If a PingDirectory server is sitting behind an intermediate HTTP server, such as a load balancer, a reverse proxy, or a cache, it will log incoming requests as originating with the intermediate HTTP server instead of the client that actually sent the request. If the actual client's IP address should be recorded to the trace log, enable X-Forwarded-* handling in both the intermediate HTTP server and the PingDirectory server. See the product documentation for the device type. For PingDirectory servers:

  • Edit the appropriate Connection Handler object (HTTPS or HTTP) and set use-forwarded-headers to true.
  • When use-forwarded-headers is set to true, the server will use the client IP address and port information in the X-Forwarded-* headers instead of the address and port of the entity that's actually sending the request, the load balancer. This client address information will show up in logs where one would normally expect it to show up, such as in the from field of the HTTP REQUEST and HTTP RESPONSE messages.