-
@Milo, I had the exact same question. I actually created a support ticket with AWS to ask what was the apparent inconsistent info between the AWS docs and the MDN docs. Here’s what AWS said:
Hello,
This is XXXXX from AWS again. Thank you for your patience while I was still going through the case.
I understand that you want clarity on the documentation.
Please feel free to correct me if I misunderstood your query.
Q1). My understanding is that the FIRST IP address in the x-forwarded-for header is the client IP?
Yes, you are right, the first IP appended in the X-Forwarded-For header
is the IP address of the Client. The AWS documentation isn’t exactly wrong,
rather it is making a recommendation and not a statement of fact. It’s
suggesting a best practice in a case where a load balancer is positioned
in front of the web server, the IP address in the connection may not
accurately reflect the client’s true location. In such cases, the
document recommends using the X-Forwarded-For (XFF) header to obtain a
more precise indication of the client’s origin. The last IP in the list
should be the proxy that connected to the load balancer. ie. is most
likely where the user entered the Internet.In case you have any follow up questions or any other concerns please do
not hesitate to contact me, I will be more than happy to assist.
