ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 297 discussion

Exam question from Amazon's ANS-C00
Question #: 297
Topic #: 1
[All ANS-C00 Questions]

You manage a webserver that serves a webpage on AWS infrastructure. You utilize an Application Load Balancer, CloudFront, S3, and some other AWS services for this site. You are only responsible for the server and you don't have access to the AWS console or API.
You need to find out what IPs are accessing your website. What is the best way to achieve this?

  • A. Ask someone with IAM permissions to view the Flow Logs to give you access.
  • B. View the access logs. They already show this information.
  • C. Run "curl http://169.254.169.254/latest/meta-data/access_log
  • D. Add "X-Forwarded For" to the access logs and view the access logs.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Add "X-Forwarded For" to the access logs and view the access logs is the best answer here. IAM permissions could work, but not necessary, the curl command queries metadata, not access logs.
by Paagee at Nov. 27, 2020, 6:41 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Huy
Highly Voted 3 years, 7 months ago
D is correct. Looks like this question is difficult to understand. Let me explain, "X-Forwarded For" is added automatically by ALB. Add "X-Forwarded For" to the access logs mean config nginx.conf or apache2.conf. Something like LogFormat "%{X-Forwarded-For}i %h %l %u
upvoted 7 times
sapien45
3 years, 3 months ago
thanks for providing the full context
upvoted 1 times
...
...
ChauPhan
Most Recent 3 years, 8 months ago
D. Add "X-Forwarded For" to the access logs and view the access logs.
upvoted 1 times
...
JamesTR
3 years, 8 months ago
X-forwarded-For header is added to packets on the load balancer. ALB does it automatically. The problem is that Web server, at least Apache, will not write X-forwarded-For to its access logs by default. Apache must be configured to do that. Details of the configuration depend of Apache version and/or OS distribution. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/x-forwarded-headers.html https://www.loadbalancer.org/blog/apache-and-x-forwarded-for-headers/ D is correct answer.
upvoted 3 times
...
KMak
3 years, 8 months ago
https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/x-forwarded-headers.html X-Forwarded-For The X-Forwarded-For request header helps you identify the IP address of a client when you use an HTTP or HTTPS load balancer. Because load balancers intercept traffic between clients and servers, your server access logs contain only the IP address of the load balancer. To see the IP address of the client, use the X-Forwarded-For request header. Elastic Load Balancing stores the IP address of the client in the X-Forwarded-For request header and passes the header to your server.
upvoted 2 times
KMak
3 years, 8 months ago
"X-Forwarded For" would need to be enabled on the Load-Balancer
upvoted 1 times
...
...
Paagee
3 years, 8 months ago
Weird solution. X-forward-for should be enabled on the Load Balancer level, no? Otherwise the server won't see the source IP. My visibility is the server only, how can you enable it on sever level, after the LB, it is already NATed IP?
upvoted 1 times
ChauPhan
3 years, 7 months ago
X-forward-for is automatically enabled on the Load Balancer, but you don't have IAM right and console to see access log of ELB. You can change the nginx config X-Forward-For to see client IP (because ELB was enable)
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel