x-forwarded-for (Full Version)

All Forums >> [ISA 2006 Misc.] >> 3rd Party Add-ons


kbloke -> x-forwarded-for (24.Mar.2011 8:41:24 PM)

Hi All,

We have an issue now which we are thinking of removing the NLB on our ISA boxes and use our F5 as the Load balancer. The problem is we would still like the ISA to log the ip address of the client instead of the F5. We are currently looking into this filter for x-forwarded-for for ISA 2006. Is there any free add on for this ? Thanks.

kbloke -> RE: x-forwarded-for (25.Mar.2011 3:26:13 AM)


I found this product http://www.winfrasoft.com/x-forwarded-for.htm. But is something which I need to buy. Just wondering anyone tested this product before? From what I read is able to log the client ip on the isalogs but is unable to use the client ip on the firewall rule. Is that true?

stevenhope -> RE: x-forwarded-for (26.Mar.2011 10:38:21 AM)

Hi kbloke

XFF4ISA will certainly do the logging job for you. Its used by large oil companies, ISPs and auditors all over the world to solve this very problem.

You are correct in your assessment that the firewall rules will not take into account the XFF header. The product works on the web proxy layer and not the firewall layer. It would be dangerous to may it work this way as XFF headers can be spoofed easily when they are from an untrusted source.

We also have a version of the product for TMG and IIS. Our IIS product includes 64bit support and IP trust lists to strengthen the security of web server logs - this isn't available in the F5 free filter.

Hope this helps.

Page: [1]