This post addresses a technical limitation in Microsoft's Forefront Threat Management Gateway (TMG) 2010, which lacks native support for the X-Forwarded-For HTTP header standard.
The Problem
Most reverse proxy servers operate in non-transparent mode, causing web servers to receive the proxy's IP address rather than the client's originating address.
The X-Forwarded-For (XFF) HTTP header field is a de facto standard for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer.
However, TMG 2010 doesn't support this standard, and commercial solutions charging significant fees were the only option—until I discovered and provided a free alternative.
Solution Provided
I initially distributed the XFF-Filter4TMG plugin binary. Following an update on February 26, 2013, I obtained permission from Gabriel Citron (the original developer) to open-source the code and published it on GitHub, making it accessible to organizations requiring transparent solutions with available source code.
The downloadable plugin and source repository allow administrators to implement this functionality at no cost.