HTTP External Authorization

The external authorization HTTP service configuration configuration overview.

config.filter.http.ext_authz.v2alpha.ExtAuthz

[config.filter.http.ext_authz.v2alpha.ExtAuthz proto]

External Authorization filter calls out to an external service over the gRPC Authorization API defined by CheckRequest. A failed check will cause this filter to close the HTTP request with 403(Forbidden).

{
  "grpc_service": "{...}",
  "failure_mode_allow": "..."
}
grpc_service

(core.GrpcService) The external authorization gRPC service configuration. The default timeout is set to 200ms by this filter.

Only one of grpc_service may be set.

failure_mode_allow
(bool) The filter’s behaviour in case the external authorization service does not respond back. When it is set to true, Envoy will also allow traffic in case of communication failure between authorization service and the proxy. Defaults to false.