Configuring IIS to Properly Detect Source IP Address When Working Behind a Proxy

Configuring X-Forwarded-For in a Reverse Proxy

If your IIS web server is behind a reverse proxy (like Nginx), you need to configure it to pass the original client IP address to the X-Forwarded-For header.

Open the configuration file for your proxy server. For Nginx, this file is typically located in /etc/nginx/sites-available/default or within your Nginx configuration directory.

Add or modify the following directive within the server block:

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

After making changes, restart the proxy server to apply the new configuration. For Nginx, use:

systemctl restart nginx

For other proxy servers, refer to their documentation to ensure that the X-Forwarded-For header is correctly passed to IIS.

Configuring IIS Logging for X-Forwarded-For

By default, IIS does not log the X-Forwarded-For header. To enable it, please follow these steps:

1. Open IIS Manager and select your website.

2. Click on Logging in the IIS section.

IIS Manager - Select Site

IIS Manager - Select Website

3. Click Select Fields and then click Add Field.

IIS Logging Settings

IIS Add Field for X-Forwarded-For

Adding X-Forwarded-For to IIS Logging

4. Set the Field Name to X-Forwarded-For and the Source Type to Request Header and the Source to X-Forwarded-For.

IIS Add Field for X-Forwarded-For

Adding X-Forwarded-For to IIS Logging

5. Click OK and apply the changes.

Verify X-Forwarded-For in IIS Logs

Once IIS logging is configured, verify that the X-Forwarded-For field is included in your logs:

1. Open the IIS log file (usually located in %SystemDrive%\inetpub\logs\LogFiles).

2. Look for the X-Forwarded-For field in the log entries.

2025-02-14 10:15:00 192.168.1.1 GET /website 200 - - "203.0.113.45"

In this example, 203.0.113.45 is the original client IP address passed through the proxy.

If you do not see the X-Forwarded-For field in your logs, double-check the IIS Logging settings and ensure that your proxy server is correctly passing the client IP address.

"This sotware is really great. It's a relief. Because my server is constantly under attack. Thanks RdpGuard" - Joaquim De Sousa Marques

"Nice product. I used to implement something similiar in a low-tech and cumbersome manner via a script called TSBlock (not mine). This makes it much easier and is well worth the pricetag for SMB's." - J. Johnson

"Absolutely amazed at your product. We are a church in the North Dallas area, and I discovered this morning multiple failed logon attempts via our Remote Access Server. A friend suggested your product, so I immediately downloaded the trial. It had a list of about five blocked IP addresses in minutes, and that was enough to lead me to push the BUY button. Over the past 10-15 minutes the list is now about thirty with at least a third being international attempts to break into our system. Thanks for a great product. You may have just saved us much grief." - John Hallford

"Love the software. RDP on our Windows servers is just ridiculous. We would block it in the router but we have lots of old-time customers that would have issues." - Scott Hirsch

"Love the software! Makes it easier than tailoring VB Scripts!!" - Nick Brennan

"It's a great product - really stopping those RDP attackers :-)" - Dave, UK

"First of all: Your application is very (!!!) useful and I like it very much securing my 2012 R2 server. RdpGuard is the best solution, I found on the market and after 10 minutes of testing it I ordered the fully-featured version. :-)" - Carsten Baltes

Configuring IIS to Detect Client IP Behind a Proxy

Configuring X-Forwarded-For in a Reverse Proxy

Configuring IIS Logging for X-Forwarded-For

Verify X-Forwarded-For in IIS Logs