Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

HTTP API GW -> (WAF) -> ALB, cannot pick up source IP

0

I have an HTTP API GW that connects to a private ALB via VPC Link.

But i cannot make WAF understand the forwarded HTTP header that APIGW sets

forwarded: for=someip;host=somehost;proto=https

From what i understand WAF wants a CSV type of input in the header it reads for IP and uses the first one and the documentation states that it's usually X-Forwarded-For

Is there any way of making WAF understand the format that HTTP API GW is sending to ALB?

Tópicos
Segurança, identidade e conformidadeSem servidorWeb e dispositivos móveis front-endRede e entrega de conteúdo
Tags
AWS WAFGateway do Amazon APIElastic Load Balancing
Idioma
English
Alexander
feita há um ano383 visualizações
1 Resposta
0

The WAF attached to the ALB which is behind API Gateway does not recognize the source IP of the client. One approach would be to front CloudFront before API Gateway and have AWS WAF on CloudFront Alternatively you could use HTTP API GW -> WAF -> NLB -> ALB. Or Switching to port base routing as opposed to path based routing and changing from ALB to NLB.

profile pictureAWS
ESPECIALISTA
PiyushMattoo
respondido há um ano
  • alexander
    há um ano

    I tried placing a CF in front of the GW (which is the cleaner solution i agree), but for the life of me I could not make it work

    Followed several guides but i only ended up with "< x-cache: Error from cloudfront"

    Route53 -> CF -> custom domain in my HTTP API GW

    Anyone had similar issues?

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante