A user has configured ELB with a TCP listener at ELB as well as on the back-end instances. The
user wants to enable a proxy protocol to capture the source and destination IP information in the
header. Which of the below mentioned statements helps the user understand a proxy protocol with
TCP configuration?
A.
If the end user is requesting behind a proxy server then the user should not enable a proxy
protocol
on ELB
B.
ELB does not support a proxy protocol when it is listening on both the load balancer and the
back-end
instances
C.
Whether the end user is requesting from a proxy server or directly, it does not make a
difference for
the proxy protocol
D.
If the end user is requesting behind the proxy then the user should add the “isproxy” flag to the
ELB
Configuration
Explanation:
When the user has configured Transmission Control Protocol (TCP. or Secure Sockets Layer(SSL. for both front-end and back-end connections of the Elastic Load Balancer, the load balancer
forwards the request to the back-end instances without modifying the request headers unless the
proxy header is enabled. If the end user is requesting from a Proxy Protocol enabled proxy server,
then the ELB admin should not enable the Proxy Protocol on the load balancer. If the Proxy
Protocol is enabled on both the proxy server and the load balancer, the load balancer will add
another header to the request which already has a header from the proxy server. This duplication
may result in errors.
A
A
Can’t be A. See http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-proxy-protocol.html
It’s if the Load Balancer is itself behind a proxy that could make a difference “Confirm that your load balancer is not behind a proxy server with Proxy Protocol enabled. If Proxy Protocol is enabled on both the proxy server and the load balancer, the load balancer adds another header to the request, which already has a header from the proxy server. Depending on how your instance is configured, this duplication might result in errors.”.
The fact that the enduser is behind a proxy or not doesn’t make a difference -> C.