Geoip (proto)

This extension has the qualified name envoy.filters.http.geoip

Note

This extension is work-in-progress. Functionality is incomplete and it is not intended for production use.

This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted.

Tip

This extension extends and can be used with the following extension category:

envoy.filters.http

This extension must be configured with one of the following type URLs:

type.googleapis.com/envoy.extensions.filters.http.geoip.v3.Geoip

Warning

This API feature is currently work-in-progress. API features marked as work-in-progress are not considered stable, are not covered by the threat model, are not supported by the security team, and are subject to breaking changes. Do not use this feature without understanding each of the previous points.

Geoip configuration overview.

extensions.filters.http.geoip.v3.Geoip

[extensions.filters.http.geoip.v3.Geoip proto]

{
  "xff_config": {...},
  "custom_header_config": {...},
  "provider": {...}
}

xff_config

(extensions.filters.http.geoip.v3.Geoip.XffConfig) Configuration for extracting the client IP address from the x-forwarded-for header. If set, the xff_num_trusted_hops field will be used to determine the trusted client address from the x-forwarded-for header. If not set, the immediate downstream connection source address will be used.

Only one of xff_config or custom_header_config can be set.

custom_header_config

(extensions.filters.http.geoip.v3.Geoip.CustomHeaderConfig) Configuration for extracting the client IP address from a custom request header.

If set, the header_name field will be used to extract the client IP address from the specified request header.

Only one of custom_header_config or xff_config can be set.

provider

(config.core.v3.TypedExtensionConfig, REQUIRED) Geoip driver specific configuration which depends on the driver being instantiated. See the geoip drivers for examples:

MaxMindConfig

Tip

This extension category has the following known extensions:

envoy.geoip_providers.maxmind

extensions.filters.http.geoip.v3.Geoip.XffConfig

[extensions.filters.http.geoip.v3.Geoip.XffConfig proto]

{
  "xff_num_trusted_hops": ...
}

xff_num_trusted_hops

(uint32) The number of additional ingress proxy hops from the right side of the x-forwarded-for HTTP header to trust when determining the origin client’s IP address. See the documentation for x-forwarded-for for more information.

Defaults to 0.

extensions.filters.http.geoip.v3.Geoip.CustomHeaderConfig

[extensions.filters.http.geoip.v3.Geoip.CustomHeaderConfig proto]

{
  "header_name": ...
}

header_name

(string, REQUIRED) The name of the request header to extract the client IP address from. The header value must contain a valid IP address (IPv4 or IPv6).

If the header is missing or contains an invalid IP address, the filter will fall back to using the immediate downstream connection source address.