X-Forwarded-For Header – Possible Answer Error

[milo]

Hi Tutorials Dojo Team!

I think I may have found an error in the answers to the “Timed Practice Test Set 1” for the Advanced Networking Specialty.

The question reads:

There are several publicly-accessible applications that are being developed and maintained by a software development company. Some applications are hosted on Amazon EC2 Dedicated Hosts while others are running in an Auto Scaling group of EC2 instances behind an Application Load Balancer. Amazon CloudFront web distributions with geo-restriction feature enabled are also used to prevent users in specific geographic locations from accessing the site contents. To generate data analytics, the Network Team must get the IP addresses of the users who are visiting these web applications.

Which of the following are true regarding the process of retrieving the client IP address? (Select THREE.)

One of the correct options (which I believe is incorrect in its wording) reads:

The last IP address in the X-Forwarded-For HTTP header is most likely associated with the user’s geographic location. This header typically contains more than one IP address, most of which are for proxies or load balancers.

Based on my reading, I believe this to be a mistake because the first IP in the header is the originating client IP which should be the one most likely associated with the user’s geographic location.

In AWS’ and Mozilla’s documentation this appears to be the case (their examples show that IPs after the first are most likely proxies and load balancers):

1. AWS Documentation: X-Forwarded-For
2. MDN Documentation about X-Forwarded-For

Please let me know if this is indeed an error with the wording of the answer.

Thanks!

[Tutorials-Dojo]

Hi Milo,

Thank you for posting your message. First of all, we would like to apologize for our late response.

Regarding the X-Forwarded-For header, you can take a look at this statement from the official AWS documentation which mentions that the LAST IP address is the one most likely to be associated with the user’s geographic location.

• If your web server is connected to the internet through a load balancer, a web server variable might contain the IP address of the load balancer, not the IP address of the user. In this configuration, we recommend that you use the last IP address in the X-Forwarded-For
  HTTP header. This header typically contains more than one IP address, most of which are for proxies or load balancers. The last IP address in the list is the one most likely to be associated with the user’s geographic location.

Reference:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html

Regards,

Jon Bonso @ Tutorials Dojo

[aal]

@Milo, I had the exact same question. I actually created a support ticket with AWS to ask what was the apparent inconsistent info between the AWS docs and the MDN docs. Here’s what AWS said:

Hello,

This is XXXXX from AWS again. Thank you for your patience while I was still going through the case.

I understand that you want clarity on the documentation.

Please feel free to correct me if I misunderstood your query.

Q1). My understanding is that the FIRST IP address in the x-forwarded-for header is the client IP?

Yes, you are right, the first IP appended in the X-Forwarded-For header
is the IP address of the Client. The AWS documentation isn’t exactly wrong,
rather it is making a recommendation and not a statement of fact. It’s
suggesting a best practice in a case where a load balancer is positioned
in front of the web server, the IP address in the connection may not
accurately reflect the client’s true location. In such cases, the
document recommends using the X-Forwarded-For (XFF) header to obtain a
more precise indication of the client’s origin. The last IP in the list
should be the proxy that connected to the load balancer. ie. is most
likely where the user entered the Internet.

In case you have any follow up questions or any other concerns please do
not hesitate to contact me, I will be more than happy to assist.