May 21, 2010 Leave a comment
A while ago I had investigated how to get the Client IP address when using an Elastic Load Balancer (ELB) on Amazon EC2. On a physical network it’s very easy to get the Client’s IP address on the server-side. But the same code when hosted on Amazon EC2 via an ELB would yield the Private IP address of the EC2 Instance. Some changes might be necessary to get the “true” Client IP address
First, in order to get the Client IP address, the ELB’s Protocol must be set to route at the HTTP layer instead of TCP. If your ELB is already set to route at the TCP layer, you will have to schedule some downtime to create a new ELB that routes HTTP traffic instead and transfer your instances over to that new ELB.
Once that is done, you can access the Client IP address using the header HTTP_X_FORWARDED_FOR in the client request. To get the Private IP Address (of the instance that the request was routed to), you can use the header REMOTE_ADDR in the client request.
NOTE OF CAUTION: This solution does not work for ELB that routes HTTPS traffic (since it forwards at the TCP layer). The reason is because the HTTP traffic is encrypted using SSL which can be decrypted only at the endpoints. But currently the ELB cannot perform SSL acceleration and so it cannot get the Client IP address out. Read more on Load Balancing here.
UPDATE (10/15/2010): Amazon ELB has added support for HTTPS. So you should be able to do this on an ELB that routes HTTPS as well!