is called ARR helper, but it will work for any proxy in front of IIS:
http://blogs.iis.net/anilr/archive/2009/03/03/client-ip-not-logged-on-content-server-when-using-arr.aspx
Solution 2:
There is now an IIS7 module that will let you log custom headers.
How to: http://learn.iis.net/page.aspx/579/advanced-logging-for-iis-70---custom-logging/
Solution 3:
While the question is tagged with iis-7, this is the top hit when searching on X-Forwarded-For and IIS so I thought I would go ahead and provide this information for IIS 8.5.
IIS 8.5 and later
IIS 8.5 introduced the Enhanced Logging feature that easily allows the administrator to log HTTP request headers such as X-Forwarded-For. This answer is adapted from the linked page.
Open IIS Manager.
Select the site or server in the Connections pane, and then double-click Logging. Note that enhanced logging is available only for site-level logging - if you select the server in the Connections pane, then the Custom Fields section of the W3C Logging Fields dialog is disabled.
In the Format field under Log File, select W3C and then click Select Fields....
In the W3C Logging Fields dialog, click Add Field.... Note that enhanced logging is available only for site-level logging - if you selected the server in the Connections pane, then Add Field... is disabled.
In the Add Custom Field dialog, enter a Field Name such as
c-ip-original
to identify the custom field within the log file. Please note that the field name cannot contain spaces.Select Request Header in the Source Type list.
Enter
X-FORWARDED-FOR
in Source.Click OK.
Click OK.
Click Apply in the Actions pane to apply the new configuration.
Once the custom fields have been configured, IIS will create new text log files with "_x" appended to the file name to indicate that the file contains custom fields.
Note that the total size of data collected from all custom fields cannot exceed 65,536 bytes. If the total exceeds 65,536 bytes, then IIS will truncate the data.