How to set ISA to pass the clients' IP to Apache?

How to set ISA to pass  the web clients' IP to Apache, so it can be written to apache access logs instead of the local IP of the ISA?
Raleigh GuevarraDevSecOpsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BembiCEOCommented:
So, you have a web publishing rule in ISA to publish your web server.

Open this rule, goto the "TO" tab, there you may try to change the settings, which are determining, what (which ip) is delivered to the client.
0
Raleigh GuevarraDevSecOpsAuthor Commented:
It was already set, selected Requests appear from the original client in the To tab but still, on the apache access_log, always the local IP of the webserver was logged (ex 192.168.0.1) and not the public IP of the client who access the website.
0
BembiCEOCommented:
I assume you have restarted the server, right?

Note that you are (may be, need not to be) using NAT. As all NAT traffic has to flow back the same route it comes from, ISA has a local NAT table which stores the translation of external and internal IP addresses. To get the flow into the right direction, ISA has to replace the original client IP by its own to make sure, the result will flow back to ISA and can be reverse translated.

So now it depends, what apache is reading. The source IP is ISA anyway to avoid, that apache will try to send the package directly back to the client. I this would happen, ISA would try to request the site, but never will get something back. Inside the package, there is the web request, also with an IP. If apache reads the IP of the package, it will always report the ISA IP. If apache reads the IP of the web request, apache should get the real client IP. So there is a difference between the IP of the TCP/IP package and the web request itself.

I'm not sure, if you have any option to select, which IP apache should log. But if enabled in ISA, apache should get both in general.



0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.