IP tagging

This documentation is for the Envoy v3 API.

As of Envoy v1.18 the v2 API has been removed and is no longer supported.

If you are upgrading from v2 API config you may wish to view the v2 API documentation:

This extension may be referenced by the qualified name envoy.filters.http.ip_tagging


This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.


This extension extends and can be used with the following extension category:

IP tagging configuration overview.


[extensions.filters.http.ip_tagging.v3.IPTagging proto]

  "request_type": "...",
  "ip_tags": []

(extensions.filters.http.ip_tagging.v3.IPTagging.RequestType) The type of request the filter should apply to.


(repeated extensions.filters.http.ip_tagging.v3.IPTagging.IPTag, REQUIRED) The set of IP tags for the filter.


[extensions.filters.http.ip_tagging.v3.IPTagging.IPTag proto]

Supplies the IP tag name and the IP address subnets.

  "ip_tag_name": "...",
  "ip_list": []

(string) Specifies the IP tag name to apply.


(repeated config.core.v3.CidrRange) A list of IP address subnets that will be tagged with ip_tag_name. Both IPv4 and IPv6 are supported.

Enum extensions.filters.http.ip_tagging.v3.IPTagging.RequestType

[extensions.filters.http.ip_tagging.v3.IPTagging.RequestType proto]

The type of requests the filter should apply to. The supported types are internal, external or both. The x-forwarded-for header is used to determine if a request is internal and will result in x-envoy-internal being set. The filter defaults to both, and it will apply to all request types.


(DEFAULT) ⁣Both external and internal requests will be tagged. This is the default value.


⁣Only internal requests will be tagged.


⁣Only external requests will be tagged.