For servers that reside behind load balancers like F5, X-Forwarded-For is used to log actual client IP address in the servers logs. Unlike in Apache, you need to perform additional step in IIS to log client IP address. Otherwise, you won't find it in the IIS logs.
Step 1: Install Custom Logging in IIS 10
Step 2: Configure Custom Logging
- Open IIS Manager
- On server, site or application level, double click “Logging”
- Click “Select Fields“
- In “W3C Logging Fields” window, click “Add Field“
- In the “Add Custom Field” window, fill out the following fields
- Field Name: X-Forwarded-For, Source type: Request Header, Source: X-Forwarded-For
- No such X-Forwarded-For is available, type it manually
- Click “OK” in both open windows
- Click “Apply” in the actions pane
In IIS logs, you will notice the actual client IP-address in X-Forwarded-For column.