SNI dynamic forward proxy


This API is work-in-progress and is subject to breaking changes.

[ proto]

Configuration for the SNI-based dynamic forward proxy filter. See the architecture overview for more information. Note this filter must be configured along with TLS inspector listener filter to work.

This extension may be referenced by the qualified name


This extension is functional but has not had substantial production burn time, use only with this caveat.

This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted.


This extension extends and can be used with the following extension category:

  "dns_cache_config": "{...}",
  "port_value": "..."

(extensions.common.dynamic_forward_proxy.v3.DnsCacheConfig, REQUIRED) The DNS cache configuration that the filter will attach to. Note this configuration must match that of associated dynamic forward proxy cluster configuration.


(uint32) The port number to connect to the upstream.