By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

WAF : forward client IP and port by http header

0

Hi ,

I want to use WAF to protect my application but I need to get client's IP and port for my application to work. I know that I can use X-Forwarded-For (XFF) header to get the client's IP but for port, I don't see any options for that. Would advice if there is any way for me to get the client Port data ? Many many thanks.

Topics
Security, Identity, & ComplianceNetworking & Content DeliveryAWS Well-Architected Framework
Tags
AWS WAFNetworking & Content DeliverySecurity
Language
English
Kenc
asked a year ago868 views
2 Answers
1
Accepted Answer

yes it is related with which WAF are you using for example

In AWS WAF, when used with an Application Load Balancer, there is an attribute called routing.http.xff_client_port.enabled. When set to true, this attribute allows the X-Forwarded-For header to preserve the source port that the client used to connect to the load balancer. By default, this attribute is set to false​0\n\nIndicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer. The possible values are true and false. The default is false","pub_date":null}}​.

If you need to forward the client port to your application, you should set this attribute to true. This will cause the Application Load Balancer to include the client's source port in the X-Forwarded-For header, which can then be read by your application.

profile picture
EXPERT
Sedat Salman
answered a year ago
0

This would depend on the underlying service calling WAF, rather than WAF itself. For example, for CloudFront, you could use the CloudFront-Viewer-Address header

AWS
EXPERT
Paul_L
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content