AWS ELB not populating x-forwarded-for header

3
votes

We are using Amazon Elastic Load Balancer and have 2 apache servers behind it. However, we are not able to get the X-Forwarded-Headers on the application side

I read a similar post, but could not find a solution to it

Amazon Elastic load balancer is not populating x-forwarded-proto header

This is how ELB listeners are configured 

HTTP 80  HTTP   80  N/A N/A
TCP  443 TCP    443 N/A N/A

Should changing the 443 port to HTTPS(Secure HTTP) instead of TCP populate the headers Other options are SSl(Secure TCP)

If this works, I would also like to know why and what makes the difference

2
amazon-web-servicesamazon-ec2amazon-elb
The question you linked to has the answer to your question. A TCP load balancer operates at around layer 4 and has neither protocol awareness nor ability to manipulate the payload in order to add HTTP headers. An HTTP(S) load balancer operates at layer 7 and is able to manipulate the payload to add the header.Michael - sqlbot
possible duplicate of Amazon Elastic load balancer is not populating x-forwarded-proto headerMichael - sqlbot
@Michael - sqlbot - thanks for the explanationitz_nsn

2 Answers

3
votes

Amazon now supports using a tcp header to pass the source along as discussed in this article.

Apache does not as time support proxy protocol natively. If you read the comments there are source patches to allow apache to handle it or you could switch to nginx.

1
votes

I had the same request. I have an AWS Load Balancer pointing to a Webserver on the port 80. All the HTTPS request are resolved using an AWS SSL Certificate but my client asked me also to redirect all the 80 port request to the HTTPS.

I'm using an Apache server, so I needed to add the following lines to the Virtual Host config file (httpd.conf)

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !=https
RewriteRule ^/(.*)$ https://%{SERVER_NAME}/$1 [R=301,L]

Then I restarted the apache service and Woala! Below is the Virtual host config, you will need to do the same for your subdomains, example www.yourdomain.com

<VirtualHost *:80>
   RewriteEngine On
   RewriteCond %{HTTP:X-Forwarded-Proto} !=https
   RewriteRule ^/(.*)$ https://%{SERVER_NAME}/$1 [R=301,L]
   ServerAdmin [email protected]
   DocumentRoot "/apache2/htdocs/YourDomainFolderWeb"
   ServerName yourdomain.com
   ErrorLog "logs/yourdomain.com-error_log"
   CustomLog "logs/yourdomain.com-access_log" common
</VirtualHost>

Hope it works. More info at: https://aws.amazon.com/premiumsupport/knowledge-center/redirect-http-https-elb/

Best