---
title: Configuring traffic through a load balancer
description: Use dsconfig or the administrative console to configure PingAuthorize Server to get traffic through a load balancer and to record the actual client's IP address.
component: pingauthorize
version: 11.0
page_id: pingauthorize:pingauthorize_server_administration_guide:paz_config_traffic_through_load_balancer
canonical_url: https://docs.pingidentity.com/pingauthorize/11.0/pingauthorize_server_administration_guide/paz_config_traffic_through_load_balancer.html
revdate: March 3, 2025
section_ids:
  use-dsconfig: Use dsconfig
  steps: Steps
  example: Example:
  example-2: Example:
  use-the-administrative-console: Use the administrative console
  steps-2: Steps
  example-3: Example:
---

# Configuring traffic through a load balancer

Use `dsconfig` or the administrative console to configure PingAuthorize Server to get traffic through a load balancer and to record the actual client's IP address.

To record the actual client's IP address to the trace log, enable `X-Forwarded-*` handling in both the intermediate HTTP server and the PingAuthorize Server.

By default, when a PingAuthorize Server is sitting behind an intermediate HTTP server, such as a load balancer, a reverse proxy, or a cache, it logs incoming requests as originating with the intermediate HTTP server instead of the client that sent the request.

When you set the `use-forwarded-headers` property and enable an HTTP connection handler to use `Forwarded` or `X-Forwarded-*` headers, many intermediate HTTP servers add information about the original request that would otherwise be lost.

If `use-forwarded-headers` is set to `true`, the server uses the client IP address and port information in the `Forwarded` or `X-Forwarded-*` headers instead of the address and port of the entity that's sending the request (the load balancer). This client address information shows up in logs, such as in the `from` field of the `HTTP REQUEST` and `HTTP RESPONSE` messages.

|   |                                                                                                                                                                                                                                                            |
| - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | If both the `Forwarded` and `X-Forwarded-*` headers are included in the request, the `Forwarded` header takes precedence. The `X-Forwarded-Prefix` header only overrides the context path for HTTP servlet extensions, not for web application extensions. |

* `dsconfig`

* Admin console

## Use `dsconfig`

### Steps

1. Edit the HTTP or HTTPS connection handler object and set `use-forwarded-headers` to `true` by running `dsconfig`.

   #### Example:

   ```
   dsconfig set-connection-handler-prop \
       --handler-name "HTTPS Connection Handler" \
       --set use-forwarded-headers:true
   ```

2. To finalize your changes, use `dsconfig` to restart the HTTP or HTTPS connection handler.

   #### Example:

   ```
   dsconfig set-connection-handler-prop \
       --handler-name "HTTPS Connection Handler" \
       --set enabled:false

   dsconfig set-connection-handler-prop \
       --handler-name "HTTPS Connection Handler" \
       --set enabled:true
   ```

3. To provide the `X-Forwarded-*` information to your load balancer, consult your provider's guide on configuring load balancer settings.

## Use the administrative console

### Steps

1. In the PingAuthorize administrative console, go to **Configuration > Connection Handlers**.

2. In the **Connection Handlers** list, select the HTTP or HTTPS connection handler you want to edit.

3. To enable `Forwarded` headers, go to **Use Forwarded Headers**, and select the **Enabled** checkbox.

4. Click **Save**.

5. To finalize your changes, use `dsconfig` to restart the HTTP or HTTPS connection handler.

   #### Example:

   ```
   dsconfig set-connection-handler-prop \
       --handler-name "HTTPS Connection Handler" \
       --set enabled:false

   dsconfig set-connection-handler-prop \
       --handler-name "HTTPS Connection Handler" \
       --set enabled:true
   ```

   |   |                                                                                                                                                                   |
   | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | Because disabling the connection handler stops the administrative console, you must complete this step in the command line instead of the administrative console. |

6. To provide the `X-Forwarded-*` information to your load balancer, consult your provider's guide on configuring load balancer settings.