Chiebot-Mirror
/
data-plane-api
mirror of https://github.com/envoyproxy/data-plane-api.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Geoip filter (#24318)

Browse Source 
Signed-off-by: Kateryna Nezdolii <nezdolik@spotify.com>

Mirrored from https://github.com/envoyproxy/envoy @ 46aecfca0e8930375ebedc2444471332f5b23783
pull/626/head
data-plane-api(Azure Pipelines) 2 years ago
parent 6c06e515fb
commit 09674a7549
4 changed files with 105 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      BUILD
  2. 13
      envoy/extensions/filters/http/geoip/v3/BUILD
  3. 90
      envoy/extensions/filters/http/geoip/v3/geoip.proto
  4. 1
      versioning/BUILD

1
BUILD
Unescape View File

@ -175,6 +175,7 @@ proto_library(
"//envoy/extensions/filters/http/fault/v3:pkg", "//envoy/extensions/filters/http/fault/v3:pkg",
"//envoy/extensions/filters/http/file_system_buffer/v3:pkg", "//envoy/extensions/filters/http/file_system_buffer/v3:pkg",
"//envoy/extensions/filters/http/gcp_authn/v3:pkg", "//envoy/extensions/filters/http/gcp_authn/v3:pkg",
"//envoy/extensions/filters/http/geoip/v3:pkg",
"//envoy/extensions/filters/http/grpc_http1_bridge/v3:pkg", "//envoy/extensions/filters/http/grpc_http1_bridge/v3:pkg",
"//envoy/extensions/filters/http/grpc_http1_reverse_bridge/v3:pkg", "//envoy/extensions/filters/http/grpc_http1_reverse_bridge/v3:pkg",
"//envoy/extensions/filters/http/grpc_json_transcoder/v3:pkg", "//envoy/extensions/filters/http/grpc_json_transcoder/v3:pkg",

13
envoy/extensions/filters/http/geoip/v3/BUILD
Unescape View File

@ -0,0 +1,13 @@
# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py.
load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
licenses(["notice"]) # Apache 2
api_proto_package(
deps = [
"//envoy/config/core/v3:pkg",
"@com_github_cncf_udpa//udpa/annotations:pkg",
"@com_github_cncf_udpa//xds/annotations/v3:pkg",
],
)

90
envoy/extensions/filters/http/geoip/v3/geoip.proto
Unescape View File

@ -0,0 +1,90 @@
syntax = "proto3";
package envoy.extensions.filters.http.geoip.v3;
import "envoy/config/core/v3/extension.proto";
import "xds/annotations/v3/status.proto";
import "udpa/annotations/status.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.extensions.filters.http.geoip.v3";
option java_outer_classname = "GeoipProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/geoip/v3;geoipv3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
option (xds.annotations.v3.file_status).work_in_progress = true;
// [#protodoc-title: Geoip]
// Geoip :ref:`configuration overview <config_http_filters_geoip>`.
// [#extension: envoy.filters.http.geoip]
message Geoip {
// The set of geolocation headers to add to request. If any of the configured headers is present
// in the incoming request, it will be overridden by Geoip filter.
// [#next-free-field: 10]
message GeolocationHeadersToAdd {
// If set, the header will be used to populate the country ISO code associated with the IP address.
string country = 1
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
// If set, the header will be used to populate the city associated with the IP address.
string city = 2
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
// If set, the header will be used to populate the region ISO code associated with the IP address.
string region = 3
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
// If set, the header will be used to populate the ASN associated with the IP address.
string asn = 4
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
// If set, the IP address will be checked if it belongs to any type of anonymization network (e.g. VPN, public proxy etc)
// and header will be populated with the check result. Header value will be set to either "true" or "false" depending on the check result.
string is_anon = 5
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
// If set, the IP address will be checked if it belongs to a VPN and header will be populated with the check result.
// Header value will be set to either "true" or "false" depending on the check result.
string anon_vpn = 6
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
// If set, the IP address will be checked if it belongs to a hosting provider and header will be populated with the check result.
// Header value will be set to either "true" or "false" depending on the check result.
string anon_hosting = 7
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
// If set, the IP address will be checked if it belongs to a TOR exit node and header will be populated with the check result.
// Header value will be set to either "true" or "false" depending on the check result.
string anon_tor = 8
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
// If set, the IP address will be checked if it belongs to a public proxy and header will be populated with the check result.
// Header value will be set to either "true" or "false" depending on the check result.
string anon_proxy = 9
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
}
message XffConfig {
// The number of additional ingress proxy hops from the right side of the
// :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header to trust when
// determining the origin client's IP address. The default is zero if this option
// is not specified. See the documentation for
// :ref:`config_http_conn_man_headers_x-forwarded-for` for more information.
uint32 xff_num_trusted_hops = 1;
}
// If set, the :ref:`xff_num_trusted_hops <envoy_v3_api_field_extensions.filters.http.geoip.v3.Geoip.XffConfig.xff_num_trusted_hops>` field will be used to determine
// trusted client address from `x-forwarded-for` header.
// Otherwise, the immediate downstream connection source address will be used.
// [#next-free-field: 2]
XffConfig xff_config = 1;
// Configuration for geolocation headers to add to request.
GeolocationHeadersToAdd geo_headers_to_add = 2 [(validate.rules).message = {required: true}];
// Geolocation provider specific configuration.
config.core.v3.TypedExtensionConfig provider = 3 [(validate.rules).message = {required: true}];
}

1
versioning/BUILD
Unescape View File

@ -113,6 +113,7 @@ proto_library(
"//envoy/extensions/filters/http/fault/v3:pkg", "//envoy/extensions/filters/http/fault/v3:pkg",
"//envoy/extensions/filters/http/file_system_buffer/v3:pkg", "//envoy/extensions/filters/http/file_system_buffer/v3:pkg",
"//envoy/extensions/filters/http/gcp_authn/v3:pkg", "//envoy/extensions/filters/http/gcp_authn/v3:pkg",
"//envoy/extensions/filters/http/geoip/v3:pkg",
"//envoy/extensions/filters/http/grpc_http1_bridge/v3:pkg", "//envoy/extensions/filters/http/grpc_http1_bridge/v3:pkg",
"//envoy/extensions/filters/http/grpc_http1_reverse_bridge/v3:pkg", "//envoy/extensions/filters/http/grpc_http1_reverse_bridge/v3:pkg",
"//envoy/extensions/filters/http/grpc_json_transcoder/v3:pkg", "//envoy/extensions/filters/http/grpc_json_transcoder/v3:pkg",

Write Preview
Loading…
Cancel
Save