I am trying to restrict an application in IIS 7 by IP address on my web server behind a load balancer. The X-Forwarded-For header is set by the load balancer with the client's IP address.
What is the best way to extract that IP address in IIS 7 to setup IP address filtering on my application? If there is not a best way, I will end up using an HTTPModule to handle this for me.
You can use the IIS URL Rewrite module to accomplish this.
Add a new inbound rule with conditions that check to see if the IP address does not match {HTTP_X_Forwarded_For}. You can then set the rule up to redirect, rewrite, or abort the request.
You can a new condition for each IP address you wish to white-list.