envoyproxy/envoy

Can the criteria for categorization of internal requests be made configurable in Envoy?

Open

#11 762 ouverte le 25 juin 2020

Voir sur GitHub
 (4 commentaires) (0 réactions) (0 assignés)C++ (5 373 forks)batch import
area/httphelp wanted

Métriques du dépôt

Stars
 (27 997 stars)
Métriques de merge PR
 (Merge moyen 8j) (378 PRs mergées en 30 j)

Description

Description:

Envoy treats all requests received from remote addresses in the private IP address range, as internal requests. The following code points to the logic: https://github.com/envoyproxy/envoy/blob/master/source/common/http/conn_manager_utility.cc#L144 https://github.com/envoyproxy/envoy/blob/master/source/common/network/utility.cc#L267

Config: Envoy is configured to append xff headers with following options skip_xff_append=false use_remote_address=true

Question: Could you please help me understand the reason for this classification? In our systems, we don't want to treat requests coming in from anywhere other than the loopback address "127.0.0.1" as internal. Would it be acceptable to have a configurable option to select what addresses should be classified as internal requests? Also wondering if changing this interpretation would break any other assumptions that may rely on it.

Guide contributeur