This PR adds preserve_client_ip attribute to NLB Target Group in nlb module and enables this option in relevant examples (centralized only so far). This option is disabled by default for TCP & TLS target groups, enabled by default for others.
Motivation and Context
Sometimes you need to see the original client's public IP address when filtering inbound Internet traffic on the firewall, in order to apply IP-based policies (e.g. geo-restriction). By default you see private IPs from the NLB subnet as the traffic source.
How Has This Been Tested?
Local deployment of the code and testing of the traffic flows.
Types of changes
New feature (non-breaking change which adds functionality)
Checklist
[x] I have updated the documentation accordingly.
[x] I have read the CONTRIBUTING document.
[x] I have added tests to cover my changes if appropriate.
Description
This PR adds
preserve_client_ipattribute to NLB Target Group innlbmodule and enables this option in relevant examples (centralized only so far). This option is disabled by default for TCP & TLS target groups, enabled by default for others.Motivation and Context
Sometimes you need to see the original client's public IP address when filtering inbound Internet traffic on the firewall, in order to apply IP-based policies (e.g. geo-restriction). By default you see private IPs from the NLB subnet as the traffic source.
How Has This Been Tested?
Local deployment of the code and testing of the traffic flows.
Types of changes
Checklist