IP tagging (proto)

This extension has the qualified name envoy.filters.http.ip_tagging

Note

This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.

Tip

This extension extends and can be used with the following extension category:

envoy.filters.http

This extension must be configured with one of the following type URLs:

type.googleapis.com/envoy.extensions.filters.http.ip_tagging.v3.IPTagging

IP tagging configuration overview.

extensions.filters.http.ip_tagging.v3.IPTagging

[extensions.filters.http.ip_tagging.v3.IPTagging proto]

{
  "request_type": ...,
  "ip_tags": [],
  "ip_tag_header": {...}
}

request_type: (extensions.filters.http.ip_tagging.v3.IPTagging.RequestType) The type of request the filter should apply to.

ip_tags: (repeated extensions.filters.http.ip_tagging.v3.IPTagging.IPTag, REQUIRED) The set of IP tags for the filter.

ip_tag_header

(extensions.filters.http.ip_tagging.v3.IPTagging.IpTagHeader) Specify to which header the tags will be written.

If left unspecified, the tags will be appended to the x-envoy-ip-tags header.

extensions.filters.http.ip_tagging.v3.IPTagging.IPTag

[extensions.filters.http.ip_tagging.v3.IPTagging.IPTag proto]

Supplies the IP tag name and the IP address subnets.

{
  "ip_tag_name": ...,
  "ip_list": []
}

ip_tag_name: (string) Specifies the IP tag name to apply.

ip_list: (repeated config.core.v3.CidrRange) A list of IP address subnets that will be tagged with ip_tag_name. Both IPv4 and IPv6 are supported.

extensions.filters.http.ip_tagging.v3.IPTagging.IpTagHeader

[extensions.filters.http.ip_tagging.v3.IPTagging.IpTagHeader proto]

Specify to which header the tags will be written.

{
  "header": ...,
  "action": ...
}

header

(string, REQUIRED) Header to use for ip-tagging.

This header will be sanitized based on the config in action rather than the defaults for x-envoy prefixed headers.

action

(extensions.filters.http.ip_tagging.v3.IPTagging.IpTagHeader.HeaderAction) Control if the header will be sanitized, or be appended to.

Default: SANITIZE.

Enum extensions.filters.http.ip_tagging.v3.IPTagging.IpTagHeader.HeaderAction

[extensions.filters.http.ip_tagging.v3.IPTagging.IpTagHeader.HeaderAction proto]

Describes how to apply the tags to the headers.

SANITIZE

(DEFAULT) ⁣(DEFAULT) The header specified in ip_tag_header will be dropped, before the tags are applied. The incoming header will be “sanitized” regardless of whether the request is internal or external.

Note that the header will be visible unsanitized to any filters that are invoked before the ip-tag-header filter, unless it has an x-envoy prefix.

APPEND_IF_EXISTS_OR_ADD

⁣Tags will be appended to the header specified in ip_tag_header.

Please note that this could cause the header to retain values set by the http client regardless of whether the request is internal or external.

Enum extensions.filters.http.ip_tagging.v3.IPTagging.RequestType

[extensions.filters.http.ip_tagging.v3.IPTagging.RequestType proto]

The type of requests the filter should apply to. The supported types are internal, external or both. The x-forwarded-for header is used to determine if a request is internal and will result in x-envoy-internal being set. The filter defaults to both, and it will apply to all request types.

BOTH: (DEFAULT) ⁣Both external and internal requests will be tagged. This is the default value.

INTERNAL: ⁣Only internal requests will be tagged.

EXTERNAL: ⁣Only external requests will be tagged.