Amazon Load Balancers: X-Forwarded Headers and Proxy Protocol Support
March 15, 2018 #aws #http #networking
Amazon has multiple Elastic Load Balancing products:
- Application Load Balancer is best suited for load balancing of HTTP and HTTPS traffic and operates at the individual request level (Layer 7).
- Network Load Balancer is best suited for load balancing of TCP traffic and operates at the connection level (Layer 4).
- Classic Load Balancer is intended for applications that were built within the EC2-Classic network and operates at either Layer 7 or Layer 4.
Because load balancers intercept traffic between clients and servers, your server sees the IP address of the load balancer. However, protocols exist to help your service identify the IP address of a client:
-
Layer 7 uses Forwarded HTTP header(s)
The Forwarded header contains information from the client-facing side of proxy servers that is altered or lost when a proxy is involved in the path of the request.
The alternative and de-facto standard versions of this header are the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Proto headers.
-
Layer 4 uses the PROXY protocol.
The PROXY protocol provides a convenient way to safely transport connection information such as a client’s address across multiple layers of NAT or TCP proxies. It is designed to require little changes to existing components and to limit the performance impact caused by the processing of the transported information.
Because AWS Classic Load Balancers operate at either Layer 7 or Layer 4, they support the both the X-Forwarded headers and the Proxy Protocol:
- HTTP Headers and Classic Load Balancers - Elastic Load Balancing)
- Configure Proxy Protocol Support for Your Classic Load Balancer - Elastic Load Balancing)
AWS Network Load Balancers operate at Layer 4 and support the Proxy Protocol.
Target Groups for Your Network Load Balancers - Elastic Load Balancing
Network Load Balancers use Proxy Protocol version 2 to send additional connection information such as the source and destination. Proxy Protocol version 2 provides a binary encoding of the Proxy Protocol header.
AWS Application Load Balancers operate on Layer 7 and support the X-Forwarded headers.
How Elastic Load Balancing Works - Elastic Load Balancing
Application Load Balancers and Classic Load Balancers support X-Forwarded-For, X-Forwarded-Proto, and X-Forwarded-Port headers.
Additional Resources: