463 Too many forwarded IP addresses

HTTP response status code 463 Too many forwarded IP addresses is an unofficial client error specific to AWS Elastic Load Balancer. The load balancer returns this code when an HTTP request includes an X-Forwarded-For header with too many IP addresses.

Table of Contents

Usage

The 463 Too many forwarded IP addresses status code indicates the X-Forwarded-For header contains more IP addresses than the load balancer allows.

Load balancers intercept traffic between clients and servers, so the IP address in server logs reflects only the load balancer. The X-Forwarded-For header preserves the original client IP. When a request reaches a load balancer and the header does not exist, the load balancer adds one. When the header already exists, the most recent IP address is appended. The upper limit is 30 IP addresses.

Note

The 30-address limit is specific to AWS Application Load Balancers. Requests proxied through many intermediate hops or constructed with forged headers are common triggers.

SEO impact

Search engines like Google do not index a URL with 463 response status. URLs previously indexed with this code are removed from search results.

Example

A client sends an HTTP request with an X-Forwarded-For header containing more than 30 IP addresses. The AWS Application Load Balancer rejects the request with 463.

Request

GET /api/data HTTP/1.1
Host: www.example.re
X-Forwarded-For: 192.168.1.1, 192.168.1.2, 192.168.1.3, ..., 192.168.1.35

Response

HTTP/1.1 463
Content-Type: text/html
Content-Length: 172

<html>
  <head>
    <title>AWS Load Balancer Error</title>
  </head>
  <body>
   <p>Too many IPs in X-Forwarded-For header.
   Limit to 30 addresses.</p>
  </body>
</html>

How to fix

Reduce the number of IP addresses in the X-Forwarded-For header before the request reaches the ALB. The AWS ALB hard limit is 30 addresses, and no configuration changes this limit.

Sanitize the header at the outermost proxy or CDN layer. Strip or truncate the existing X-Forwarded-For header before appending the current hop. Cloudflare, Akamai, and other CDNs offer header rewrite rules for this purpose.

Change the ALB X-Forwarded-For processing mode. The xff_header_processing.mode attribute controls how the ALB handles the incoming header:

aws elbv2 modify-load-balancer-attributes \
  --load-balancer-arn <arn> \
  --attributes \
  Key=routing.http.xff_header_processing.mode,\
Value=preserve

Three modes exist:

  • append (default): adds the client IP to the existing header, growing the list
  • preserve: keeps the original header unchanged, preventing the ALB from adding another address
  • remove: strips the header entirely before forwarding

Verify no proxy is duplicating entries. A misconfigured reverse proxy or CDN sometimes appends the same IP address multiple times per hop. Inspect the full header value in the ALB access log to count actual entries.

Reduce proxy chain depth. Layered infrastructure (CDN, WAF, regional proxy, ALB) adds an entry at each stage. Consolidating layers or eliminating unnecessary intermediate proxies keeps the count below 30.

Check for forged headers. Malicious clients pre-fill the X-Forwarded-For header with dozens of fake addresses. The outermost proxy in the chain needs to overwrite (not append to) the incoming header for untrusted traffic.

Takeaway

The 463 Too many forwarded IP addresses status code is a client error from AWS Elastic Load Balancer when the X-Forwarded-For header exceeds 30 IP addresses.

See also

Last updated: March 6, 2026