Can the criteria for categorization of internal requests be made configurable in Envoy?
#11.762 aberto em 25 de jun. de 2020
Métricas do repositório
- Stars
- (27.997 stars)
- Métricas de merge de PR
- (Mesclagem média 8d) (378 fundiu PRs em 30d)
Description
Description:
Envoy treats all requests received from remote addresses in the private IP address range, as internal requests. The following code points to the logic: https://github.com/envoyproxy/envoy/blob/master/source/common/http/conn_manager_utility.cc#L144 https://github.com/envoyproxy/envoy/blob/master/source/common/network/utility.cc#L267
Config: Envoy is configured to append xff headers with following options skip_xff_append=false use_remote_address=true
Question: Could you please help me understand the reason for this classification? In our systems, we don't want to treat requests coming in from anywhere other than the loopback address "127.0.0.1" as internal. Would it be acceptable to have a configurable option to select what addresses should be classified as internal requests? Also wondering if changing this interpretation would break any other assumptions that may rely on it.