I have encountered a strange issue and am curious if others have encountered this as well. and if there is absolutely anything that can be done..
We have a set up where we have multiple AWS EC2 Linux machines sitting behind a ELB. The EC2 machines are running Nginx. Let's refer to these as my production machines (because they are!)
I also have a Rackspace cloud machine running apache. Completely separate. Let's call this the test server.
Now, there's a ISP here in Singapore that seems to be funneling traffic through a transparent proxy or something, and when you do a IP check, the IP often changes.
In fact, I noticed that when I check on http://www.whatismyip.com, the ip seems to be stable (doesn't change) across refreshes. But, http://www.whatismyipaddress.com, on refreshing, the IP changes! (so my ISP is doing weird stuff).
Now, back to my set up, I noticed a couple of things:
Checking the REMOTE_ADDR variable from PHP when connecting to a single Nginx production machine (bypassing the load balancer), is set to the stable IP that does change.
Checking the REMOTE_ADDR variable from PHP when connecting to the test Apache server, it is set to the IP that does change on refreshes.
Checking the headers when connecting to the nginx production machines through the ELB, the ELB sets the HTTP_X_FORWARDED_FOR to the stable IP.
Has anyone experienced this odd behavior? Is there nothing that I can do? And which IP should I "trust"? (the one Apache gives, or the one ELB and Nginx gives?)
Thanks!
Chris
HTTP_X_FORWARDED_FOR
is the most reliable way to get a user's IP address when your app is behind a reverse proxy/load balancer. However I don't know what you mean by "trust"?HTTP_X_FORWARDED_FOR
is an HTTP header that can be easily modified by the client or any system between you and the client. You don't want to use it for anything like authentication.