AWS Application Load Balancer real user ip problem

Question

I run laravel application on AWS Elasticbeanstalk, I use Application Load Balancer.

Route::get('/what-is-my-ip', function(){ 
    return request()->ip();
});

When I run this code, my ip doesn't show, it shows the load balancer's ip addresses.

Those who used the same problem with cloudflare also experienced and have solutions for cloudflare, but I couldn't find a solution for the AWS Application Load Balancer.

I am having trouble getting users' ip addresses and adding --allow-ip in maintenance mode.

function real_IP() {

    $real_IP = '';

    if (getenv('HTTP_CLIENT_IP'))
        $real_IP = getenv('HTTP_CLIENT_IP');
    else if(getenv('HTTP_X_FORWARDED_FOR'))
        $real_IP = getenv('HTTP_X_FORWARDED_FOR');
    else if(getenv('HTTP_X_FORWARDED'))
        $real_IP = getenv('HTTP_X_FORWARDED');
    else if(getenv('HTTP_FORWARDED_FOR'))
        $real_IP = getenv('HTTP_FORWARDED_FOR');
    else if(getenv('HTTP_FORWARDED'))
        $real_IP = getenv('HTTP_FORWARDED');
    else if(getenv('REMOTE_ADDR'))
        $real_IP = getenv('REMOTE_ADDR');
    else
        $real_IP = 'UNKNOWN';

    return $real_IP;
}

when i run this code it gives the correct ip address, i want to fix it across laravel.

Answer 1

You'll need to trust the AWS load balancers as a proxy.

If you are using AWS Elastic Load Balancing, your $headers value should be Request::HEADER_X_FORWARDED_AWS_ELB. For more information on the constants that may be used in the $headers property, check out Symfony's documentation on trusting proxies.

If you are using Amazon AWS or another "cloud" load balancer provider, you may not know the IP addresses of your actual balancers. In this case, you may use * to trust all proxies:

protected $proxies = '*';

Answer 2

Two common issues when you use AWS or any other cloud Load Balancer:

1. HTTPS (Laravel asset and route): You applied SSL/TLS and the URL is protected in the browser but Laravel doesn't load your asset and throw an error. The error look like it blocks the URLS because of you are trying to load http URL http request. Most of the people facing this issue when use AWS or any other cloud Load Balancer. When running your applications behind a load balancer that terminates TLS / SSL certificates, you may notice your application sometimes does not generate HTTPS links when using the url helper. Typically this is because your application is being forwarded traffic from your load balancer on port 80 and does not know it should generate secure links.

2. IP: Another issue is IP issue. You can't get the user/visitor IP and it returns always server IP. This issue also happen because of proxies.

Solution: When you are using AWS or any cloud Load Balancer then you may not know the exact IP address of your actual Loads Balancer so should allow all proxies like below example.

Use * to allow trust all proxies in your TrustProxies middleware. Here is your middleware app/Http/Middlewares/TrustProxies.php.

namespace App\Http\Middleware;

use Fideloper\Proxy\TrustProxies as Middleware;
use Illuminate\Http\Request;

class TrustProxies extends Middleware
{
    /**
     * The trusted proxies for this application.
     *
     * @var string|array
     */
     protected $proxies = '*';

    /**
     * The headers that should be used to detect proxies.
     *
     * @var int
     */
    protected $headers = Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO;

If you are using AWS Elastic Load Balancing, your $headers value should be Request::HEADER_X_FORWARDED_AWS_ELB. For more information on the constants that may be used in the $headers property, check out Symfony's documentation on trusting proxies.

namespace App\Http\Middleware;

use Fideloper\Proxy\TrustProxies as Middleware;
use Illuminate\Http\Request;

class TrustProxies extends Middleware
{
    /**
     * The trusted proxies for this application.
     *
     * @var array|string
     */
    protected $proxies = '*';

    /**
     * The headers that should be used to detect proxies.
     *
     * @var int
     */
    protected $headers = Request::HEADER_X_FORWARDED_AWS_ELB;

I think it solves your HTTPS, IP and other proxy related issue. To read more details read Laravel doc. If you face any other issue or need improvements comments below.