Est. 2005  ·  Incorporated in the Seychelles ← All legacy products
Home Legacy Products X-Forwarded-For
// End-of-life product

X-Forwarded-For

Used for geolocation services, advanced logging and compliance requirements. X-Forwarded-For tracks a client IP address through a proxy chain to a web server or upstream proxy.

End of life. This product is no longer under active development or technical support. This page is retained for historical reference and for existing customers. For current offerings see what we're building today, or contact us about professional services.

Overview

Winfrasoft X-Forwarded-For added the ability to track and log the source IP address of a client PC through a forward or reverse proxy server chain to the web server. It brought this capability to Microsoft Forefront Threat Management Gateway, ISA Server and IIS — bringing them into line with Squid, Apache, F5 Big-IP, Blue Coat, Cisco Cache Engine and other proxy platforms that supported XFF natively.

This was ideal for log analysis when branch offices connected to the Internet via a head office proxy server, and when the real client IP address was required on a web server for accurate reporting and analysis.

How it worked

IIS Web Server logging: X-Forwarded-For for IIS logged the real client IP address in the IIS c-ip field based on X-Forwarded-For header information. A Proxy Trust List ensured spoofed header information was dropped and only valid IPs were logged. The filter could also be configured to log the entire X-Forwarded-For header together with the layer 4 routed source IP address to record the complete proxy chain.

Forward proxy (outbound from TMG/ISA): The filter added the X-Forwarded-For field to the HTTP header of web requests leaving the proxy server. The new field contained the IP address of the original client PC.

Inbound into TMG/ISA: If the TMG/ISA Server received a proxy request containing the X-Forwarded-For field, the filter logged the XFF IP as the client IP address instead of the IP address of the requesting proxy server. The requesting proxy IP was added to the Filter Information field in the proxy logs.

Security: In forward proxy scenarios without a web chaining rule, the header was not added — preventing internal server IPs being revealed to the Internet. X-Forwarded-For header information originating from outside the organisation should never be trusted as the field is not signed or authenticated; the Proxy Trust List on the IIS server prevented spoofing.

Platform support

X-Forwarded-For supported Microsoft Forefront TMG 2010, ISA Server 2004/2006, and IIS 6 through 8.5.

← Back to all legacy products