IP tagging (proto)
This extension has the qualified name envoy.filters.http.ip_tagging
Note
This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.
Tip
This extension extends and can be used with the following extension category:
This extension must be configured with one of the following type URLs:
IP tagging configuration overview.
extensions.filters.http.ip_tagging.v3.IPTagging
[extensions.filters.http.ip_tagging.v3.IPTagging proto]
{
"request_type": ...,
"ip_tags": [],
"ip_tag_header": {...},
"ip_tags_datasource": {...}
}
- request_type
(extensions.filters.http.ip_tagging.v3.IPTagging.RequestType) The type of request the filter should apply to.
- ip_tags
(repeated extensions.filters.http.ip_tagging.v3.IPTagging.IPTag) The set of IP tags for the filter. Only one of ip_tags or ip_tags_datasource can be set for the IP Tagging filter.
- ip_tag_header
(extensions.filters.http.ip_tagging.v3.IPTagging.IpTagHeader) Specify to which header the tags will be written.
If left unspecified, the tags will be appended to the
x-envoy-ip-tagsheader.
- ip_tags_datasource
(config.core.v3.DataSource) Data source from which to retrieve ip tags. Only filename based data source is currently supported for IP tags. When using this data source, if a
watched_directoryis provided, the IP tags file will be re-read when a file move is detected. See watched_directory for more information about thewatched_directoryfield.
extensions.filters.http.ip_tagging.v3.IPTagging.IPTag
[extensions.filters.http.ip_tagging.v3.IPTagging.IPTag proto]
Supplies the IP tag name and the IP address subnets.
{
"ip_tag_name": ...,
"ip_list": []
}
- ip_tag_name
(string) Specifies the IP tag name to apply.
- ip_list
(repeated config.core.v3.CidrRange) A list of IP address subnets that will be tagged with ip_tag_name. Both IPv4 and IPv6 are supported.
extensions.filters.http.ip_tagging.v3.IPTagging.IpTagHeader
[extensions.filters.http.ip_tagging.v3.IPTagging.IpTagHeader proto]
Specify to which header the tags will be written.
{
"header": ...,
"action": ...
}
- header
(string, REQUIRED) Header to use for ip-tagging.
This header will be sanitized based on the config in action rather than the defaults for x-envoy prefixed headers.
- action
(extensions.filters.http.ip_tagging.v3.IPTagging.IpTagHeader.HeaderAction) Control if the header will be sanitized, or be appended to.
Default: SANITIZE.
Enum extensions.filters.http.ip_tagging.v3.IPTagging.IpTagHeader.HeaderAction
[extensions.filters.http.ip_tagging.v3.IPTagging.IpTagHeader.HeaderAction proto]
Describes how to apply the tags to the headers.
- SANITIZE
(DEFAULT) (DEFAULT) The header specified in ip_tag_header will be dropped, before the tags are applied. The incoming header will be “sanitized” regardless of whether the request is internal or external.
Note that the header will be visible unsanitized to any filters that are invoked before the ip-tag-header filter, unless it has an x-envoy prefix.
- APPEND_IF_EXISTS_OR_ADD
Tags will be appended to the header specified in ip_tag_header.
Please note that this could cause the header to retain values set by the http client regardless of whether the request is internal or external.
Enum extensions.filters.http.ip_tagging.v3.IPTagging.RequestType
[extensions.filters.http.ip_tagging.v3.IPTagging.RequestType proto]
The type of requests the filter should apply to. The supported types are internal, external or both. The x-forwarded-for header is used to determine if a request is internal and will result in x-envoy-internal being set. The filter defaults to both, and it will apply to all request types.
- BOTH
(DEFAULT) Both external and internal requests will be tagged. This is the default value.
- INTERNAL
Only internal requests will be tagged.
- EXTERNAL
Only external requests will be tagged.