How do I get the request IP address on a SSL request

I have a service that is running in Amazon Ec2. The service exposes both a http endpoint and a https endpoint. I am doing som开发者_C百科e geo lookup on the user IP address when I log the data. Everything works just fine on requests coming into the http endpoint. I have to grab the X-Forwarded-For header so that I do not take the Amazon Load Balancer UP Address and I am always able to get what I need. However on requests that come in on the https endpoint all of the IP addresses are the same.

In order to pull the IP address I am using the following C# code:

    public static string FetchClientIp(HttpRequest req)
    {
        var value = req.Headers["X-Forwarded-For"];
        return string.IsNullOrEmpty(value) ? req.UserHostAddress : value;
    }

I can't find anything else that I need to do that is specific to https requests so I'm hoping someone here has run into this before. I'm going to spin up a test on this to try to better isolate the problem.

Thanks

It depends how you have your ELB set up.

If you're terminating SSL on the ELB (new feature as of October 2010), then the client IP address will be in "X-Forwarded-For".

HttpContext.Current.Request.Headers["X-Forwarded-For"]

It sounds like you're terminating SSL on your web servers, then ELB can't decrypt the traffic and add the "X-Forwarded-For" header to the HTTP request. So the client IP address in the header "REMOTE_ADDR" (which is the header returned by HttpRequest.UserHostAddress) is the IP of the last hop -- in this case the internal IP address of the ELB.

Keep in mind, "X-Forwared-For" may contain multiple IP addresses as described at http://docs.amazonwebservices.com/ElasticLoadBalancing/latest/DeveloperGuide/index.html?SvcIntro.html#X-Forwarded-For. In that case, you're probably most interested in the first address listed.