How to log client IP when IIS is load balanced: the X-Forwarded-For Header (XFF)
Published Nov 16 2018 07:01 AM 31.6K Views

First published on MSDN on Sep 05, 2018
X-Forwarded-For Header (XFF) is essential whenever we have a Proxy or LoadBalancer between client browser and IIS. This way, the proxy or load balancer will forward the client's IP to IIS, hence giving the IIS the much needed info to track the incoming user.

You need to check your Proxy or Load balancer documentation on how to enable XFF. Once it's enabled, you can follow this blog on how to add a custom logging field in IIS 8.5+ to log the XFF forwarded client-IP:

1. Launch IIS Manager UI (alternately, On an elevated command prompt, type inetmgr.exe)

2. Double-click "Logging"

3. Click "Select Fields"

4. Click "Add Field"

5. In the Add Custom Field window, type as follows

6. Click on "Apply" on the Actions pane on the top right corner

Logs with incoming client IP will be recorded in the IIS Log (default location is %SystemDrive%\inetpub\logs\LogFiles). The new log files will have an extra "_x" to it's name.


There is another great blog with additional info that you may wanna look into.

Version history
Last update:
‎Sep 24 2019 11:29 AM
Updated by: