envoyproxy/envoy

Can the criteria for categorization of internal requests be made configurable in Envoy?

Open

#11.762 geöffnet am 25. Juni 2020

Auf GitHub ansehen
 (4 Kommentare) (0 Reaktionen) (0 zugewiesene Personen)C++ (5.373 Forks)batch import
area/httphelp wanted

Repository-Metriken

Stars
 (27.997 Stars)
PR-Merge-Metriken
 (Durchschn. Merge 8T) (378 gemergte PRs in 30 T)

Beschreibung

Description:

Envoy treats all requests received from remote addresses in the private IP address range, as internal requests. The following code points to the logic: https://github.com/envoyproxy/envoy/blob/master/source/common/http/conn_manager_utility.cc#L144 https://github.com/envoyproxy/envoy/blob/master/source/common/network/utility.cc#L267

Config: Envoy is configured to append xff headers with following options skip_xff_append=false use_remote_address=true

Question: Could you please help me understand the reason for this classification? In our systems, we don't want to treat requests coming in from anywhere other than the loopback address "127.0.0.1" as internal. Would it be acceptable to have a configurable option to select what addresses should be classified as internal requests? Also wondering if changing this interpretation would break any other assumptions that may rely on it.

Contributor Guide