By using AWS re:Post, you agree to the Terms of Use

Forwarding client port through ELB

0

Good day to you all,

Our business model requires that we obtain the original user IP and port to be able to identify said user - this is a business requirement, thus non-negotiable. We are investigating the support for this through ELB, but it seems to be a tad problematic:
1- IP is supported through the X-FORWARDED-FOR header on HTTP/HTTPS listeners, and through Proxy protocol on TCP listeners - so far so good.
2- Port, as far as I have been able to find, is only supported through proxy protocol - the X-FORWARDED-PORT seems to forward the listener port, rather than the client port which would be the one we need.
3- Our application is developed on ASP .NET, and thus requires IIS to host it. So far, IIS does not support Proxy Protocol - thus, we would need to set up an intermediate NGINX to act as a reverse proxy and handle the proxy protocol - and then forward the request along with the missing information in a custom header.

Am I wrong on my understanding? Is there a way to forward the client port through an HTTP/HTTPS listener without relying on the Proxy Protocol?

Thanks, and regards.

Edited by: SergioHerrero on Apr 16, 2020 6:35 AM

1 Answer
0

Using a NLB instead of an ALB or Classic ELB allows to cover all the issues above: both port and ip are forwarded transparently, and the NLB does support SSL offload.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions