Skip to main content

AWS DVA-C02 Drill: Capturing Client IP - X-Forwarded-For Header vs. Server Logs

·670 words·4 mins·
Certification Drills AWS DVA-C02 EC2 Application Load Balancer X-Forwarded-For
Jeff Taakey
Author
Jeff Taakey
21+ Year Enterprise Architect | AWS SAA/SAP & Multi-Cloud Expert.
Table of Contents

Jeff’s Note
#

Unlike generic exam dumps, ADH analyzes this scenario through the lens of a Real-World Lead Developer.

For DVA-C02 candidates, the confusion often lies in understanding how HTTP headers relay client information when traffic flows through AWS managed load balancers. In production, this is about knowing exactly which headers contain the original client IP and how to configure your application to log it properly. Let’s drill down.

The Certification Drill (Simulated Question)
#

Scenario
#

NovaStream Inc. is building a web analytics tool to analyze traffic hitting a fleet of Amazon EC2 instances running HTTP servers. These instances sit behind a public-facing Application Load Balancer (ALB). Each EC2 instance writes HTTP access logs capturing incoming request details. However, when reviewing the logs, the team notices that only the ALB’s IP addresses are recorded—not the actual public IP addresses of the clients.

The Requirement:
#

The developer needs to capture the real client public IP addresses in the HTTP server logs, not just the ALB’s IP.

The Options
#

  • A) Add a Host header to the HTTP server log configuration file.
  • B) Install the Amazon CloudWatch Logs agent on each EC2 instance. Configure the agent to write to the log file.
  • C) Install the AWS X-Ray daemon on each EC2 instance. Configure the daemon to write to the log file.
  • D) Add an X-Forwarded-For header to the HTTP server log configuration file.

Google adsense
#

leave a comment:

Correct Answer
#

D

Quick Insight: The Developer Imperative
#

The ALB forwards the original client IP address in the X-Forwarded-For HTTP header. Your backend HTTP server must be configured to log this header explicitly. This is a classic gotcha for developers analyzing traffic behind ALBs.

Content Locked: The Expert Analysis
#

You’ve identified the answer. But do you know the implementation details that separate a Junior from a Senior?

Unlock Full Access & Start Mastering

The Expert’s Analysis
#

Correct Answer
#

Option D

The Winning Logic
#

When your Amazon EC2 instances are behind an ALB, the incoming requests to your HTTP servers show the ALB’s private or public IP as the client IP because the ALB acts as a reverse proxy. To log the original client IP, the ALB includes the X-Forwarded-For header which contains the client’s public IP address. Your HTTP server access log format must be customized to include the X-Forwarded-For header. Capturing this header preserves the true client IP for analytics.

  • Configuration usually involves updating your web server’s log format string to append %{X-Forwarded-For}i in Apache or $http_x_forwarded_for in NGINX.

The Trap (Distractor Analysis):
#

  • Why not A? The Host header identifies the domain name of the request and does not contain IP address info.
  • Why not B? CloudWatch Logs agent streams existing logs but does not alter what IP address is logged by your HTTP server.
  • Why not C? AWS X-Ray daemon supports distributed tracing metadata but doesn’t modify HTTP server logging or capture original client IP by itself.

The Technical Blueprint
#

B) For Developer (Code Snippet):

Example NGINX log format snippet to capture X-Forwarded-For:

# in nginx.conf, include X-Forwarded-For header in access log format
log_format custom '$remote_addr - $remote_user [$time_local] '
                  '"$request" $status $body_bytes_sent '
                  '"$http_referer" "$http_user_agent" '
                  '"$http_x_forwarded_for"';
access_log /var/log/nginx/access.log custom;

The Comparative Analysis
#

Option API/Config Complexity Performance Impact Use Case
A Low None Logs Host header, unrelated to IP
B Medium Slight Streams logs; no IP transformation
C High Moderate Traces requests; no IP log change
D Low None Correctly logs client’s public IP

Real-World Application (Practitioner Insight)
#

Exam Rule
#

“For the exam, always pick option involving the X-Forwarded-For header when capturing client IPs behind an ALB.”

Real World
#

“In reality, if you control your HTTP server config, you enable logging of the X-Forwarded-For header; if not, you may build a Lambda@Edge or middleware to inject the client IP elsewhere.”

(CTA) Stop Guessing, Start Mastering
#

Unlock The Full Analysis Now

Disclaimer

This is a study note based on simulated scenarios for the AWS DVA-C02 exam.

The DevPro Network: Mission and Founder

A 21-Year Tech Leadership Journey

Jeff Taakey has driven complex systems for over two decades, serving in pivotal roles as an Architect, Technical Director, and startup Co-founder/CTO.

He holds both an MBA degree and a Computer Science Master's degree from an English-speaking university in Hong Kong. His expertise is further backed by multiple international certifications including TOGAF, PMP, ITIL, and AWS SAA.

His experience spans diverse sectors and includes leading large, multidisciplinary teams (up to 86 people). He has also served as a Development Team Lead while cooperating with global teams spanning North America, Europe, and Asia-Pacific. He has spearheaded the design of an industry cloud platform. This work was often conducted within global Fortune 500 environments like IBM, Citi and Panasonic.

Following a recent Master’s degree from an English-speaking university in Hong Kong, he launched this platform to share advanced, practical technical knowledge with the global developer community.


About This Site: AWS.CertDevPro.com


AWS.CertDevPro.com focuses exclusively on mastering the Amazon Web Services ecosystem. We transform raw practice questions into strategic Decision Matrices. Led by Jeff Taakey (MBA & 21-year veteran of IBM/Citi), we provide the exclusive SAA and SAP Master Packs designed to move your cloud expertise from certification-ready to project-ready.