I’m working with an HTTP API Gateway integrated with a private load balancer via a VPC Link. When my backend receives a request, the X-Forwarded-For header only contains the private IP from the load balancer. I’ve configured the load balancer to forward this header:
• With preserve, I don’t get the header at all.
• With append, I receive the header, but it only contains a private IP.
I believe this is the only header being altered. Does this make sense? Is this an expected behavior?
How I tested this:
• Added a Lambda as an integration of my API, sent a request, and the header was there with my public IP.
• Used the same configuration in the ALB and forwarded traffic to a Lambda, but got no header at all with the preserve config.
Yes, I can add the IP to a custom header, and that header will be available after passes through the VPC Link and the ALB. The problem is that I'm dealing with a Legacy application that no one in the team knows how it works. So I can not update the code to make it work with a different header.
Just to be clear, X-Forwarded-For is available in the API GW, the header vanish after passing though the VPC Link integration.
In that case I would create a support case to see if this is behaviour that is expected from the service or not.