XFF original IP detection extension (proto)


[extensions.http.original_ip_detection.xff.v3.XffConfig proto]

This extension allows for the original downstream remote IP to be detected by reading the x-forwarded-for header.

This extension has the qualified name envoy.http.original_ip_detection.xff


This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.


This extension extends and can be used with the following extension category:

This extension must be configured with one of the following type URLs:

  "xff_num_trusted_hops": ...

(uint32) The number of additional ingress proxy hops from the right side of the x-forwarded-for HTTP header to trust when determining the origin client’s IP address. The default is zero if this option is not specified. See the documentation for x-forwarded-for for more information.