You have to solve the problem by using cookies and custom HTTP headers to include the original client IP address before rewriting.
-Girish On Wed, Mar 20, 2013 at 12:34 PM, Nirmalya Lahiri <[email protected]> wrote: > Hi all, > for last few days I am facing problem while configuring ELB at Amazon cloud > (EC2). The issue is, I am not getting client IP address while I have > configured the ELB listener in Layer 4(TCP) mode in server variable, while I > am getting that in Layer 7(HTTP) mode. I need client IP for my application. > > Still ELB has the issue of SSL/TLS Renegotiation vulnerability. So, I am not > able to use ELB listener in Layer7(HTTP) mode, rather I am using ELB listener > in Layer4(TCP) mode and handle the SSL/TLS Renegotiation vulnerability > through Apache web server. > > That means...... > Mode of Listener | Client IP address | SSL/TLS > Renegotiation vulnerability > --------------------------------------------------------------------------------------------------------------------------------------- > Layer4(TCP) | Not Available | > Vulnerability can be overcome > Layer7(HTTP) | Available | > Vulnerability can not be overcome > > > > I need both the feature(Client IP and Vulnerability overcome). > > > I have written to Amazon support, but till now got very poor support from > them. Now I am posting this issue to these list, so that if anyone have any > idea to resolve that can share with everyone. > > > Below is the mail that I have written to Amazon support...... > --------------------------------------------------- > Hi, > as per the document published at > http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-listener-config.html > .... > > "When you use TCP for both front-end and back-end connections, your load > balancer will forward the request to the back-end instances without > modification to the headers." > > But unfortunately I am not getting IP address of client from the server > variable "REMOTE_ADDR" on Layer 4 configuration of ELB. I am getting modified > address on that variable. How can I get the actual one? > > I have no option to create Layer 7 configuration of ELB because still ELB has > issue with SSL/TLS Renegotiation. Currently I am handling this issue from > Apache server of back-end instance. > > Now I need to know the process to know the IP address of client through Layer > 4 configuration of ELB. Without client IP our application will not run > properly. I am not able to run the application. > > Waiting for prompt reply > .. thanks. > --------------------------------------------------- > > > --- > Nirmalya Lahiri > Mobile: +91-9433113536 > VOIP: [email protected] > _______________________________________________ > ILUGC Mailing List: > http://www.ae.iitm.ac.in/mailman/listinfo/ilugc -- Gayatri Hitech http://gayatri-hitech.com _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
