Documentation

 

 

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
borderColor#145570
bgColorwhite
titleColorwhite
titleBGColor#145570
borderStylesolid
titleConfiguration Steps to Add X-Forwarded-For (XFF) HTTP Header to IIS Logs

These instructions explain how to add the X-Forwarded-For (XFF) HTTP header to the IIS logs of a SecureAuth IdP Appliance

UI Text Box
typeinfo

Before following the instructions below, ensure the load balancer is configured to pass the X-Forwarded-For (XFF) HTTP header to the SecureAuth IdP Appliances

Section
Column
width50%

Column
width50%


 

1. From the Start screen, click Control Panel

2. Click System and Security and then Administrative Tools

3. On the Administrative Tools window, double-click Internet Information Services (IIS) Manager

4. On the connections pane, select Default Web Site and double-click Logging on the Default Web Site Home pane

Panel
borderColor#126591
bgColorwhite
titleColorwhite
titleBGColor#126591
titleLogging
Section
Column
width50%

Column
width50%


 

5. On the Logging pane, click Select Fields...

Panel
borderColor#3e7fa0
bgColorwhite
titleColorwhite
titleBGColor#3e7fa0
titleW3C Logging Fields
Section
Column
width50%

Column
width50%


 

6. On the W3C Logging Fields dialog, click Add Field...

Section
Column
width50%

Column
width50%


 

7. On the Add Custom Field dialog, set the Log Field name value to XFF

8. Set the Source Type value to Request Header

9. Set the Source value to X-FORWARDED-FOR

10. Click OK and then OK again to dismiss the custom field dialog

Section
Column
width50%

Column
width50%


 

11. On the Actions pane in the upper right of the screen, click Apply to confirm the changes

UI Text Box
typeinfo

The log files now show "_x" appended at the end of the filename (e.g. u_ex161115_x) which indicates a custom field has been added to the log file format

Panel
borderColor#145570
bgColorwhite
titleColorwhite
titleBGColor#145570
titleConfiguration Steps for URL Rewrite to Use X-Forwarded-For (XFF) HTTP Header in Load Balanced Environment

These instructions explain how to configure a URL Rewrite rule to use the X-Forwarded-For (XFF) HTTP header in a load balanced environment

The most common use case for the URL Rewrite in a SecureAuth IdP workflow is to route users between an internal and external realm based on IP

Panel
borderColor#126591
bgColorwhite
titleColorwhite
titleBGColor#126591
titleEdit Inbound Rule
Section
Column
width50%

Column
width50%


 

1. In the IIS window, select the SecureAuth IdP realm from the tree view pane

2. On the target pane, double-click the URL Rewrite icon

Panel
borderColor#3e7fa0
bgColorwhite
titleColorwhite
titleBGColor#3e7fa0
titleURL Rewrite - Edit Inbound Rule
Section
Column
width50%

Column
width50%


 

3. On the Edit Inbound Rule panel, in the Conditions section, note the defined conditions

Normally, the execution of URL Rewrite requires defining a condition with pattern matching and the REMOTE_ADDR Condition Input

However, in a Load Balanced environment, the REMOTE_ADDR is always the IP of the load balancer, so this rule does not execute as expected

Section
Column
width50%

Column
width50%


 

4. To resolve this issue, change the Condition Input of the rule from REMOTE_ADDR to HTTP_X_Forwarded_For

This edit instructs the URL Rewrite module to use the requesting client's IP in the X-Forwarded-For (XFF) HTTP header instead of the load balancer's IP

The rule should then behave as expected

...

Panel
borderColor#145570
bgColorwhite
titleColorwhite
titleBGColor#145570
titleRelated Topics