Usage intructions for x-forwarded-for http header

[ohardy]

Hi,

Just a question because it's not clear for me.

Imagine that we have a load balancer with IP 10.0.0.10.
A kubernetes pod 10.0.0.20.

A client with an ip address 1.2.3.4 will connect to the LB that will redirect the traffic to the kubernetes pod.
The LB will add an header x-forwarded-for:10.0.0.10

The result ECS log:

{
  "client": {
    "address": "LB IP ? x-forwarded-for ip ?",
    "bytes": 1687,
    "ip": "LB IP ? x-forwarded-for ip ?",
    "port": 56910
  },
  "source": {
    "address": "LB IP ? x-forwarded-for ip ?",
    "bytes": 1687,
    "ip": "LB IP ? x-forwarded-for ip ?",
    "port": 56910,
    "nat": {
      "ip": "LB IP ? x-forwarded-for ip ?",
    }
  },
  "destination": {
    "domain": "example.com",
    "bytes": 691404,
    "address": "10.0.0.20",
    "ip": "10.0.0.20",
    "port": 51501
  },
  "network": {
    "ip": "10.0.0.20",
    "port": 51501,
    "forwarded_ip": "LB IP ? x-forwarded-for ip ?",
    "protocol": "http",
    "transport": "tcp",
    "type": "ipv4",
    "direction": "inbound",
    "bytes": 693091
  },
  ...other_fields
}

Thanks,
Olivier

[dainperkins]

Hi @ohardy,

we added nat fields for just this purpose. When possible (e.g. x-forwarded-for header is present) I would use the actual IP for client/source and the proxy ip as client/source.nat.ip so it is easy to track the connection through the entire session.

Let me know if that makes sense.

Thanks
/d

[ohardy]

Yes, then I think the documentation is not really clear about this. Thanks