• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 702
  • Last Modified:

How to set ISA to pass the clients' IP to Apache?

How to set ISA to pass  the web clients' IP to Apache, so it can be written to apache access logs instead of the local IP of the ISA?
Raleigh Guevarra
Raleigh Guevarra
  • 2
1 Solution
So, you have a web publishing rule in ISA to publish your web server.

Open this rule, goto the "TO" tab, there you may try to change the settings, which are determining, what (which ip) is delivered to the client.
Raleigh GuevarraDevSecOpsAuthor Commented:
It was already set, selected Requests appear from the original client in the To tab but still, on the apache access_log, always the local IP of the webserver was logged (ex and not the public IP of the client who access the website.
I assume you have restarted the server, right?

Note that you are (may be, need not to be) using NAT. As all NAT traffic has to flow back the same route it comes from, ISA has a local NAT table which stores the translation of external and internal IP addresses. To get the flow into the right direction, ISA has to replace the original client IP by its own to make sure, the result will flow back to ISA and can be reverse translated.

So now it depends, what apache is reading. The source IP is ISA anyway to avoid, that apache will try to send the package directly back to the client. I this would happen, ISA would try to request the site, but never will get something back. Inside the package, there is the web request, also with an IP. If apache reads the IP of the package, it will always report the ISA IP. If apache reads the IP of the web request, apache should get the real client IP. So there is a difference between the IP of the TCP/IP package and the web request itself.

I'm not sure, if you have any option to select, which IP apache should log. But if enabled in ISA, apache should get both in general.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now