IP Tagging¶
The HTTP IP Tagging filter sets the header x-envoy-ip-tags with the string tags for the trusted address from x-forwarded-for. If there are no tags for an address, the header is not set.
The implementation for IP Tagging provides a scalable way to compare an IP address to a large list of CIDR ranges efficiently. The underlying algorithm for storing tags and IP address subnets is a Level-Compressed trie described in the paper IP-address lookup using LC-tries by S. Nilsson and G. Karlsson.
Configuration¶
This filter should be configured with the name envoy.ip_tagging.
Statistics¶
The IP Tagging filter outputs statistics in the http.<stat_prefix>.ip_tagging. namespace. The stat prefix comes from the owning HTTP connection manager.
Name |
Type |
Description |
---|---|---|
<tag_name>.hit |
Counter |
Total number of requests that have the <tag_name> applied to it |
no_hit |
Counter |
Total number of requests with no applicable IP tags |
total |
Counter |
Total number of requests the IP Tagging Filter operated on |
Runtime¶
The IP Tagging filter supports the following runtime settings:
- ip_tagging.http_filter_enabled
The % of requests for which the filter is enabled. Default is 100.