Share via

Add original client IP to App Service HTTP log instead of WAF

ינון גינדי 0 Reputation points
2024-07-23T07:22:45.3633333+00:00

Hi Team,

I have an App Service sitting behind an 3rd party WAF. It is configured to write web logs to Azure Log Analytics.

However, the IP on the CIp field in these logs displays the WAF IP addresses. Not the real client IPs.

I see others have asked this going back a few years, but don't see a solid answer on how to fix this. Is this configuration possible?

I saw this post and tried it and it did not solve our issue

https://learn.microsoft.com/en-us/answers/questions/1181908/how-do-i-add-client-ip-to-http-logs-for-azure-app

I've also attempted to open a ticket with support, but they haven't been helpful

The App Service is hosted on a Linux machine and the framework is nodeJS

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,310 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,889 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sina Salam 11,916 Reputation points
    2024-07-23T17:23:07.2566667+00:00

    Hello ינון גינדי,

    Welcome to the Microsoft Q&A and thank you for posting your questions here.

    Problem

    I understand that you are facing issue with the WAF IP addresses appearing in your Azure App Service logs instead of the real client IPs.

    Solution

    What I can suggest resolving the issue are the followings:

    • Ensure that your Application Gateway is configured correctly to forward the original client IP address to the backend (your App Service). By default, Application Gateway does preserve the client IP address in the X-Forwarded-For header. So, you can check the configuration in your Application Gateway settings. If needed, update the configuration to ensure that the client IP is correctly forwarded.
    • Consider implementing custom logging in your App Service to capture the original client IP address. You can use the X-Forwarded-For header value (if available) to extract the client IP and in your Node.js application, you can access the X-Forwarded-For header using req.headers['x-forwarded-for'].
    • Finally, instead of using a third-party WAF, consider using Azure Front Door or Azure Traffic Manager. These services can handle traffic routing and provide additional features like Web Application Firewall (WAF) and client IP preservation. Azure Front Door, in particular, allows you to configure custom headers, including the client IP, which can be useful for logging purposes.

    Accept Answer

    I hope this is helpful! Do not hesitate to let me know if you have any other questions.

    ** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.

    Best Regards,

    Sina Salam

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.