----- Original Message -----
From: Girish Venkatachalam <[email protected]> To: ILUG-C <[email protected]> Cc: Sent: Wednesday, March 20, 2013 12:44 PM Subject: Re: [Ilugc] A serious issue of Amazon Elastic Load Balancer You have to solve the problem by using cookies and custom HTTP headers to include the original client IP address before rewriting. The custom HTTP header can added from client side only (as of my knowledge). But how can I get public IP address if the client is running behind proxy? Can you please explain me the term rewriting? For that what I have to do? I have to write any code? -Girish On Wed, Mar 20, 2013 at 12:34 PM, Nirmalya Lahiri <[email protected]> wrote: > Hi all, > for last few days I am facing problem while configuring ELB at Amazon cloud >(EC2). The issue is, I am not getting client IP address while I have >configured the ELB listener in Layer 4(TCP) mode in server variable, while I >am getting that in Layer 7(HTTP) mode. I need client IP for my application. > > Still ELB has the issue of SSL/TLS Renegotiation vulnerability. So, I am not >able to use ELB listener in Layer7(HTTP) mode, rather I am using ELB listener >in Layer4(TCP) mode and handle the SSL/TLS Renegotiation vulnerability through >Apache web server. > > That means...... > Mode of Listener | Client IP address | SSL/TLS > Renegotiation vulnerability > --------------------------------------------------------------------------------------------------------------------------------------- > Layer4(TCP) | Not Available | > Vulnerability can be overcome > Layer7(HTTP) | Available | > Vulnerability can not be overcome > > > > I need both the feature(Client IP and Vulnerability overcome). > > > I have written to Amazon support, but till now got very poor support from > them. Now I am posting this issue to these list, so that if anyone have any > idea to resolve that can share with everyone. > > > Below is the mail that I have written to Amazon support...... > --------------------------------------------------- > Hi, > as per the document published at >http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-listener-config.html > .... > > "When you use TCP for both front-end and back-end connections, your load > balancer will forward the request to the back-end instances without > modification to the headers." > > But unfortunately I am not getting IP address of client from the server > variable "REMOTE_ADDR" on Layer 4 configuration of ELB. I am getting modified > address on that variable. How can I get the actual one? > > I have no option to create Layer 7 configuration of ELB because still ELB has > issue with SSL/TLS Renegotiation. Currently I am handling this issue from > Apache server of back-end instance. > > Now I need to know the process to know the IP address of client through Layer > 4 configuration of ELB. Without client IP our application will not run > properly. I am not able to run the application. > > Waiting for prompt reply > .. thanks. > --------------------------------------------------- > > > --- > Nirmalya Lahiri > Mobile: +91-9433113536 > VOIP: [email protected] > _______________________________________________ > ILUGC Mailing List: > http://www.ae.iitm.ac.in/mailman/listinfo/ilugc -- Gayatri Hitech http://gayatri-hitech.com _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
