How can I use an Application Load Balancer to route requests based on the source IP address?

3 minute read

I want to use an Application Load Balancer to perform specific actions on requests based on the source IP address of the request.


There are several use cases for performing specific actions based on the source IP address of a request. For example, you have two versions of an application. One version is a public version that's for global users. The other is an internal version that includes some extended (beta) features. You want the internal version to be available only to employees who are accessing the application from corporate network CIDRs. To accomplish this, and other similar tasks, configure listener rules based on source IP addresses.

A rule that's based on source IP address checks the source IP address in the IP header (layer-3). If there's a proxy or firewall that changes the source IP address, then specify the proxy or firewall's IP address in the listener rule.

Note: Don't use listener rules to block requests from clients. It's a best practice to use security groups or network access control lists instead. To block a large number of clients, you can use AWS WAF.

1.    Create an Application Load Balancer. Or, use an Application Load Balancer that you already created.

2.    Open the Amazon Elastic Compute Cloud (Amazon EC2) console.

3.    On the navigation pane, under Load Balancing, choose Load Balancers.

4.    Select your load balancer.

5.    Choose the Listeners tab.

6.    Select your listener, and then choose Actions. Then, select Manage rules.

7.    Choose the Add rules icon (the plus sign), and then choose Insert rule.

8.    Choose Add condition, and then choose Source IP.

9.    Specify the IP addresses that you plan to configure a different action for.

Note: You can specify either a single IP address or network CIDRs with prefixes. For example, specify or

10.   Choose Add action, and then select the required action. See the following examples of actions:

Forward: This forwards the request to a different target group, such as a target group that runs an internal version of an application.

Return fixed response: This blocks specific users or provides custom responses to specific users.

12.   To save the condition, choose the checkmark icon.

13.   To save the rule, choose Save.

Related information

Listener rules for your Application Load Balancer

AWS OFFICIALUpdated a year ago