envoyproxy/envoy

Can the criteria for categorization of internal requests be made configurable in Envoy?

Open

#11.762 aperta il 25 giu 2020

Vedi su GitHub
 (4 commenti) (0 reazioni) (0 assegnatari)C++ (5373 fork)batch import
area/httphelp wanted

Metriche repository

Star
 (27.997 star)
Metriche merge PR
 (Merge medio 8g) (378 PR mergiate in 30 g)

Descrizione

Description:

Envoy treats all requests received from remote addresses in the private IP address range, as internal requests. The following code points to the logic: https://github.com/envoyproxy/envoy/blob/master/source/common/http/conn_manager_utility.cc#L144 https://github.com/envoyproxy/envoy/blob/master/source/common/network/utility.cc#L267

Config: Envoy is configured to append xff headers with following options skip_xff_append=false use_remote_address=true

Question: Could you please help me understand the reason for this classification? In our systems, we don't want to treat requests coming in from anywhere other than the loopback address "127.0.0.1" as internal. Would it be acceptable to have a configurable option to select what addresses should be classified as internal requests? Also wondering if changing this interpretation would break any other assumptions that may rely on it.

Guida contributor