nginx反向代理后,让IIS Log中记录真实客户IP

 前面有篇文章, Nginx反向代理for win2003, 使用之后, 发现IIS的Log中, c-ip客户端IP不是用户真正的IP, 而是proxy server的IP, 据说这个是IIS的问题. 

X-Forwarded-For header logging is supported in Apache (with mod_proxy) but Microsoft IIS does not have a direct way to support the translation of the X-Forwarded-For value into the client ip (c-ip) header value used in its webserver logging.

f5的Joe Pruitt提供了解决方案X-Forwarded-For Log Filter for Windows Servers,  他写了一个ISAPI扩展来让IIS支持这个proxy chain.

proxy chain

 点击这里下载, 或者直接在本站下载 安装中注意要给F5XForwardedFor.dll相应的iis运行用户读取的权限(最简单的办法是添加everyone的读取权限)

  1. Download and unzip the distribution.

  2. Copy the F5XForwardedFor.dll file from the x86\Release or x64\Release directory (depending on your platform) into a target directory on your system.  Let's say C:\ISAPIFilters.

  3. Ensure that the containing directory and the F5XForwardedFor.dll file have read permissions by the IIS process.  It's easiest to just give full read access to everyone.

  4. Open the IIS Admin utility and navigate to the web server you would like to apply it to.

  5. For IIS6, Right click on your web server and select Properties.  Then select the "ISAPI Filters" tab.  From there click the "Add" button and enter "F5XForwardedFor" for the Name and the path to the file "c:\ISAPIFilters\F5XForwardedFor.dll" to the Executable field and click OK enough times to exit the property dialogs.  At this point the filter should be working for you.  You can go back into the property dialog to determine whether the filter is active or an error occurred.

  6. For II7, you'll want to select your website and then double click on the "ISAPI Filters" icon that shows up in the Features View.  In the Actions Pane on the right select the "Add" link and enter "F5XForwardedFor" for the name and "C:\ISAPIFilters\F5XForwardedFor.dll" for the Executable.  Click OK and you are set to go.

 参考文章: X-Forwarded-For Log Filter for Windows Servers

XeonWell Studio