X-Forwarded-For Header in mail headers

Can anyone help how I can instruct Exchange 2013 to include X-Forwarded-For header in mail headers. Usually as per standard, X-Originating-IP is added in mail headers. However, when Exchange 2013 OWA URL is load balanced using F5 (or any other hardware load
balancer), X-Originating-IP would point to load balancer self IP. There is a feature in load balancers to add X-Forwarded-For header when HTTP packets are forwarded to CAS servers by F5. Exchange 2013 is able to detect original client IP in IIS logs through X-Forwarded-For
header, but this headers is not captured by Exchange.
Regards,
Ramesh

Hi,
To log the real client IP in the IIS hit logs
http://blogs.iis.net/deanc/archive/2013/07/08/iis7-8-logging-the-real-client-ip-in-the-iis-hit-logs.aspx
Best Regards.

Similar Messages

  • IP Filtering based on X-Forwarded-For Header

    Hello,
    I am a newbie to the Weblogic proxy plugin to begin with.
    We have a requirement to block certain IPs that are coming via a proxy. The enduser IP is embedded in the standard X-Forwarded-For header and we need to use this as our mechanism rather than the IP of the proxy. Has anyone done this before.
    Can I get some pointers to literature concerning this subject?
    Thank You,

    I forgot to mention the NSAPI plugin is involved probably because iPlanet is the Web Server sitting before the WebLogic cluster.

  • ACE30 Load balancing based on IP and using x-forward-for header

    Hi Guys,
    We currently have a load balancing policy setup to direct traffic to say FARM-A based on a particular range of source (client) IP addresses, and the default FARM-B for all the other traffic.
    We are now looking to introduce a web application firewall (WAF) before the ACE.  The WAF will be inserting the client IP address into the x-forward-for http header.  Now I was wondering how best can be achieve the load balancing based on source IP given that we'll have to parse the HTTP header for this x-forward-for field?  Are there any examples that anyone can point me to? 
    let me know if you have any questions.
    thanks
    Sheldon

    Hi Sheldon,
    You might try creating a class map that matches on the XFF header. Then use that as the L7 load balance criteria (based on the hash value of the XFF header), using the predictor hash header.
    -Alex

  • Sticky using X-Forwarded-For

    Hello,
      I have a back-end ACE which needs to create a sticky based on a header value. The  X-Forwarded-For header is perfect as it indicates the original client ip.  There is a front end ACE which is setting the header correctly.
      My goal is to have the sticky associate every subsequent request originating from the same client ip (X-Forwarded-For value) to go to the same backend server.  This application opens multiple sessions and they all need to go to the same backend server.
      Does anyone have an example of what that backend ACE config would look like?

    Hi Joseph,
    If I understood you correctly, you now configured the ACE to insert a header with the client IP in it. Am I right? If so, this is not going to work
    For stickiness to work properly, you would need to ensure that the client (or the proxy before the ACE) is inserting a string on the request that remains constant throughout all the connections from a single client. The moment this string changes, the ACE will no longer be able to find a valid sticky entry and just send the request to another server.
    If the header stickiness is not working properly due to the changing headers, you could always try using cookie stickiness instead. The ACE can insert a cookie for stickiness purposes, and there is no reason for the client to modify it.
    Daniel

  • CSS 11501 Load Balancing with X-forwarded-for

    Hi,
    We have a pair of CSS 11501,
    Currently it is using source ip for load balancing and 5 servers as backend , however we have users loggin in using http and based on its source IP (ISP PROXY) , it is forwarded to SERVER A.
    However, we have a SSL page and when the client switches over to SSL , it is forwarded to SERVER B/C/D/E  based on its source IP ( REAL CLIENT IP) .
    This will cause the user to be terminated as the 5 servers are independent and not running in a cluster.
    Is there any way that we can use the X-Forwarded-For address to load balance so that when users loging , they are sent to SERVER A (Based on X-Forwarded-For Header IP which translate to REAL CLIENT IP).
    This way we are able to also send it back to the same server when it uses SSL.
    I believe that we should be able to load balance using X-Forwarded-For IP or to rewrite the X-Forwarded-For IP into client source IP
    Regards

    Hi,
    Unfortunately CSS does not support X-Forwarded-For, and even if CSS supports that, this wont work if you are not using SSL termination.
    One option that you can use here, is using SSL termination, so you can manage the SSL traffic on HTTP on the CSS, in this way you can use the same HTTP content rule which is the one currently working.
    In summary, you will have an SSL content rule that will decrypt the traffic, and this one will use the same content rule that already exist for HTTP, in case that the server is the one doing the redirect to SSL, but this is something that requires testing since depending on the redirect behavior we might have a redirect loop, but without details it is kind of hard to confirm that you will face this with this option.
    Another option, which is less complex, is to use a portless content rule, so this content rule will match port 443 and 80 at the same time, and using sticky or balance based on source IP, you will get the same result with less config. The downside is the troubleshooting, but in this way you will have what you want.
      content HTTP-HTTPS
        vip address 10.198.44.70
        advanced-balance sticky-srcip
        add service server1
        add service server2
        add service server3
        add service server4
        add service server5
        protocol tcp
        active
    Here the content rule is not looking for the destination port, it is just looking for the source IP, and HTTP and HTTPS will end all the time on the same server.
    Thanks,
    Rodrigo

