Help Center/ Elastic Load Balance/ User Guide/ User Guide for Dedicated Load Balancers/ Security/ Using Dedicated Load Balancers to Transfer Client IP Address
Updated on 2025-07-25 GMT+08:00

Using Dedicated Load Balancers to Transfer Client IP Address

Overview

Dedicated load balancers transfer client IP addresses in different ways based on whether they use Layer 4 or Layer 7 listeners to route requests.

  • Transfer Client IP Address is enabled by default for TCP and UDP listeners of dedicated load balancers. Load balancers communicate with backend servers using client IP addresses. You can check the backend server logs to obtain client IP addresses.
  • Transfer Client IP Address is enabled by default for HTTP, HTTPS, and QUIC listeners of dedicated load balancers, which means that client IP addresses can be placed in the X-Forwarded-For header and transferred to backend servers. The first IP address in the X-Forwarded-For header is the client IP address.
  • TLS listeners do not support Transfer Client IP Address. You can enable ProxyProtocol to obtain the client IP address.

Precautions

If Transfer Client IP Address is enabled:

  • A server cannot serve as both a backend server and a client. If the client and the backend server use the same server, the backend server will think the packet from the client is sent by itself and will not return a response packet to the load balancer. As a result, the return traffic will be interrupted.
  • Traffic, such as unidirectional data transmission or push traffic, may be interrupted when backend servers are being migrated. After backend servers are migrated, you need to retransmit the packets to restore the traffic.

Transferring Client IP Addresses at Layer 4

In some special cases, Transfer Client IP Address does not work. You can obtain client IP addresses by referring to Table 1.

For details, see Using a Dedicated Load Balancer at Layer 4 to Transfer Client IP Addresses.

Table 1 Transferring client IP addresses at Layer 4

Listener Protocol

Transfer Client IP Address

When Transfer Client IP Address Fails

Other Methods

TCP

Supported

  • TCP listeners communicate with IP as backend servers.
  • IPv4/IPv6 translation is enabled for TCP listeners. In this case, client IP addresses are translated.

UDP

Supported

  • UDP listeners communicate with IP as backend servers.
  • IPv4/IPv6 translation is enabled for UDP listeners. In this case, client IP addresses are translated.

N/A

TLS

Not supported

N/A

Using ProxyProtocol to Transfer Client IP Addresses

Transferring Client IP Addresses at Layer 7

You can configure the backend servers to ensure that they can correctly parse the X-Forwarded-For header to obtain client IP addresses.

The X-Forwarded-For header is in the following format:

X-Forwarded-For: <client-IP-address>, <proxy-server-1-IP-address>, <proxy-server-2-IP-address>, ...

The first IP address included in the X-Forwarded-For header is the client IP address.

For details, see Using a Dedicated Load Balancer at Layer 7 to Transfer Client IP Addresses.

Helpful Links