How the client IP address is preserved in AWS Global Accelerator
AWS Global Accelerator preserves the source IP address of the client differently for Amazon EC2 instances, Network Load Balancers, and Application Load Balancers:
For an EC2 instance endpoint, the client’s IP address is preserved for all traffic.
For a Network Load Balancer endpoint with client IP address preservation, Global Accelerator works together with the Network Load Balancer to include the IP address of the original client in the IP header of the packet so that your application can access it.
For an Application Load Balancer endpoint with client IP address preservation, Global Accelerator works together with the Application Load Balancer to provide an
X-Forwarded
header,X-Forwarded-For
, that includes the IP address of the original client so that your web tier can access it.
HTTP requests and HTTP responses use header fields to send information about the HTTP
messages. Header fields are colon-separated name-value pairs that are separated by a
carriage return (CR) and a line feed (LF). A standard set of HTTP header fields is
defined in RFC 2616,
Message HeadersX-Forwarded
prefix.
Because an Application Load Balancer terminates incoming TCP connections and creates new connections to your backend targets, it does not preserve client IP addresses all the way to your target code (such as instances, containers, or Lambda code). The source IP address that your targets see in the TCP packet is the IP address of the Application Load Balancer. However, an Application Load Balancer does preserve the original client IP address by removing it from the original packet’s reply address and inserting it into an HTTP header before it sends the request to your backend over a new TCP connection.
The X-Forwarded-For
request header is formatted like this:
X-Forwarded-For:
client-ip-address
The following example shows an X-Forwarded-For
request header for a client
with an IP address of 203.0.113.7.
X-Forwarded-For: 203.0.113.7
The following example shows an X-Forwarded-For
request header for a client
with an IPv6 address of 2001:DB8::21f:5bff:febf:ce22:8a2e.
X-Forwarded-For: 2001:DB8::21f:5bff:febf:ce22:8a2e