By using AWS re:Post, you agree to the Terms of Use

Forwarding client port through ELB


Good day to you all,

Our business model requires that we obtain the original user IP and port to be able to identify said user - this is a business requirement, thus non-negotiable. We are investigating the support for this through ELB, but it seems to be a tad problematic:
1- IP is supported through the X-FORWARDED-FOR header on HTTP/HTTPS listeners, and through Proxy protocol on TCP listeners - so far so good.
2- Port, as far as I have been able to find, is only supported through proxy protocol - the X-FORWARDED-PORT seems to forward the listener port, rather than the client port which would be the one we need.
3- Our application is developed on ASP .NET, and thus requires IIS to host it. So far, IIS does not support Proxy Protocol - thus, we would need to set up an intermediate NGINX to act as a reverse proxy and handle the proxy protocol - and then forward the request along with the missing information in a custom header.

Am I wrong on my understanding? Is there a way to forward the client port through an HTTP/HTTPS listener without relying on the Proxy Protocol?

Thanks, and regards.

Edited by: SergioHerrero on Apr 16, 2020 6:35 AM

1 Answer

Using a NLB instead of an ALB or Classic ELB allows to cover all the issues above: both port and ip are forwarded transparently, and the NLB does support SSL offload.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions