We're using a WAF (Web Application Firewall) on our server, which populates the HTTP_X_FORWARDED_FOR server variables which holds actual IP address of the client, and the REMOTE_ADDR holds the randomized IP address.
Now the problem is when the IIS Logs are created it uses the REMOTE_ADDR which may be incorrect hence we want to check if HTTP_X_FORWARDED_FOR available and if does, then the IIS Logs should use that instead of REMOTE_ADDR.
We're already overriding the REMOTE_ADDR when HTTP_X_FORWARDED_FOR is available, but that happens only at the application level and not at the IIS level, so the logs still records REMOTE_ADDR value only.
We're using Rewrite Rule to override REMOTE_ADDR with HTTP_X_FORWARDED_FOR when it's available, now since the REMOTE_ADDR is a read-only server variable, we allowedServerVariable in the applicationHost.config file to do this.