We have recently added Incapsula between our clients and several of our front-end software services. Now the client IP shows up as one of a couple different Incapsula points. Does anyone know how I can capture the real client IP address.
Answer depends on the traffic type the AMD sees. Is it plain HTTP (I guess No:-)? Is it SSL that can be decrypted on AMD (you have keys and it's not DH), and it contains HTTP inside? In those two cases, check whether there is an x-forwarded-for header available, from which AMD can extract the original IP address and report it as if it were the original client IP. This would work fo the HTTP(S) decode.