With a webserver (apache or nginx) I am able to find the x-forwarded-for
header and find the client IP rather than the ELB's IP.
Can I do the same thing using IPTables
so that I am able to block certain IP addresses?
I can do this at the webserver level. However, I think this is a bit inefficient and I am hoping I can achieve this with IP Tables or something similar?
You can determine the IP addresses associated with an internal load balancer or an internet-facing load balancer by resolving the DNS name of the load balancer. These are the IP addresses where the clients should send the requests that are destined for the load balancer.
For more information, see Routing traffic to an ELB load balancer in the Amazon Route 53 Developer Guide. The load balancer has one IP address per enabled Availability Zone. These are the addresses of the load balancer nodes. The DNS name of the load balancer resolves to these addresses.
Since July 30th ELB supports Proxy Protocol. As stated in the end of this thread in the AWS forum:
Elastic Load Balancing (ELB) now supports Proxy Protocol version 1. This feature allows you to identify the client’s connection information when using TCP load balancing, providing additional insight into visitors to your applications. Having this information can be useful for analyzing traffic logs, gathering connection statistics, troubleshooting, or managing whitelists of IP addresses.
You must enable Proxy Protocol in the ELB.
The developers guide has more information about Proxy Protocol.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With