HTTP 463 Too Many X-Forwarded-For IPs (AWS ALB) — What It Means & How to Fix It

Fix AWS ALB HTTP 463 error when the X-Forwarded-For header contains too many IP addresses exceeding the ALB limit. This guide covers everything you need to know about this topic, including common causes, step-by-step solutions, and answers to frequently asked questions.

Here are the key things to understand: HTTP 463 is an AWS Application Load Balancer specific error code. It is returned when the X-Forwarded-For header exceeds the maximum number of IP addresses allowed. AWS ALB has a limit on the total size of the X-Forwarded-For header. This can happen when requests pass through many proxy layers, each appending its IP. Understanding these fundamentals will help you diagnose and resolve this issue more effectively.

The most common reasons this occurs include: Request passing through too many proxy layers (CDN, WAF, reverse proxy, ALB). Malicious client spoofing X-Forwarded-For with hundreds of fake IP addresses. Misconfigured proxy chain appending duplicate IPs on each hop. Recursive proxy loops causing the header to grow with each iteration. Identifying the root cause is the first step toward finding the right solution.

To resolve this, follow these recommended steps: Inspect the X-Forwarded-For header to see how many IPs it contains and identify the chain. Remove unnecessary proxy layers from the request path to reduce header size. Configure upstream proxies to replace rather than append X-Forwarded-For if appropriate. Use AWS WAF rules to block requests with excessively long X-Forwarded-For headers. If these steps do not resolve the issue, consider consulting additional resources or a qualified professional.

This article is part of our HTTP Status Codes collection on Error Codes Wiki. We provide comprehensive, up-to-date information to help you find solutions quickly.