All Products
Search

This Product

    Enterprise Distributed Application Service:Get the real client IP address when accessing an EDAS application through SLB

    Document Center

    Enterprise Distributed Application Service:Get the real client IP address when accessing an EDAS application through SLB

    Last Updated:Mar 11, 2026

    When traffic reaches your Enterprise Distributed Application Service (EDAS) application through Server Load Balancer (SLB), the backend receives the load balancer's IP address instead of the original client IP. This happens because SLB performs source network address translation (SNAT), replacing the client IP with its own address before forwarding the request.

    The solution depends on your EDAS deployment type:

    • ECS cluster: Read the client IP from HTTP headers that SLB adds to each request.

    • Kubernetes cluster: Change the external traffic policy so that traffic reaches local pods without an extra network hop, then read the client IP from the request.

    ECS cluster applications

    Extract the client IP from your Java backend code using either of the following approaches.

    Read the X-Forwarded-For header

    String client_ip = request.getHeader("x-forwarded-for");
    Note

    The X-Forwarded-For header may contain multiple comma-separated IP addresses if the request passes through more than one proxy (for example, client, proxy1, proxy2). The first IP in the list is the original client IP.

    Read the X-Real-IP and WL-Proxy-Client-IP header

    Query the x-real-ip and wl-proxy-client-ip parameters from the HTTP header to obtain the real IP address of the client.

    String client_ip = request.getHeader("x-real-ip");

    Kubernetes cluster applications

    For applications deployed in a Kubernetes cluster, set the external traffic policy to Local. By default, Kubernetes uses the Cluster policy, which may route traffic to a pod on a different node. This extra hop triggers SNAT and replaces the client IP with a node IP. Setting the policy to Local ensures traffic goes directly to a pod on the receiving node, preserving the original client IP.

    Configure the external traffic policy

    1. Log on to the EDAS console.

    2. In the left-side navigation pane, choose Application Management > Applications. In the top navigation bar, select a region. In the upper part of the page, select a microservice namespace. From the Cluster Type drop-down list, select Kubernetes Cluster. Find the target application and click its name in the Application Name column.

    3. On the application overview page, locate the Access configuration section. Click the Add or Edit icon next to SLB (Public Network) or SLB (Private Network).

    4. In the SLB (Public Network) or SLB (Private Network) dialog box, change External Traffic Policy from Cluster to Local, and click OK.

    Get the client IP in code

    After you set the policy to Local, getRemoteAddr() returns the real client IP:

    String client_ip = request.getRemoteAddr();

    Handle both deployment types in a single codebase

    If the same application runs on both ECS and Kubernetes clusters, check the X-Forwarded-For header first and fall back to getRemoteAddr():

    String client_ip = request.getHeader("x-forwarded-for") == null ? request.getRemoteAddr() : request.getHeader("x-forwarded-for");

    This works because:

    • On an ECS cluster, SLB adds the X-Forwarded-For header, so getHeader("x-forwarded-for") returns the client IP.

    • On a Kubernetes cluster with External Traffic Policy set to Local, getRemoteAddr() returns the client IP directly. The X-Forwarded-For header is typically absent in this case.