I am current provisioning a WAF in the AWS cloud.
The AWS ELB is configured for HTTPS load balancing with SSL reencryption to WAF.
ELB (443) -> WAF (62443) -> BACKEND SERVERS (443).
Each of the net devices have SSL certificates installed to inspect the SSL traffic.
AWS ELB is also configured for X-Forwarded-For Header insertion so that WAF can track the original end user source ip address.
We trying to use the Geo IP blocking capability in the WAF, however we cannot see the orginal source ip address in the Web Firewall and Access Logs. We have enabled client impersonation feature also in the WAF.
How can we monitor and see the original source ip address in the logs and verify Geo IP blocking functionality still works?
Any ideas and solutions here will be much appreciated.