Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to get client IP behind an AWS ELB?

With a webserver (apache or nginx) I am able to find the x-forwarded-for header and find the client IP rather than the ELB's IP.

Can I do the same thing using IPTables so that I am able to block certain IP addresses?

I can do this at the webserver level. However, I think this is a bit inefficient and I am hoping I can achieve this with IP Tables or something similar?

like image 536
Abs Avatar asked Aug 31 '13 10:08

Abs


People also ask

How do I find the IP address behind a load balancer?

You can determine the IP addresses associated with an internal load balancer or an internet-facing load balancer by resolving the DNS name of the load balancer. These are the IP addresses where the clients should send the requests that are destined for the load balancer.

Does AWS ELB have an IP address?

For more information, see Routing traffic to an ELB load balancer in the Amazon Route 53 Developer Guide. The load balancer has one IP address per enabled Availability Zone. These are the addresses of the load balancer nodes. The DNS name of the load balancer resolves to these addresses.


1 Answers

Since July 30th ELB supports Proxy Protocol. As stated in the end of this thread in the AWS forum:

Elastic Load Balancing (ELB) now supports Proxy Protocol version 1. This feature allows you to identify the client’s connection information when using TCP load balancing, providing additional insight into visitors to your applications. Having this information can be useful for analyzing traffic logs, gathering connection statistics, troubleshooting, or managing whitelists of IP addresses.

You must enable Proxy Protocol in the ELB.

The developers guide has more information about Proxy Protocol.

like image 107
Diego Fernández Durán Avatar answered Sep 24 '22 20:09

Diego Fernández Durán