Currently I'm using a Cisco CSS hardware load balancer. From the web server's point of view, the end-user's IP address is stamped on all traffic as if the load balancer weren't even present.
I'm now looking at software replacements such as HAProxy, Pound, or AWS ELB. They all have one thing in common: the web server receives the load balancer's IP instead of the end-user's. Your system has to be aware of this and access an X-Forwarded-For header if you want the end-user's IP, or in the case of SSL, decrypt and re-encrypt the traffic.
So my question is: Why is this the case? Why can software load balancers not behave in the same way as hardware load balancers, and just pass along the TCP packets as if they were a simple networking device?
Best Answer
Because thoses softwares works on the layer 7 (Application) of the OSI Model, there is software solutions which works on the layer 3/4 like LVS.
Regarding your problem, the solution is quite simple if you are using Apache as web server, you just have to install mod_rpaf. This module permit to log directly the IP provided by the X-Forwarded-For header.