• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Logging client ip in IIS

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Logging client ip in IIS Page: [1]
Login
Message << Older Topic   Newer Topic >>
Logging client ip in IIS - 14.May2007 3:25:11 PM   
haksolli

 

Posts: 2
Joined: 14.May2007
Status: offline
Hello,
After installing ISA2006 we can't find a way to log client ip in IIS6.0 (we need this to count unique visitors). In ISA2004 we used Web Publishing rule and everything worked fine, but in ISA2006 we use Access Rule, since we are hosting multiple websites and there will be to much administration creating one rule per site (this is how we understand ISA2006 works). Now the only ip-address showing is the ISA-server ip.

Ideas anyone?

Thanks!
Post #: 1
RE: Logging client ip in IIS - 14.May2007 6:11:57 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Do you realise how much security you lose by using access rules as opposed to web publishing?

Your ISA server is now doing little more than any other network level firewall!

I would look at going back to web publishing rules and using the option to keep the original source IP address as opposed to using ISA's address.

Why do you think web publishing has changed so much from 2k4 to 2k6 to need more rules?

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to haksolli)
Post #: 2
RE: Logging client ip in IIS - 16.May2007 6:56:02 PM   
haksolli

 

Posts: 2
Joined: 14.May2007
Status: offline
Thanks Jason, I think you are absolutly right about this.

Still I can't seem to get this right. We have configured the server as a Edge Firewall, maybe it should be set up as a 3-leg perimeter? I have also tried creating the publishing rule in different ways, using ip and fqdn. Still the connection is denied by the default rule. I can however open the webpage from the isa-server using fqdn, so the solution should be within the isa-configuration.

Hakon

(in reply to Jason Jones)
Post #: 3
RE: Logging client ip in IIS - 21.May2007 3:24:39 AM   
Qaiser

 

Posts: 4
Joined: 2.Jun.2005
From: karachi
Status: offline
Same is the case with me. i have published websites thorugh web publishing rule in ISA, in the "TO" tab of webpublishing rule when i try to check "request appears to come from the original client" option the website is inaccessible from the internet but when i choose "Requests appreas to come from ISA server" the website is accessible from the internet. as a note, my website is SSL based. i am really clueless why does this happens. if any one of you have any suggestions please post.

(in reply to haksolli)
Post #: 4
RE: Logging client ip in IIS - 22.May2007 6:04:53 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Is the published web server an ISA SecureNAT client? e,g, does the web server have a default gateway that returns Internet traffic via ISA?

I would suspect this is your problem and you have a default gateway that is not ISA, so ISA only sees half of the conversation...

A topology diagram would be handy to confirm this?

Cheers

JJ



_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to Qaiser)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Logging client ip in IIS Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts