• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Client IP address

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Client IP address Page: [1]
Login
Message << Older Topic   Newer Topic >>
Client IP address - 22.Jul.2002 1:57:00 PM   
Guest
We have a webapplication that checks the clients IP address. We have no put it behind an ISA Server and the application does not see the clients ip address anymore, but the internal ip address of the ISA server. Is there a way to make the original Ip adress available again. I saw that also in the IIS serverlog all the requests seem to come from the internal IP address of the isa server.

Thanks for your help
  Post #: 1
RE: Client IP address - 22.Jul.2002 3:17:00 PM   
mboczek

 

Posts: 81
Joined: 13.Jun.2002
From: Corunna, Ontario
Status: offline
Microsoft KBase had an entry on this (can't find the number right now - maybe they were ashamed of it and withdrew it). Their recommendation/workaround was to publish the IIS using server publishing instead of web publishing.

HOWEVER, most experts (here and at www.sans.org) agree that this is NOT a good idea since it opens your IIS to more risk and reduces the filtering options.

eg. A recent post seemed to indicate code red and nimda blocked with entries in the ISA logs, on my system (web published using server publishing) these entries appear in my IIS logs (with thankfully 404 response).

I'm not sure that the benefit of being able to see the remote ip is worth the extra risk!

If you decide to go ahead;
1) disable external listening on port 80.
2) create HTTP server protocol (port 80 inbound)
3) disable web pub rule
4) create/enable server pub rule, point external ip to internal iis server ip.

Has anyone seen KB Q311777 which indicates an sp1 registry change to force forwarding of the external ip. Could it apply in this case?

I think I'm going to get crucified for this one [Embarrassed]

(in reply to Guest)
Post #: 2
RE: Client IP address - 4.Aug.2002 5:18:00 PM   
Jim Harrison

 

Posts: 271
Joined: 5.May2001
From: Redmond, WA
Status: offline
Hi guys,

Q311777 is only for server publishing and produced the same results in the IIS logs as web publishing; client IP = ISA internal IP.

THe other option for server-published web sites is to install URLScan on the IIS server to replace the URL filtering that web publishing offers.

You can get URLScan here:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q307608&

(in reply to Guest)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Client IP address Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts