AWS Application Load Balancer and Client IP logging

Configuration of an Application Load Balancer(ALB) for the HTTP service in AWS seems to be very easy. HTTP (Apache in this case) doesn't log client IP address normally. This is because an ALB works in Application Layer and act itself like a Proxy web service. So the private IP address of the ALB is visible in log file, not the actual IP address of the client. It is important to do this setup since you might require to know where the traffic actually has comes from, usually in the case of a malicious attack. We will see the modification required in Apache configuration file.

Configuration

Experiment is done with following specification. Assume that /var/log/httpd/access_log is configured already and basic logging works well(by default Apache does this).

Operating System: 4.14.77-70.59.amzn1.x86_64
RPMS: httpd-2.2.34-1.16.amzn1.x86_64

1 ) Open the Apache configuration file /etc/httpd/conf/httpd.conf and findout LogFormat directive insert %{X-Forwarded-For}i in the beginning of the line within the double quotes. It should look like below

LogFormat “%{X-Forwarded-For}i ……” combined
CustomLog logs/access_log combined

2) Restart the httpd service by executing the command below

#service httpd restart

3) Configuration is completed !!!

Testing

From Linux shell execute the command tailf /var/log/httpd/access_log

# tailf /var/log/httpd/access_log

Make sure that traffic is hitting the EC2 instance you configured the above setup. Now you should be able to see public IP address of client machines.

Related Blogs

Blog - Index - Adibi Technologies