Geoip (proto)

This extension has the qualified name envoy.filters.http.geoip


This extension is work-in-progress. Functionality is incomplete and it is not intended for production use.

This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted.


This extension extends and can be used with the following extension category:

This extension must be configured with one of the following type URLs:


This API feature is currently work-in-progress. API features marked as work-in-progress are not considered stable, are not covered by the threat model, are not supported by the security team, and are subject to breaking changes. Do not use this feature without understanding each of the previous points.

Geoip configuration overview.


[extensions.filters.http.geoip.v3.Geoip proto]

  "xff_config": {...},
  "provider": {...}

(extensions.filters.http.geoip.v3.Geoip.XffConfig) If set, the xff_num_trusted_hops field will be used to determine trusted client address from x-forwarded-for header. Otherwise, the immediate downstream connection source address will be used.


(config.core.v3.TypedExtensionConfig, REQUIRED) Geoip driver specific configuration which depends on the driver being instantiated. See the geoip drivers for examples:


This extension category has the following known extensions:


[extensions.filters.http.geoip.v3.Geoip.XffConfig proto]

  "xff_num_trusted_hops": ...

(uint32) The number of additional ingress proxy hops from the right side of the x-forwarded-for HTTP header to trust when determining the origin client’s IP address. The default is zero if this option is not specified. See the documentation for x-forwarded-for for more information.