- Le plus récent
- Le plus de votes
- La plupart des commentaires
As stated in documentation, $context.identity.sourceIp is the source IP address of the TCP connection making the request to API Gateway.
Whenever X-Forwarded-For header is available, the source IP would come from it, but we don't trust all entries in the header. We only trust the entry who made a call directly to endpoint.
If the call chain is like this,
ClientIp, \[proxyServer1, ..., proxyServerN], CloudFront/Regional
proxyServerN would be used for the sourceIp address, when X-Forwarded-For header is available.
CloudFront adds itself to the X-Forwarded-For header but Regional endpoint API/Regional custom domain name does not add itself to the X-Forwarded-For header. Therefore, In case of CloudFront, IP address appended by CloudFront would not be used as sourceIp, but the IP of the last proxy prior to CloudFront IP in X-Forwarded-For header. In case of Regional, the last IP address in X-Forwarded-For header would be used as sourceIp.
Please ignore the warning in the documentation. The team is aware of it and the documentation would be updated.
I think the note is from this thread https://forums.aws.amazon.com/message.jspa?messageID=669697.
At that time, the value of $context.identity.sourceIp is came from X-Forwarded-For header but it is fixed now.
AWS team should remove that note.
Contenus pertinents
- demandé il y a un an
- demandé il y a un mois
- demandé il y a un an
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a un an