Thread

It is well documented that amazon IPs change for load balancers as traffic goes up and down.
https://forums.aws.amazon.com/thread.jspa?threadID=32280

I came across a fix but I’m not sure it meets my needs.
http://brettic.us/code/php-codeigniter-remote-ip-from-load-balancer/#codesyntax_2

Since I can turn the load balancer on or off depending on traffic spikes I’m trying to find an optimal way to use $config[‘proxy_ips’] to support this.

I clearly can’t put an IP or list of IPs as I never know what they’ll be at any time. I was thinking of trying to edit the code to support a range looking for anything under 10.*

Any thoughts around this would be greatly appreciated.

I’m using CI v1.7.2

You may want to get the DNS and request the ip after it changes.

Are you saying I should do a lookup for the dns on each request and then insert that IP into the proxy_ip array?

An other thoughts here? Thanks for your help.

bump

My simple fix was to assume every request was coming from the load balancer

$config['proxy_ips'] = $_SERVER["REMOTE_ADDR"];

Thanks Eric!  By any chance do you know what do to about SSL requests?  For regular http requests once can look at “x-forwarded-for-header” for the client IP address, but I’m having trouble figuring out what to do about HTTPS requests via ELB.

I’m no expert, but not sure why SSL vs. Non-SSL would matter. We get a combination of HTTP/HTTPS requests and the data come over the same. We are able to see all request data in both cases.

For some reason AWS does not set the x-forwarded-for-header header for HTTPS requests, but it does for HTTP.

This is all I have to use in my CI app

$this->x_forwarded_for = (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) ? $_SERVER["HTTP_X_FORWARDED_FOR"] : null;

Since I implemented the fix above, there is always a value for XFF. Only on rare occasions when the requests are proxied do I get additional IPs in the chain. Are you serving up content directly to a device/browser or are you making server to server requests?

Yes, the above should work just fine for non-SSL calls (when using AWS Load Balancer).  Have you tested this again SSL?

Yes, all of our shopping cart requests are SSL and everything works fine.

Needed to change some server settings.  Got it to work - thanks!