I am a programmer asked to analyze IIS log files from a Windows 2008 web server. The domain is a state agency and users are from the agency's intranet, plus redirections from the web. Each log file covers one 24 hour period. On day one, there are 35,000 hits. But on each of those hits, the client IP address (c-ip field of the logfile) is one of only two IPs, and both of them are on the agency intranet. I don't know anything else about the server or IIS setup. I would expect 100 or more agency employees use the app on these web servers on a given day, and therefore there should be 100 different client IPs. What am I missing?
Asked
Active
Viewed 566 times
1 Answers
2
I assume they're using a proxy to access the website.
Tommiie
- 5,627
- 2
- 12
- 46
-
I know on my workstation, Windows has a setting to tell it to not use a proxy server if it's an IP on this network. Does this mean they haven't checked that box, and it uses the proxy? Should I then ask for the proxy server logs for our web servers only? Would that get me what I need? – Nolo Problemo Oct 05 '18 at 15:45
-
1You should definately talk to those people as they will know how it's setup on their side. You could be using a proxy even if the checkmark in your browser is unchecked. Routers can intercept HTTP(S) traffic and reroute it via proxy servers. – Tommiie Oct 05 '18 at 15:47