How To: View Source IP in Web Server Logs when using Load Balancing

Updated by Chris Little on Apr 08, 2015
Article Code: kb/862


When using the CenturyLink Cloud load balancing services customers who want to view or analyze web server logs find that these logs, by default, only show the MIP (Mapped IP) of the load balancing device as the Source IP. With this out of the box configuration web statistical analysis is impossible or not useful.


CenturyLink Cloud clients who make use of the Self-Service Load Balancing services.


Only customers leveraging HTTP (tcp/80) load balancing can take advantage of this functionality. Customers using SSL-passthrough and HTTPS (tcp/443) cannot as the load balancers cannot decrypt packets.

Graphical Representation

Below is a graphical representation of the CenturyLink Cloud Load Balancing services platform. As shown, the web server farm receives all traffic from the Mapped IP (MIP) of the Load balancers and as a result web server logs may not be useful for web statistical analysis.

load balancing platform overview


CenturyLink Cloud inserts an X-Forwarded-For header that can be used to filter the original source IP on a customers web server logs. The following Knowledge Base articles from Citrix provide details for various web server platforms on how to configure Source IP logging.