Getting the original client IP with X-Forwarded-For in your code

If you’re like many of our clients, you not only want to retrieve the original client IP for your web server logs, but you want to use them in code as well… for example, to track invalid login attempts, or record the IP in a database for online payments etc. (NOTE: If you need the […]

Extracting the Client IP in IIS 7.0 and 7.5

NOTE: This article covers obtaining the original client IP for logging purposes. If you need to obtain it for use in your code, check out this article. IMPORTANT! Before implementing the steps below, we’ll assume you’ve enabled the “client-ip” header pass-through. To do so, log into the management portal and edit your server(s). In the […]

Extracting the Client IP in IIS 6 or lower

NOTE: This article covers obtaining the original client IP for logging purposes. If you need to obtain it for use in your code, check out this article. IMPORTANT! Before implementing the steps below, we’ll assume you’ve enabled the “client-ip” header pass-through. To do so, log into the management portal and edit your server(s). In the […]

Extracting the Client IP in Apache 2.0 and 2.2

NOTE: This article covers obtaining the original client IP for logging purposes. If you need to obtain it for use in your code, check out this article. NOTE: Before implementing the steps below, we’ll assume you’ve enabled the “X-Forwarded-For” header pass-through. To do so, log into the management portal and edit your server(s). In the settings […]

Cross-Site Scripting (XSS) Exploits

JavaScript is a dandy programming language. And it’s very popular. A report from W3Techs shows that 94.7% of all websites surveyed used JavaScript. But it’s also vulnerable to a top web application hack called cross-site scripting (XSS). Unlike SQL injection, which targets the server side, XSS goes directly for unsuspecting web users. XSS injects malicious […]

Internet Load Balancing and Failover for Multiple ISP Links

Controlling traffic is a key facet of internet management. Sometimes primary connections will go down. Or too much traffic may cause congested links or overwhelmed devices to become unusable. We wrote about the implementation of load balancing in the cloud in a 2017 blog post. When people think of load balancing, they usually think about traffic that […]

Prevent X-Forwarded-For Spoofing or Manipulation

When using an inline proxy like our ADC-as-a-Service or Web Application and API Protection service, you’ll often want to know the original client IP address for security, to track in your logs for stats or for other reasons. In our KB article entitled Getting the original client IP with X-Forwarded-For in your code, we’ve already discussed […]

Multi Site Exchange DAG Failover – Solving WAN IP Availability

So you decided to deploy a high availability Microsoft Exchange environment.  You created a Database Availability Group for the databases on the Mailbox servers, carefully thought out the mailbox server roles and even deployed multiple Client Access Servers at two different sites with a nice WAN connection between them for timely synchronization. Your Exchange DR […]

I want to install the SSL certificate on the Load Balancer and use the SSL protocol, but I don’t want SSL Offload. I want it to remain entirely encrypted between my client and my server. Is this possible?

Yes, this is absolutely possible, and recommended! To accomplish this, you will need to configure the “protocol” as SSL and map it also to SSL on your servers (both probably on port 443). This ensures SSL is maintained between the client and your servers, while still allowing you to take advantage of our SSL acceleration, […]