feat: Update default for enable_xff_client_port to match the TF imple…

…mentation

README.md

@@ -338,7 +338,7 @@ No modules.
 | <a name="input_enable_http2"></a> [enable\_http2](#input\_enable\_http2) | Indicates whether HTTP/2 is enabled in application load balancers. | `bool` | `true` | no |
 | <a name="input_enable_tls_version_and_cipher_suite_headers"></a> [enable\_tls\_version\_and\_cipher\_suite\_headers](#input\_enable\_tls\_version\_and\_cipher\_suite\_headers) | Indicates whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. | `bool` | `false` | no |
 | <a name="input_enable_waf_fail_open"></a> [enable\_waf\_fail\_open](#input\_enable\_waf\_fail\_open) | Indicates whether to route requests to targets if lb fails to forward the request to AWS WAF | `bool` | `false` | no |
-| <a name="input_enable_xff_client_port"></a> [enable\_xff\_client\_port](#input\_enable\_xff\_client\_port) | Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in application load balancers. | `bool` | `true` | no |
+| <a name="input_enable_xff_client_port"></a> [enable\_xff\_client\_port](#input\_enable\_xff\_client\_port) | Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in application load balancers. | `bool` | `false` | no |
 | <a name="input_extra_ssl_certs"></a> [extra\_ssl\_certs](#input\_extra\_ssl\_certs) | A list of maps describing any extra SSL certificates to apply to the HTTPS listeners. Required key/values: certificate\_arn, https\_listener\_index (the index of the listener within https\_listeners which the cert applies toward). | `list(map(string))` | `[]` | no |
 | <a name="input_http_tcp_listener_rules"></a> [http\_tcp\_listener\_rules](#input\_http\_tcp\_listener\_rules) | A list of maps describing the Listener Rules for this ALB. Required key/values: actions, conditions. Optional key/values: priority, http\_tcp\_listener\_index (default to http\_tcp\_listeners[count.index]) | `any` | `[]` | no |
 | <a name="input_http_tcp_listener_rules_tags"></a> [http\_tcp\_listener\_rules\_tags](#input\_http\_tcp\_listener\_rules\_tags) | A map of tags to add to all http listener rules | `map(string)` | `{}` | no |

variables.tf

@@ -43,7 +43,7 @@ variable "enable_tls_version_and_cipher_suite_headers" {
 variable "enable_xff_client_port" {
   description = "Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in application load balancers."
   type        = bool
-  default     = true
+  default     = false
 }
 
 variable "extra_ssl_certs" {

wrappers/main.tf

@@ -10,7 +10,7 @@ module "wrapper" {
   enable_http2                                = try(each.value.enable_http2, var.defaults.enable_http2, true)
   enable_cross_zone_load_balancing            = try(each.value.enable_cross_zone_load_balancing, var.defaults.enable_cross_zone_load_balancing, false)
   enable_tls_version_and_cipher_suite_headers = try(each.value.enable_tls_version_and_cipher_suite_headers, var.defaults.enable_tls_version_and_cipher_suite_headers, false)
-  enable_xff_client_port                      = try(each.value.enable_xff_client_port, var.defaults.enable_xff_client_port, true)
+  enable_xff_client_port                      = try(each.value.enable_xff_client_port, var.defaults.enable_xff_client_port, false)
   extra_ssl_certs                             = try(each.value.extra_ssl_certs, var.defaults.extra_ssl_certs, [])
   https_listeners                             = try(each.value.https_listeners, var.defaults.https_listeners, [])
   http_tcp_listeners                          = try(each.value.http_tcp_listeners, var.defaults.http_tcp_listeners, [])