  • Capture IP without using X-Forwarded For

                      Hello Friends,
    We are running a web-application that has a login on the very first page.
    We want to capture the real IP addresses of all the customers that visit our application.
    We have Cisco layer 3 Load balancer configured in a shared mode with Natting.
    We are running IBM http server over Apache. 
    We proposed using "X-Forwarded For" header to capture client IP but were not allowed due to known vulneabilities associated with X-Forwarded for.
    We want to capture client IPs for "http" and "https" without using "X-Fwd for".
    Can someone kindly suggest if there is any alternate to it?
    If yes then how to implement it?

    Hi Vivek, adding X forwarded method.to load balance policy. So that source ip address is added to HTTP header, is the only method. Unless the application itself does not request source ip add in the header. Which can be passed through the load balancer.
    Sent from Cisco Technical Support Android App

  • Insert https x-forwarded-for

    Hello all,
    I have an ACE 4700 and It is balancing a web aplication using tcp ports 80 (http) and 443 (https). The configuration of ACE is in One-Arm, it means that the ACE does a NAT to client IP source address.
    For requeriment legal the web aplication must to show the client IP source address in the web site, but with configurationin One-Arm only shows the IP address ACE.
    Whit the next configuration I can insert into the http packet the client IP source address
    policy-map type loadbalance first-match L7_LB_POLICY_SURA.COM.CO
      class class-default
        serverfarm sura.com.co
       insert-http X-Forwarded-For header-value "%is"
    but that don´t work with HTTPS (443)
    How do I do in HTTPS?
    If I buy this licenses, Can I do this?
    ACE-AP-SSL-05K-K9         
    ACE-AP-SSL-07K-K9         
    ACE-AP-SSL-100-K9         
    ACE-AP-SSL-UP1-K9         
    ACE-AP-SSLUP-5K-K9        
    Thanks.
    Haiver Bermon

    Hi,
    you don't need to buy any license.
    By default the ACE can do SSL Offload (1000 Transactions per Second). This means that the HTTS session is terminated at the ACE (and no longer at the server).
    Take a look at following example on how to configure ssl offload:
    http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3045.shtml
    HTH,
    Dario

  • FMIS 3.5: Sending X-Forwarded-For to HTTP Proxy?

    Currently, I'm running Flash Media Server 3.5 with it proxying unknown requests (via setting HTTPPROXY.HOST) to an Apache webserver that's currently running a CGI process.  However, it seems that when FMS proxies that connection to Apache, it currently does not provide Apache an X-Forwarded-For header at all, so all I see from Apache logs are connections coming from localhost. 
    Is there any way to have FMS add an X-Forwarded-For header to proxied requests sent to Apache?

    For your information, the serial keys that are added through administration console gets added to the 'LicenseInfoEx' tag of Server.xml.
    Regards,
    Janaki L

  • OSB http header X-Forwarded-For

    Hi,
    He have the next situation:
    Balancer (F5) -> OWSM -> ProxyOSB
    Balancer put in the request, the header 'X-Forwarded-For', to know the client IP. I have tested that between the balancer and one node of the osb cluster the header is present.
    I have extend OWSM with a custom policy, and the proxy has that policy. The problem is than in the custom policy the header 'X-Forwarded-For' isn´t present
    GetAllHeaders and process WS-security headers are enabled.
    We have the same situation is SOASuite and its work fine using the same policy.
    Any help? Thanks in advance

    exonit,
    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Visit http://support.novell.com and search the knowledgebase and/or check all
    the other self support options and support programs available.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.novell.com)
    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.novell.com/faq.php
    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Product Support Forums Team
    http://support.novell.com/forums/

  • I want to forward a message with the default headers included, but can't seem to set my mail preferences to include the headers when forwarding, just the original message ends up in the forwarded message and not the headers?

    I want to forward a message with the default headers included, but can’t seem to set my mail preferences to include the headers when forwarding, just the original message ends up in the forwarded message and not the headers?  What I'm trying to do is report SPAM and add headers to a spam message to forward to sites that go after the spammers.

    Did you check the article and the add-on mentioned there?

  • X-Forwarded-For HTTP header behaviour with web dispatcher

    can anybody specify the behavior of Web Dispatcher regarding the X-Forwarded-For HTTP header?
    When a client accesses SAP EP via proxy1, proxy2 and Web Dispatcher in
    this order, is it guaranteed that the format of the X-Forwarded-For
    HTTP header that I can refer at SAP EP becomes the following forms?
    X-Forwarded-For: client, proxy1, proxy2
    In other words, is it guaranteed by Web Dispatcher that the rightmost
    IP address, proxy2 in this example, is the closest downstream client?
    thanks in advance.

