How the Client IP Address is Preserved in AWS Global Accelerator
AWS Global Accelerator preserves the source IP address of the client differently for EC2 instances and Application Load Balancers:
-
For an EC2 instance endpoint, the client’s IP address is preserved in the TCP packet header.
-
For an Application Load Balancer endpoint with client IP address preservation, Global Accelerator works together with the Application Load Balancer to provide an
X-Forwarded
header,X-Forwarded-For
, that includes the IP address of the original client so that your web tier can access it.
HTTP requests and HTTP responses use header fields to send information about the HTTP
messages. Header fields are colon-separated name-value pairs that are separated
by a
carriage return (CR) and a line feed (LF). A standard set of HTTP header fields
is
defined in RFC 2616,
Message Headers. There are also non-standard HTTP headers available that
are widely used by the applications. Some of the non-standard HTTP headers have
an
X-Forwarded
prefix.
Because an Application Load Balancer terminates incoming TCP connections and creates new connections to your backend targets, it does not preserve client IP addresses all the way to your target code (such as instances, containers, or Lambda code). The source IP address that your targets see in the TPC packet is the IP address of the Application Load Balancer. However, an Application Load Balancer does preserve the original client IP address by removing it from the original packet’s reply address and inserting it into an HTTP header before it sends the request to your backend over a new TCP connection.
The X-Forwarded-For
request header is formatted like this:
X-Forwarded-For:
client-ip-address
The following example shows an X-Forwarded-For
request header for a client
with an IP address of 203.0.113.7.
X-Forwarded-For: 203.0.113.7