Client-ip not logged on application server when using ARR
I have been meaning to blog for a while, but something always seems to get in the way. So, here is my first blog post.
Let me first introduce myself. I have been a developer on the IIS team since 1999, from the beginning of the IIS6 product cycle. I worked on the request processing pipeline for IIS6 and IIS7, including the new native extensibility in IIS7 and integration with the asp.net pipeline to make managed extensibility of IIS pipeline possible. I know that many people have questions both about the IIS7 native extensibility and the integrated pipeline and I try to answer them in forums whenever I can, but you should send me any topics that you would like me to address in this blog. Since IIS7 shipped, I have been working on ARR. We just shipped RTW for v1 of ARR. We are working on some great new things for the next version of ARR and would definitely love to hear any feature requests or feedback from ARRv1 that we can incorporate into future releases. But, more on that later.
Today, I am trying to address a specific problem users of ARR (or any other load-balancer that does not do direct server return) have. Specifically, that the client-ip that gets logged on their application server is the ip of the load-balancer and not the real client-ip. Also, others have reported problem when using the SSL offloading feature of ARR that since the request to the application is over http which can trip up application logic including any absolute links generated by the application. Also, there is need to correlate IIS logs between the ARR machine and the content server for troubleshooting or other reasons. I have written a module which you can install on your application servers running IIS7 to take care of these problems.
Extract the msi from the zip file and run it. It will install the module under "%PROGRAMFILES%\IIS\ARR Helper\" and register the configuration section it uses. It allows configuration of a few parameters in IIS configuration - you can find them in %windir%\system32\inetsrv\config\schema\arr_helper_schema.xml - they should be pretty self descriptive. You can use appcmd/AHAdmin/MWA/Config-Editor etc to edit those configuration parameters.
Edit: I have updated the msi downloads to fix a couple of bugs and add a couple of features that people reported.
Edit 11/05/2009: as per suggestions from the forums, I have added feature to the ARR helper to configure ip addresses of trusted proxies. Only X-Forwarded-For headers from those proxies will be honored.