DVA-C02 · Question #361
A developer is writing an application to analyze the traffic to a fleet of Amazon EC2 instances. The EC2 instances run behind a public Application Load Balancer (ALB). An HTTP server runs on each of t
The correct answer is D. Add an X-Forwarded-For header to the HTTP server log configuration file.. An Application Load Balancer appends the client's originating IP address to the X-Forwarded-For header before forwarding the request to EC2 instances; configuring the HTTP server to log this header captures the real client IP.
Question
A developer is writing an application to analyze the traffic to a fleet of Amazon EC2 instances. The EC2 instances run behind a public Application Load Balancer (ALB). An HTTP server runs on each of the EC2 instances, logging all requests to a log file. The developer wants to capture the client public IP addresses. The developer analyzes the log files and notices only the IP address of the ALB. What must the developer do to capture the client public IP addresses in the log file?
Options
- AAdd a Host header to the HTTP server log configuration file.
- BInstall the Amazon CloudWatch Logs agent on each EC2 instance. Configure the agent to write to
- CInstall the AWS X-Ray daemon on each EC2 instance. Configure the daemon to write to the log
- DAdd an X-Forwarded-For header to the HTTP server log configuration file.
How the community answered
(62 responses)- A6% (4)
- B5% (3)
- C2% (1)
- D87% (54)
Why each option
An Application Load Balancer appends the client's originating IP address to the X-Forwarded-For header before forwarding the request to EC2 instances; configuring the HTTP server to log this header captures the real client IP.
The Host header contains the hostname from the request URL, not the client's source IP address, so logging it does not reveal the originating client.
The CloudWatch Logs agent ships existing log files to CloudWatch but does not change what information the HTTP server records; the ALB's IP would still be the only address captured.
The AWS X-Ray daemon provides distributed tracing for latency analysis, not network-level client IP capture, and does not modify or supplement HTTP server access logs.
When an ALB forwards a request to a backend instance, it sets the X-Forwarded-For header to the client's public IP address (and any intermediate proxies); by updating the HTTP server's log format to include this header, the developer captures the true client IP rather than the ALB's internal IP.
Concept tested: X-Forwarded-For header for client IP behind ALB
Source: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/x-forwarded-headers.html
Community Discussion
No community discussion yet for this question.