Home › Forums › AWS › AWS Certified Advanced Networking – Specialty › X-Forwarded-For Header – Possible Answer Error
-
X-Forwarded-For Header – Possible Answer Error
Tutorials-Dojo updated 2 years, 5 months ago 2 Members · 2 Posts -
Hi Tutorials Dojo Team!
I think I may have found an error in the answers to the “Timed Practice Test Set 1” for the Advanced Networking Specialty.
The question reads:
There are several publicly-accessible applications that are being developed and maintained by a software development company. Some applications are hosted on Amazon EC2 Dedicated Hosts while others are running in an Auto Scaling group of EC2 instances behind an Application Load Balancer. Amazon CloudFront web distributions with geo-restriction feature enabled are also used to prevent users in specific geographic locations from accessing the site contents. To generate data analytics, the Network Team must get the IP addresses of the users who are visiting these web applications.
Which of the following are true regarding the process of retrieving the client IP address? (Select THREE.)
One of the correct options (which I believe is incorrect in its wording) reads:
The last IP address in the X-Forwarded-For HTTP header is most likely associated with the user’s geographic location. This header typically contains more than one IP address, most of which are for proxies or load balancers.
Based on my reading, I believe this to be a mistake because the first IP in the header is the originating client IP which should be the one most likely associated with the user’s geographic location.
In AWS’ and Mozilla’s documentation this appears to be the case (their examples show that IPs after the first are most likely proxies and load balancers):
Please let me know if this is indeed an error with the wording of the answer.
Thanks!
-
Hi Milo,
Thank you for posting your message. First of all, we would like to apologize for our late response.
Regarding the X-Forwarded-For header, you can take a look at this statement from the official AWS documentation which mentions that the LAST IP address is the one most likely to be associated with the user’s geographic location.
- If your web server is connected to the internet through a load balancer, a web server variable might contain the IP address of the load balancer, not the IP address of the user. In this configuration, we recommend that you use the last IP address in the X-Forwarded-For
HTTP header. This header typically contains more than one IP address, most of which are for proxies or load balancers. The last IP address in the list is the one most likely to be associated with the user’s geographic location.
Reference:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.htmlRegards,
Jon Bonso @ Tutorials Dojo
- If your web server is connected to the internet through a load balancer, a web server variable might contain the IP address of the load balancer, not the IP address of the user. In this configuration, we recommend that you use the last IP address in the X-Forwarded-For
Log in to reply.