Exam ANS-C00 topic 1 question 14 discussion

Its D , application code needs correct IP , nginx logs wont do anything

" identify the clients IP address in your application to generate dynamic content." Having the details of HTTP X-Forwarded-For in the logs does nothing, however, modifying the application to use XFF header information could help generate dynamic content. Answer is D.

Correct Answer A

The answer correct is A, really for able the features x-forwared-for you need modify the format log in your nginx server o apache server, really you dont modify the aplication code.

IN NGINX x-forwarder is added In the Log_Format section, add $http_x_forwarded_for https://aws.amazon.com/premiumsupport/knowledge-center/elb-capture-client-ip-addresses/

D. CloudFront can add X-Forwarded-for custom header to preserve the client IP and then this value can be used by the LB or the application server. Also CloudFront is capable to make Geo restrictions.

D for me

A is the correct Answer Check this link :--- https://aws.amazon.com/premiumsupport/knowledge-center/elb-capture-client-ip-addresses/

My understanding from this link , answer seems A for NGINX: https://aws.amazon.com/premiumsupport/knowledge-center/elb-capture-client-ip-addresses/

I'm going to go with A. D is not scalable since you'd have to go through the development life cycle to change the code.

A is correct. The question already states that you have an ELB, D totally ignores this fact, even the CLB supports x-forwarded-for… https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/x-forwarded-headers.html

D, logs will reflect as per the code configuration only. So we need to update the code as per the requirement. Post that we can restrict it via CloudFront.

https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/x-forwarded-headers.html X-Forwarded-For The X-Forwarded-For request header is automatically added and helps you identify the IP address of a client when you use an HTTP or HTTPS load balancer. Because load balancers intercept traffic between clients and servers, your server access logs contain only the IP address of the load balancer. To see the IP address of the client, use the X-Forwarded-For request header. Elastic Load Balancing stores the IP address of the client in the X-Forwarded-For request header and passes the header to your server. If the X-Forwarded-For request header is not included in the request, the load balancer creates one with the client IP address as the request value. Otherwise, the load balancer appends the client IP address to the existing header and passes the header to your server For me, this parameter is available on ELB, so we simply can enable ELB Access logs and get it. So B can be chosen?

I wonder why we need to modify application code to get client's IP address meanwhile we can get it from nginx logs? What means "scalable" in this context?

I'm really confused with this question. As a developer, the only thing I need is to inspect custom headers (XFF) to generate custom content. The generation of the content has nothing to do with logs. It is very confusing because normally you only need to configure ngnix settings if you want to record client IPs in your access logs. That has nothing to do with dynamic content which normally is the task of an application server (VS ngnix web server).

Agree with A

Go for D