?
----- Original Message -----
From: Girish Venkatachalam <girishvenkatachalam@xxxxxxxxx>
To: ILUG-C <ilugc at ae.iitm.ac.in>
Cc:
Sent: Wednesday, March 20, 2013 12:44 PM
Subject: Re: [Ilugc] A serious issue of Amazon Elastic Load Balancer
You have to solve the problem by using cookies and custom HTTP headers
to include
the original client IP address before rewriting.
The custom HTTP header can added from client side only (as of my knowledge).
But how can I get public IP address if the client is running behind proxy?
Can you please explain me the term rewriting? For that what I have to do? I
have to write any code?
-Girish
On Wed, Mar 20, 2013 at 12:34 PM, Nirmalya Lahiri
<nirmalyalahiri at yahoo.com> wrote:
Hi all,
? for last few days I am facing problem while configuring ELB at Amazon cloud
(EC2). The issue is, I am not getting client IP address while I have
configured the ELB listener in Layer 4(TCP) mode in server variable, while I
am getting that in Layer 7(HTTP) mode. I need client IP for my application.
? Still ELB has the issue of SSL/TLS Renegotiation vulnerability. So, I am not
able to use ELB listener in Layer7(HTTP) mode, rather I am using ELB listener
in Layer4(TCP) mode and handle the SSL/TLS Renegotiation vulnerability through
Apache web server.
That means......
Mode of Listener? ? |? Client IP address? ? ? ? ? ? ? ? ? |? ? ? SSL/TLS
Renegotiation vulnerability
---------------------------------------------------------------------------------------------------------------------------------------
Layer4(TCP)? ? ? ? ? |? Not Available? ? ? ? ? ? ? ? ? ? ? |? ? ? ? ?
Vulnerability can be overcome
Layer7(HTTP)? ? ? ? |? ? Available? ? ? ? ? ? ? ? ? ? ? ? ? |? ? ? ? ?
Vulnerability can not be overcome
I need both the feature(Client IP and Vulnerability overcome).
I have written to Amazon support, but till now got very poor support from
them. Now I am posting this issue to these list, so that if anyone have any
idea to resolve that can share with everyone.
Below is the mail that I have written to Amazon support......
---------------------------------------------------
Hi,
? as per the document published at
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-listener-config.html
....
"When you use TCP for both front-end and back-end connections, your load
balancer will forward the request to the back-end instances without
modification to the headers."
But unfortunately I am not getting IP address of client from the server
variable "REMOTE_ADDR" on Layer 4 configuration of ELB. I am getting modified
address on that variable. How can I get the actual one?
I have no option to create Layer 7 configuration of ELB because still ELB has
issue with SSL/TLS Renegotiation. Currently I am handling this issue from?
Apache server of back-end instance.
Now I need to know the process to know the IP address of client through Layer
4 configuration of ELB. Without client IP our application will not run
properly. I am not able to run the application.
Waiting for prompt reply
.. thanks.
---------------------------------------------------
---
Nirmalya Lahiri
Mobile: +91-9433113536
VOIP: nirmalyalahiri at sip.linphone.org
_______________________________________________
ILUGC Mailing List:
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
