[PLUG] A serious issue of Amazon Elastic Load Balancer

Nirmalya Lahiri nirmalyalahiri at yahoo.com
Wed Mar 20 12:34:20 IST 2013 

Hi all,
 for last few days I am facing problem while configuring ELB at Amazon cloud (EC2). The issue is, I am not getting client IP address while I have configured the ELB listener in Layer 4(TCP) mode in server variable, while I am getting that in Layer 7(HTTP) mode. I need client IP for my application.

 Still ELB has the issue of SSL/TLS Renegotiation vulnerability. So, I am not able to use ELB listener in Layer7(HTTP) mode, rather I am using ELB listener in Layer4(TCP) mode and handle the SSL/TLS Renegotiation vulnerability through Apache web server.

That means......
Mode of Listener    |  Client IP address                  |       SSL/TLS Renegotiation vulnerability     
---------------------------------------------------------------------------------------------------------------------------------------
Layer4(TCP)           |   Not Available                       |          Vulnerability can be overcome
Layer7(HTTP)         |     Available                           |          Vulnerability can not be overcome



I need both the feature(Client IP and Vulnerability overcome).


I have written to Amazon support, but till now got very poor support from them. Now I am posting this issue to these list, so that if anyone have any idea to resolve that can share with everyone.


Below is the mail that I have written to Amazon support......
---------------------------------------------------
Hi,
 as per the document published at http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-listener-config.html ....

"When you use TCP for both front-end and back-end connections, your load balancer will forward the request to the back-end instances without modification to the headers."

But unfortunately I am not getting IP address of client from the server variable "REMOTE_ADDR" on Layer 4 configuration of ELB. I am getting modified address on that variable. How can I get the actual one?

I have no option to create Layer 7 configuration of ELB because still ELB has issue with SSL/TLS Renegotiation. Currently I am handling this issue from  Apache server of back-end instance.

Now I need to know the process to know the IP address of client through Layer 4 configuration of ELB. Without client IP our application will not run properly. I am not able to run the application. 

Waiting for prompt reply 
.. thanks.
---------------------------------------------------


---
Nirmalya Lahiri
Mobile: +91-9433113536
VOIP: nirmalyalahiri at sip.linphone.org 

More information about the Plug-mail mailing list