The C-IP field is not logging X-Forwarded-For header information on Windows Server 2008 / IIS7

When running X-Forwarded-For for IIS on Windows Server 2008 / II7 the IIS logs do not show the X-Forwarded-For header information in the C-IP field. A network trace shows that the X-Forwarded-For header does exist in the request reaching the web server.

Cause: Unlike II6 on Windows Server 2003, IIS7 on Windows Server 2008 supports Global and Site based ISAPI filters. The installation routine for X-Forwarded-For for IIS registers the ISAPI filter at the Global level only and not on the Site level. By default, IIS7 web sites will inherit the Global ISAPI settings but if inheritance has been disabled at the site level then the ISAPI filter will NOT run on the web site.

Resolution: Register the X-Forwarded-For for IIS ISAPI DLL at the web site level:

  1. Open IIS Manager.
  2. Select the Web site on which the X-Forwarded-For for IIS is not functioning.
  3. Double click ISAPI filters.

  4. If "Winfrasoft X-Forwarded-For for IIS" is not listed and "Revert To Inherited" is listed on the Actions pane then the site is not inheriting from the Global ISAPI settings.
    Click Add... in the Actions pane.

  5. Enter Winfrasoft X-Forwarded-For for IIS as the Filter name.
    Browse for the XFF4IIS.dll (32 bit) or XFF4IIS64.dll (64 bit) file, typically located in the C:\Program Files\Winfrasoft X-Forwarded-For for IIS\ folder.
    Click OK.
  6. The "Winfrasoft X-Forwarded-For for IIS" filter is shown in the web sites ISAPI Filters list.
  7. Stop and Start the web site.

More information: This issue will effect Exchange 2007 on Windows 2008 as the Exchange installation will disable inheritance of ISAPI filters to the Default Web Site.


Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk