Original Destination Cluster Configuration (proto)

This extension has the qualified name envoy.clusters.original_dst

Note

This extension is intended to be robust against both untrusted downstream and upstream traffic.

Tip

This extension extends and can be used with the following extension category:

• envoy.clusters

This extension must be configured with one of the following type URLs:

• type.googleapis.com/envoy.extensions.clusters.original_dst.v3.OriginalDstCluster

extensions.clusters.original_dst.v3.OriginalDstCluster

[extensions.clusters.original_dst.v3.OriginalDstCluster proto]

Configuration for the Original Destination cluster.

{
  "use_http_header": ...,
  "http_header_name": ...,
  "upstream_port_override": {...},
  "metadata_key": {...}
}

use_http_header

(bool) When true, an HTTP header can be used to override the original dst address. The default header is x-envoy-original-dst-host.

Attention

This header isn’t sanitized by default, so enabling this feature allows HTTP clients to route traffic to arbitrary hosts and/or ports, which may have serious security consequences.

Note

If the header appears multiple times only the first value is used.

http_header_name

(string) The http header to override destination address if use_http_header is set to true. If the value is empty, x-envoy-original-dst-host will be used.

upstream_port_override

(UInt32Value) The port to override for the original dst address. This port will take precedence over filter state and header override ports.

metadata_key

(type.metadata.v3.MetadataKey) The dynamic metadata key to override destination address. First the request metadata is considered, then the connection one.