    Hi Jane
    I am not sure what exactly are you looking for but the following link is a general doc on administration of web dispatcher.Please see if this helps.
    http://help.sap.com/saphelp_nw70/helpdata/en/f5/51c7d170bc4a98b1b5a0339213af57/content.htm
    Regards
    Chen

  • Cannot copy mail headers any more in Mail.app

    I used to be able to click in the headers to an email, do command-A, then command-C, and it would copy all the headers so I could paste it into another document.  For some reason, this has been removed from Mail.  If I select all the mail headers and copy them, I only get the email addresses, without any header info.  This is killing me.  Is there any workaround to this anyone knows?  
    Thanks

    As of 30 Jan 2013, Google stopped supporting Exchange for free accounts. You'll need to set up Gmail using the regular Gmail presets. See this article for some options:
    http://www.mactrast.com/2012/12/how-to-setup-google-email-contacts-calendar/

  • E71 How to delete e-mail headers from phone (IMAP ...

    I use IMAP e-mail, so all none deleted e-mails stay on the server and are accessable from anywhere.
    I have realised that I can't delete e-mail headers from the phone (I only want the last 7 days or so) . The delete options are: delete from Server and Phone, delete from phone - header remains.
    This means that I am building a huge list of headers and will be useing memory.
    Anyone found a way around this?
    Many thanks. Peter

    Nokia email client is not supported for my device (7610).
    Also, it seems, there is no way to delete the headers selectively. Normally, when you want to handle the emails through your mobile device, you want to keep only important ones and delete the rest. So, possibly, Nokia can consider this for the future updates of the software, where user can delete the headers selectively to keep the inbox uncluttered and only as per the requirement.

  • Forward/reverse proxy chain losing headers

    I have the following setup:
    user(browser) -> proxy1 -> proxy2 -> webserver
    This has both forward and reverse mappings. In proxy 1, I have an NSAPI plugin that appends a name/value(uid:userid) pair into the HTTP headers, at the end of my current header string . I use
    const char *HEADERS = "full-headers"; //HEADER NAME
    pblock_findval((char *)HEADERS, request->reqpb))
    pblock_remove((char *)HEADERS, request->reqpb);
    pblock_nvinsert((char *)HEADERS, (char*)"current list of NV pairs, uid: user123", request->reqpb);
    In the previous proxy versions to 3.63, the second proxy and teh webserver receive my entire header string(full-headers) without any issue and just as I sent it.
    With version 3.63, my UID is missing from the "
    Protocol Request PB (rq->reqpb)" section along with some other info in my header string. I use sdump to view the headers, plus my backend app is not receiving the uid.
    Has anyone else had the issue of their headers getting mangled, and or missing in Proxy 3.63 ?Or does anyone have any ideas to the issue?

    Yep, good catch
    There is a bug in the proxy : Proxy 3.6 SP3 removes "Proxy-authenticate:" HTTP header when forwarding requests to other proxies.
    This is basically in adherence to RFC2616 clause
    13.5.1 End-to-end and Hop-by-hop Headers:
    For the purpose of defining the behavior of caches and non-caching
    proxies, we divide HTTP headers into two categories:
    - End-to-end headers, which are transmitted to the ultimate
    recipient of a request or response. End-to-end headers in
    responses MUST be stored as part of a cache entry and MUST be
    transmitted in any response formed from a cache entry.
    - Hop-by-hop headers, which are meaningful only for a single
    transport-level connection, and are not stored by caches or
    forwarded by proxies.
    The following HTTP/1.1 headers are hop-by-hop headers:
    - Connection
    - Keep-Alive
    - Proxy-Authenticate
    - Proxy-Authorization
    - TE
    - Trailers
    - Transfer-Encoding
    - Upgrade
    All other headers defined by HTTP/1.1 are end-to-end headers.
    This somehow messed up the proxy chain configurations
    This has been fixed in SP4 which will be released in a week or two
    Thx
    Maneesh

  • Not enough port fields in port forwarding for Linksys E4200

    I have always used netgear routers in the past. After a series of issues regarding configurations not working correctly I invested in what appeared to be a semi pro router, the cisco linksys e4200.
    I have a centralized server which I use to access a mass of different services such as mail, dns, VPN, FTP, Kerberos, http and many more. While I am not a massive networking nerd, this server setup is like my garage project. To access these services externally to my LAN as far as I understand I would need to configure port forwarding for each service to my server. Unfortunately the control panel for the linksys E4200 only offers about 15 custom port fields for forwarding, and some documentation I have read shows that with it's basic install my server could be using up to 60 ports at once.
    Is this router just not suitable for this sort of network. If so I will be very disappointed because I have spent a quarter of the price on netgear routers with more control than this.
    If anybody could assist with details and options I would greatly appreciate it

    Wrong forum, use "small business routers".

Maybe you are looking for