Geoip (proto)
This extension has the qualified name envoy.filters.http.geoip
Note
This extension is work-in-progress. Functionality is incomplete and it is not intended for production use.
This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted.
Tip
This extension extends and can be used with the following extension category:
This extension must be configured with one of the following type URLs:
Warning
This API feature is currently work-in-progress. API features marked as work-in-progress are not considered stable, are not covered by the threat model, are not supported by the security team, and are subject to breaking changes. Do not use this feature without understanding each of the previous points.
Geoip configuration overview.
extensions.filters.http.geoip.v3.Geoip
[extensions.filters.http.geoip.v3.Geoip proto]
{
"xff_config": {...},
"geo_headers_to_add": {...},
"provider": {...}
}
- xff_config
(extensions.filters.http.geoip.v3.Geoip.XffConfig) If set, the xff_num_trusted_hops field will be used to determine trusted client address from x-forwarded-for header. Otherwise, the immediate downstream connection source address will be used.
- geo_headers_to_add
(extensions.filters.http.geoip.v3.Geoip.GeolocationHeadersToAdd, REQUIRED) Configuration for geolocation headers to add to request.
- provider
(config.core.v3.TypedExtensionConfig, REQUIRED) Geolocation provider specific configuration.
extensions.filters.http.geoip.v3.Geoip.GeolocationHeadersToAdd
[extensions.filters.http.geoip.v3.Geoip.GeolocationHeadersToAdd proto]
The set of geolocation headers to add to request. If any of the configured headers is present in the incoming request, it will be overridden by Geoip filter.
{
"country": ...,
"city": ...,
"region": ...,
"asn": ...,
"is_anon": ...,
"anon_vpn": ...,
"anon_hosting": ...,
"anon_tor": ...,
"anon_proxy": ...
}
- country
(string) If set, the header will be used to populate the country ISO code associated with the IP address.
- city
(string) If set, the header will be used to populate the city associated with the IP address.
- region
(string) If set, the header will be used to populate the region ISO code associated with the IP address.
- asn
(string) If set, the header will be used to populate the ASN associated with the IP address.
- is_anon
(string) If set, the IP address will be checked if it belongs to any type of anonymization network (e.g. VPN, public proxy etc) and header will be populated with the check result. Header value will be set to either “true” or “false” depending on the check result.
- anon_vpn
(string) If set, the IP address will be checked if it belongs to a VPN and header will be populated with the check result. Header value will be set to either “true” or “false” depending on the check result.
- anon_hosting
(string) If set, the IP address will be checked if it belongs to a hosting provider and header will be populated with the check result. Header value will be set to either “true” or “false” depending on the check result.
- anon_tor
(string) If set, the IP address will be checked if it belongs to a TOR exit node and header will be populated with the check result. Header value will be set to either “true” or “false” depending on the check result.
- anon_proxy
(string) If set, the IP address will be checked if it belongs to a public proxy and header will be populated with the check result. Header value will be set to either “true” or “false” depending on the check result.
extensions.filters.http.geoip.v3.Geoip.XffConfig
[extensions.filters.http.geoip.v3.Geoip.XffConfig proto]
{
"xff_num_trusted_hops": ...
}
- xff_num_trusted_hops
(uint32) The number of additional ingress proxy hops from the right side of the x-forwarded-for HTTP header to trust when determining the origin client’s IP address. The default is zero if this option is not specified. See the documentation for x-forwarded-for for more information.