HTTP headers
This topic describes the additional HTTP headers supported by Application Load Balancer (ALB) and explains how to configure them for a listener. You can use these headers to implement specific features based on your requirements.
Supported ALB headers
HTTP headers are fields in the header section of an HTTP request or response message. You can customize headers for specific needs, which can result in the use of additional HTTP headers by web servers and browsers. The following table describes the additional HTTP headers that ALB supports and their functions.
|
Header field |
Description |
Listener protocols |
|
X-Forwarded-For |
Enables the listener to use the
Format:
For instructions on how to retrieve the real client IP address, see Retrieve the client IP on a backend server. |
|
|
SLB-ID |
Adds the |
|
|
X-Forwarded-Proto |
Adds the Format:
A typical use case: An ALB instance uses an HTTPS listener, and the communication between the listener and its backend server group uses HTTP. In this scenario, the backend server receives the request with the HTTP protocol. If the backend server is configured with a rule to automatically redirect HTTP to HTTPS, it might incorrectly determine that the client is using HTTP, causing a redirection loop. By enabling the |
|
|
X-Forwarded-Port |
Adds the Format:
|
|
|
X-Forwarded-Host |
Adds the Format:
|
|
|
X-Forwarded-Client-srcport |
Adds the Format:
|
|
|
X-Forwarded-Clientcert-subjectdn |
Enable the After you enable this header, you must enter a custom HTTP header name. |
HTTPS |
|
X-Forwarded-Clientcert-issuerdn |
Enable the After you enable this header, you must enter a custom HTTP header name. |
HTTPS |
|
X-Forwarded-Clientcert-fingerprint |
Enable the After you enable this header, you must enter a custom HTTP header name. |
HTTPS |
|
X-Forwarded-Clientcert-clientverify |
Enable the After you enable this header, you must enter a custom HTTP header name. |
HTTPS |
The additional HTTP headers mentioned above are configured using switches at the listener level. When enabled, ALB automatically adds the corresponding headers to requests forwarded to the backend server. If you need to customize header values, such as specifying the original request protocol or port, you can manually set them by using the Insert Header action in a forwarding rule. The listener-level switches are suitable for most pass-through scenarios, while forwarding rules are ideal for scenarios that require fine-grained control over header values. These settings are located in the Advanced Settings section of the listener configuration and the forwarding rule editor, respectively.
-
We recommend that your backend servers follow the HTTP specification and treat HTTP header keys as case-insensitive.
-
TheX-Forwarded-For header that ALB forwards to backend servers always starts with an uppercase letter.
-
For the other additional HTTP headers, if the client request already contains one of these headers, ALB preserves its original capitalization when forwarding it. Otherwise, ALB adds the header using the capitalization shown in the table above.
-
-
When you enableX-Forwarded-Clientcert-subjectdn, X-Forwarded-Clientcert-issuerdn, X-Forwarded-Clientcert-fingerprint, orX-Forwarded-Clientcert-clientverify, you cannot set the custom HTTP header name to any of the following reserved fields:
slb-id,slb-ip,x-forwarded-for,x-forwarded-proto,x-forwarded-eip,x-forwarded-port,x-forwarded-client-srcport,x-forwarded-host,connection,upgrade,content-length,transfer-encoding,keep-alive,te,host,cookie,remoteip, orauthority. -
Add a header in the console
Add a header during listener creation
-
Log on to the ALB console.
-
In the top navigation bar, select the region where the ALB instance is deployed.
-
Use one of the following methods to open the listener configuration wizard:
-
On the Instances page, find the instance that you want to manage and click Create Listener in the Actions column.
-
On the Instances page, click the ID of the target instance. On the Listener tab, click Create Listener.
-
-
In the Configure Listener wizard, configure the following parameters and click Next.
Parameter
Description
Listener Protocol
Select a protocol for the listener.
Advanced Settings
Click Modify to expand the advanced settings.
Custom HTTP Header
Select the additional HTTP headers that you want to enable based on your business requirements.
NoteThis section describes only the parameters related to headers. For more information about other parameters, see the following topics:
-
Follow the on-screen instructions to finish creating the listener.
Add a header to an existing listener
-
Log on to the ALB console.
-
In the top navigation bar, select the region where the ALB instance is deployed.
-
On the Instances page, click the ID of the target instance.
-
On the Listener tab, find the target listener and choose
>Modify Listener in the Actions column. -
In the Modify Listener dialog box, click Modify to the right of Advanced Settings.
-
In the Custom HTTP Header section, enable or disable headers as required, and then click Save.
Add a header by using an API
You can configure additional headers when you create a listener, or modify the header configuration for an existing listener.
-
Create a listener: Call the CreateListener API operation and configure the XForwardedForConfig parameter.
-
Modify an existing listener: Call the UpdateListenerAttribute API operation to update the XForwardedForConfig parameter.
References
Console
-
To forward HTTP requests through an ALB instance, see Add an HTTP listener.
-
To forward HTTPS requests through an ALB instance, see Add an HTTPS listener.
-
To forward QUIC requests through an ALB instance, see Add a QUIC listener.
API
-
CreateListener: Creates an HTTP, HTTPS, or QUIC listener. You can add HTTP headers by setting the XForwardedForConfig parameter.
-
UpdateListenerAttribute: Updates the configuration of a listener. You can update the XForwardedForConfig parameter to modify the header configuration.