I’ve been using Amazon EC2’s Elastic Load Balancer (ELB) for a couple years now to load balance web applications, and for the most part it’s been great. The one draw back I’ve run into is that IIS logs the load balancer’s private IP address as the c-ip address, rather than the client’s actual IP address. Essentially the ELB acts like a NAT device. This can be a problem when trying to troubleshoot requests to your IIS sites. And is just plain annoying.
So I finally did a little digging on this and found a simple and elegant solution. That is for IIS to log the IP address value of the X-Forwarded-For request header which ELB populates with the client IP address when it forwards the request to IIS.
Start by downloading the IIS X-Forward-For ISAPI Filter from F5 (click here for more information), and extracting the files. There’s a lot here, including source code, but all you need is the appropriate F5XForwardedFor.dll, either x86 (32 bit) or x64 (64 bit). To make it easy I copied mine to the root of C:inetpub, i.e. C:inetpubF5XForwardedFor2008x64.
Next, open IIS Manager, highlighting the server name in the Connections pane. In the <servername> Home pane double-click ISAPI Filters. Then in the Actions pane (upper-right corner) select Add. Give the filter a name (I used Xforward) and specify the exact location of the Executable (F5XForwardedFor.dll).
NOTE: by adding this at the server level it will apply to all sites on the server.
Click OK and you’re done. Now, sit back, relax and wait for your server logs to accumulate. Here’s a view of an IIS log after enabling the F5XForwardedFor ISAPI filter.