How to set the Client IP in smaccess logs of the Policy Server
search cancel

How to set the Client IP in smaccess logs of the Policy Server

book

Article ID: 195023

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

When running Policy Server, how to log the user's IP address in smaccess log in Policy Server? The IP Address captured in REMOTE_ADDR is the Load balancer (LB) IP Address instead of the user IP Address which is being audited as sm_client IP in smaccess logs currently.

X-forwarded-for and Client-IP headers are populating correct IP address for the user being authenticated. How to force the Web Agent to use either X-forwarded-for or Client-IP to be used while auditing?

Environment

Component: SMAPC

Release: Web Agent 12.52SP1CR11 on Apache 2.4.46 on RedHat 7

Resolution

Setting the ACO parameter CustomIPHeader to X-forwarded-for should solve this issue. Please check the below documentation for reference. 

There should be no need to change ProxyDefinition and/or RequireClientIP, just to include the X-forwarded-for in smaccess.log. Just set CustomIPHeader.

(1)

    List of Agent Configuration Parameters

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/list-of-agent-configuration-parameters.html#concept.dita_2fd165d3272c946abfbbca53cdd2a631bff36952_1
   

(2)

    Default HTTP Headers Used by the Product

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/web-application-protection/default-http-headers-used-by-the-product.html

Additional Information

 

 


    

Powered by Wolken Software