Client IP in REMOTE_ADDR http header

[Cooky]

We have a pair of Cisco's AXG web application firewalls that protect our internet-facing servers in a reverse-proxy fashion.
One problem we have is the servers can only see the WAF's IP's instead of the end users'.

Cisco TAC & SE's have confirmed there's no way around that until the next code release, which is targeted at Q1 2010.

There's an option to include the end users' IP's in the X_FORWARDED_FOR header within WAF.
However, we need to find a way to copy that IP from the XFF header into the REMOTE_ADDR header.

If anyone knows how that can be done, please let me know.
thanks.

 

[drebo]

What's your server-side programming language? Or are you looking to use the logging features built into your webserver?

 

[Cooky]

It could be anything on the server side, but I believe in this particular instance it's ASP.

We already use an ISAPI filter to copy the IP in the XFF header to IIS logs, so logging isn't a concern.
The application on the server relies on the REMOTE_ADDR entry for it to function correctly, which is what I'm working on right now.

 

[drebo]

The simplest thing to do would be to copy the X_FORWARDED_FOR header to REMOTE_ADDR within ASP itself. You application should be written in such a way that this shouldn't be a problem. You should be able to just add the command to the top of each page (or the init function if they've properly framed it).

Or, potentially, use an ISAPI filter to modify the header and make the copy for you. Me, personally? I would change the application, but if you can't/don't have access to the source/don't want to, the ISAPI would be the way to do it. You'd probably have to write a custom app, but it'd probably be very simple.

 

[Cooky]

thanks for the reply.
Fortunately our programmer was able to find a way to modify the app to use the IP from the XFF header so we're all good.