.. _envoy_v3_api_file_envoy/extensions/http/original_ip_detection/xff/v3/xff.proto: XFF original IP detection extension (proto) =========================================== .. _envoy_v3_api_msg_extensions.http.original_ip_detection.xff.v3.XffConfig: extensions.http.original_ip_detection.xff.v3.XffConfig ------------------------------------------------------ :repo:`[extensions.http.original_ip_detection.xff.v3.XffConfig proto] ` This extension allows for the original downstream remote IP to be detected by reading the :ref:`config_http_conn_man_headers_x-forwarded-for` header. .. _extension_envoy.http.original_ip_detection.xff: This extension has the qualified name ``envoy.http.original_ip_detection.xff`` .. note:: This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted. .. tip:: This extension extends and can be used with the following extension category: - :ref:`envoy.http.original_ip_detection ` This extension must be configured with one of the following type URLs: - :ref:`type.googleapis.com/envoy.extensions.http.original_ip_detection.xff.v3.XffConfig ` .. code-block:: json :force: { "xff_num_trusted_hops": ... } .. _envoy_v3_api_field_extensions.http.original_ip_detection.xff.v3.XffConfig.xff_num_trusted_hops: xff_num_trusted_hops (`uint32 `_) The number of additional ingress proxy hops from the right side of the :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header to trust when determining the origin client's IP address. The default is zero if this option is not specified. See the documentation for :ref:`config_http_conn_man_headers_x-forwarded-for` for more information.