Unable to add X-forwarded-for header in https api gateway

Question

I am using HTTPS Api gateway to add a proxy and then add this proxy to a CloudFront distribution to allow HTTP to HTTPS redirect. I would like to get the "X-forwarded-for" header. I have already enabled "allow all headers" in the cache settings for CloudFront. I have also configured the CORS policy to allow all headers at the HTTPS API gateway. I am still unable to get the X-forwarded-for header in the response. Is there a way I can add this header?

Mojtaba · Answer

You can find a good explanation [here](https://medium.com/@lancers/amazon-api-gateway-explaining-http-proxy-in-http-api-3ea0afe6b03c#:~:text=Forwarded%20header,de%2Dfacto%2Dstandard.).
The summary is that, x-forwarded-for was a de-facto-standard and now the standard header is forwarded. If the request already contains x-forwarded-for header, API Gateway will put it in Forwarded header. But still Load Balancer uses x-forwarded-for header. So if you look at your incoming request after API-Gateway and Load Balancer, you will see the IP address of your API Gateway in x-forwarded-for header and the IP addresses of you client in Forwarded header.

Unable to add X-forwarded-for header in https api gateway

Add your answer

Relevant content