Load Balancer HTTP X-Fer Forward Headers

From GoGrid

The F5 X-fer Forward feature allows all users of GoGrid's free F5 load balancing service to obtain source IP addresses of internet users from the log files of their web servers.

Apache Configuration to Re-Write Client IP Addresses for Logfiles on GoGrid:

• Note: This method will not work for SSL streams, you will only be able to capture client IPs for non-encrypted HTTP traffic.

1. Edit the httpd.conf file or whatever config file the virtual host you want to modify is configured in.
2. Find out what IP the load balancer is making requests from and make a note of it. There are two main ways to derive this IP address:
   • You can look in your Apache log files to see which IP is making the most requests; that will be the load balancer's IP.
   • You can run the following command on the command-line: tcpdump -ni eth0 port http. The most prevalent IP that is NOT the IP of the host you're on will be that of the load balancer.
3. Find the line that contains CustomLog /var/log/httpd/access_log or similar.
4. Remove or comment out that line and add the following lines, replacing the 192.168.9.1 address in the SetEnvIf line with the address of the load balancer you derived in Step 2:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{rlnclientipaddr}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedlb
SetEnvIf Remote_Addr "192\.168\.9\.1" fromlb
CustomLog /var/log/httpd/access_log combinedlb env=fromlb
CustomLog /var/log/httpd/access_log combined env=!fromlb

Once this is complete, you will need to restart Apache and examine the logfiles to make sure the client IP address is being recorded correctly.

If You are Experiencing Problems:

If your load balancer was created prior to August 13, 2008, please delete and recreate your load balancer. Then perform Step 2 again to derive the load balancer's IP and update the SetEnvIf variable if necessary.

If you are still having problems, please submit a new case to GoGrid Support from you my.gogrid.com portal. Supply as much detail as possible in the case, including the customized logging entries you've added to httpd.conf.

IIS Configuration to Re-Write Client IP Addresses for Log Files on GoGrid:

You will need a DLL that will pull the source IP from X-Forwarded-For section of the header in order to log the correct source IP.

1. Download the F5XForwardedFor.zip file from the "Release" folder at the link below to the Windows server(s) and extract the DLL file to %SYSTEMROOT%\system32
   • Article: http://devcentral.f5.com/weblogs/joe/archive/2005/09/23/1492.aspx
   • Link: http://devcentral.f5.com/downloads/codeshare/F5XForwardedFor.zip (contains source)
2. Start Internet Services Manager.
3. For each load balanced website, right-click on it and select "Properties" from the drop-down menu.
4. Select the "ISAPI Filters" tab from the properties window.
5. Click the "Add" button to add the filter. Type "F5 log rewrite" into the "Filter Name" box and c:\winnt\system32\rllog.dll (or c:\windows\system32, wherever you put it). Click "OK" to add the filter.
6. Click "OK" on the properties window to apply the filter.
7. Right-click the website and select "Stop" from the drop-down.
8. Right-click again and select "Start".
9. Repeat steps 3-7 for each website for which the logs need to be rewritten.

If You are Experiencing Problems:

If your load balancer was created prior to August 13, 2008, please delete and recreate your load balancer. Then perform the above steps again.

If you are still having problems, please submit a new case to GoGrid Support from you my.gogrid.com portal. Supply as much detail as possible in the case, including the customized logging entries you've added to your Windows server.