YALE-MSS-13.1.2: Ensure client IP addresses are not obscured by load balancers and reverse proxies

Standard:
YALE-MSS-13.1: Ensure logging contains information required for incident response

YALE-MSS-13.1.2: Ensure client IP addresses are not obscured by load balancers and reverse proxies

Low Risk Endpoint Not Required Moderate Risk Endpoint Not Required High Risk Endpoint Not Required Low Risk Server Required Moderate Risk Server Required High Risk Server Required Low Risk Mobile Device Not Required Moderate Risk Mobile Device Not Required High Risk Mobile Device Not Required Low Risk Network Printer Not Required Moderate Risk Network Printer Not Required High Risk Network Printer Not Required

Details

For security incident response, it is necessary to correlate client IPs with activity.

Web applications using caches or reverse proxies like F5 load balancers sometimes have this problem. Verify that your application logs show client IP addresses and not just reverse proxy IPs. A standard solution is to configure and log X-Forwarded-For headers.