We have Citrix Secure Gateway installed on a Windows Server 2008 R2 server with the Citrix login page hosted in IIS on the same server. The CSG handles incoming HTTP and HTTPS connections on ports 80 and 443 and relays them to IIS, which is listening on a different port (using HTTP only, not HTTPS). This means that IIS sees all incoming connections as local connections, with the source IP address being the server's own IP address.
This causes a couple of problems. It makes it impossible to see the source IP address in IIS logs, and causes IIS to display detailed HTTP error messages to all clients, including external ones.
We can mitigate the second problem by turning detailed error messages off, but the ideal solution would be for IIS to see the actual source IP address rather than the server's own address. Is this possible, and if so, how?