Sometimes, workstations that must be filtered are located behind a proxy that uses Microsoft ISA Server as a proxy (proxy chaining).
Some proxies can be configured to expose the workstation's IP address in the HTTP header via the value of X-Forwarded-For:. Microsoft ISA integration with Websense software can be configured to do filtering lookups based on this value, rather than on the IP address of the downstream proxy.
To filter workstations behind multiple proxies:
Configure the downstream proxy to pass workstation IP addresses via X-Forwarded-For.
See the proxy documentation for instructions.
On the machine running Microsoft ISA Server, navigate to the WINDOWS\system32 directory.
Open the file wsMSP.ini in a text editor.
Add a new heading of: [configSection]
Under the new heading add the following key:
NOTE If the X-Forwarded-For value is not found in the HTTP header when this feature is enabled, filtering lookups occur based on the IP address of the downstream proxy.
Stop the ISA Server service via the Windows Services dialog box.
The service is labeled as Microsoft Firewall.
Start the ISA Server service via the Windows Services dialog box.
Repeat steps 1-6 for each machine on which Websense ISAPI Filter is installed.
I read that you have developed a X-Forwarded-For Log Filter for ISA that was successfully tested by Skeep. I would be grateful if you could send me, too, this filter and the instructions how to set it. I had to make a cross upgrade to Trend Micro InterScan Web Security Virtual Appliance which can add the XFF HTTP header. So now I have a chain of proxies. Unfortunately ISA is not able to get from it the originating IP address and the product from Winfrasoft costs too much for me. Thanks a lot.
All the best,