大家好,我们开始使用Azure AD应用程序代理前端部分可通过互联网访问的网站,而不是传统的互联网防火墙保护。 all应用程序代理以为前端的网站正在使用直通身份验证,因为这些网站适用于我们的Azure AD中没有帐户的外部客户端。这没有任何问题,但今天,我被要求为一个的网站制作一些网络统计信息。他们想要的信息包含请求的来源IP,目的地IP,位置数据,网站点击次数等信息。当我在我们的网站上查看IIS日志时,所有的网络请求都来自内部应用程序代理连接器服务器。这与防火墙提供安全性的情况有很大不同,其中IIS日志包含所有不同的源IP。有没有办法为Azure应用程序代理提供前端网站的日志,该代理将提供Web请求的真实来源IP?
任何反馈赞赏。
解决方案
检查出下应用和services\Microsoft\aadapplicationproxy\connector&NBSP日志;
另外,看看你是否能看到他们的高级下日志记录: HTTP://blogs.iis/deanc/iis7-8-logging-the-real-client-ip-in-the-iis-hit-logs
Hi all, instead of the traditional internetfirewall protection for a website in a DMZ, we started to front-end some of ourinternet-accessible websites with the Azure AD Application Proxy.Allof the websites that are front-ended by the app proxy are using passthrough authentication because the websites are for external clients that don't have accountsin our Azure AD. This works without any problems, however, today, I was asked to produce some web statistical information for one of thewebsites. They wanted informationthat contains information like sourceIP of the request, destination IP, location data, number of hits on a website, etc. When I look on our website IIS logs, all of the web requests are sourced from the internal app proxy connector server.This is much different than when the firewall wasproviding security wherethe IIS logs contained all different source IPs. Is there a way to get logs for a website that is front-ended by the Azure app proxy which will provide the true source IPsof the web requests?
Any feedback appreciated.
解决方案Check out the logs under application and services\Microsoft\aadapplicationproxy\connector
Also, see if you can see them under the Advanced Logging:blogs.iis/deanc/iis7-8-logging-the-real-client-ip-in-the-iis-hit-logs
更多推荐
Azure应用程序代理
发布评论