.. _envoy_v3_api_file_envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto: Proxy Protocol Filter (proto) ============================= .. _extension_envoy.filters.listener.proxy_protocol: This extension has the qualified name ``envoy.filters.listener.proxy_protocol`` .. note:: This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted. .. tip:: This extension extends and can be used with the following extension category: - :ref:`envoy.filters.listener ` This extension must be configured with one of the following type URLs: - :ref:`type.googleapis.com/envoy.extensions.filters.listener.proxy_protocol.v3.ProxyProtocol ` PROXY protocol listener filter. .. _envoy_v3_api_msg_extensions.filters.listener.proxy_protocol.v3.ProxyProtocol: extensions.filters.listener.proxy_protocol.v3.ProxyProtocol ----------------------------------------------------------- :repo:`[extensions.filters.listener.proxy_protocol.v3.ProxyProtocol proto] ` .. code-block:: json :force: { "rules": [], "allow_requests_without_proxy_protocol": ... } .. _envoy_v3_api_field_extensions.filters.listener.proxy_protocol.v3.ProxyProtocol.rules: rules (**repeated** :ref:`extensions.filters.listener.proxy_protocol.v3.ProxyProtocol.Rule `) The list of rules to apply to requests. .. _envoy_v3_api_field_extensions.filters.listener.proxy_protocol.v3.ProxyProtocol.allow_requests_without_proxy_protocol: allow_requests_without_proxy_protocol (`bool `_) Allow requests through that don't use proxy protocol. Defaults to false. .. attention:: This breaks conformance with the specification. Only enable if ALL traffic to the listener comes from a trusted source. For more information on the security implications of this feature, see https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt .. attention:: Requests of 12 or fewer bytes that match the proxy protocol v2 signature and requests of 6 or fewer bytes that match the proxy protocol v1 signature will timeout (Envoy is unable to differentiate these requests from incomplete proxy protocol requests). .. _envoy_v3_api_msg_extensions.filters.listener.proxy_protocol.v3.ProxyProtocol.KeyValuePair: extensions.filters.listener.proxy_protocol.v3.ProxyProtocol.KeyValuePair ------------------------------------------------------------------------ :repo:`[extensions.filters.listener.proxy_protocol.v3.ProxyProtocol.KeyValuePair proto] ` .. code-block:: json :force: { "metadata_namespace": ..., "key": ... } .. _envoy_v3_api_field_extensions.filters.listener.proxy_protocol.v3.ProxyProtocol.KeyValuePair.metadata_namespace: metadata_namespace (`string `_) The namespace — if this is empty, the filter's namespace will be used. .. _envoy_v3_api_field_extensions.filters.listener.proxy_protocol.v3.ProxyProtocol.KeyValuePair.key: key (`string `_, *REQUIRED*) The key to use within the namespace. .. _envoy_v3_api_msg_extensions.filters.listener.proxy_protocol.v3.ProxyProtocol.Rule: extensions.filters.listener.proxy_protocol.v3.ProxyProtocol.Rule ---------------------------------------------------------------- :repo:`[extensions.filters.listener.proxy_protocol.v3.ProxyProtocol.Rule proto] ` A Rule defines what metadata to apply when a header is present or missing. .. code-block:: json :force: { "tlv_type": ..., "on_tlv_present": {...} } .. _envoy_v3_api_field_extensions.filters.listener.proxy_protocol.v3.ProxyProtocol.Rule.tlv_type: tlv_type (`uint32 `_) The type that triggers the rule - required TLV type is defined as uint8_t in proxy protocol. See `the spec `_ for details. .. _envoy_v3_api_field_extensions.filters.listener.proxy_protocol.v3.ProxyProtocol.Rule.on_tlv_present: on_tlv_present (:ref:`extensions.filters.listener.proxy_protocol.v3.ProxyProtocol.KeyValuePair `) If the TLV type is present, apply this metadata KeyValuePair.