To get a client's IP address, use the X-Forwarded-For header for Application Load Balancers (Layer 7) or enable Proxy Protocol v2 for Network Load Balancers when client IP preservation is not possible by default [citation:4][citation:8].
The method for retrieving a client's IP address depends on the type of load balancer [citation:4][citation:8]:
Application Load Balancer (ALB): The ALB preserves the original client IP by injecting an
X-Forwarded-ForHTTP header. Your application should be configured to read this header to obtain the client's IP address.Network Load Balancer (NLB): By default, the NLB preserves the client IP address when targets are registered by instance ID within the same VPC. For remote targets (e.g., on-premises), PrivateLink, or hairpinning, you must enable Proxy Protocol v2 on the target group and configure your application to parse the proxy protocol header [citation:8].
Classic Load Balancer (CLB): Similar to ALB, CLB uses the
X-Forwarded-Forheader. It also supports Proxy Protocol as an option.