- Use a Classic Load Balancer, not Application Load Balancer.
- Application Load Balancer does not preserve the original source IP address. The analytics software needs to be configured to look at the ‘X-Forwarded-For’ HTTP request header for the correct source IP address.
- Application Load Balencer has to be configured to retain the source IP address of the traffic it is forwarding. Create a policy that enables ProxyProtocol support and attach it to the ALB using the AWS CLI.
- Configure the web server EC2 instances to only have private IP addresses. The public IP addresses of the instances are being recorded into the web server logs, bug only ALB should have a public interface and it will route traffic to instances via the private interface.
Subscribe to our mailing list and get interesting stuff and updates to your email inbox.