If a PingDirectory server is sitting behind an intermediate HTTP server, such as a load balancer, a reverse proxy, or a cache, it will log incoming requests as originating with the intermediate HTTP server instead of the client that actually sent the request.
If the actual client's IP address should be recorded to the trace log, enable
X-Forwarded-* handling in both the intermediate HTTP server and the
PingDirectory server. See the product documentation
for the device type. For PingDirectory servers:
- Edit the appropriate Connection Handler object (HTTPS or HTTP) and set
use-forwarded-headersis set to
true, the server will use the client IP address and port information in the
X-Forwarded-*headers instead of the address and port of the entity that's actually sending the request, the load balancer. This client address information will show up in logs where one would normally expect it to show up, such as in the
fromfield of the HTTP REQUEST and HTTP RESPONSE messages.