XFF original IP detection extension (proto)

extensions.http.original_ip_detection.xff.v3.XffConfig

[extensions.http.original_ip_detection.xff.v3.XffConfig proto]

This extension allows for the original downstream remote IP to be detected by reading the x-forwarded-for header.

This extension has the qualified name envoy.http.original_ip_detection.xff

Note

This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.

Tip

This extension extends and can be used with the following extension category:

• envoy.http.original_ip_detection

This extension must be configured with one of the following type URLs:

• type.googleapis.com/envoy.extensions.http.original_ip_detection.xff.v3.XffConfig

{
  "xff_num_trusted_hops": ...
}

xff_num_trusted_hops

(uint32) The number of additional ingress proxy hops from the right side of the x-forwarded-for HTTP header to trust when determining the origin client’s IP address. The default is zero if this option is not specified. See the documentation for x-forwarded-for for more information.