Geoip filter (#24318)
Signed-off-by: Kateryna Nezdolii <nezdolik@spotify.com> Mirrored from https://github.com/envoyproxy/envoy @ 46aecfca0e8930375ebedc2444471332f5b23783pull/626/head
data-plane-api(Azure Pipelines)
2 years ago
parent
6c06e515fb
commit
09674a7549
4 changed files with 105 additions and 0 deletions
@ -0,0 +1,13 @@ |
||||
# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. |
||||
|
||||
load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") |
||||
|
||||
licenses(["notice"]) # Apache 2 |
||||
|
||||
api_proto_package( |
||||
deps = [ |
||||
"//envoy/config/core/v3:pkg", |
||||
"@com_github_cncf_udpa//udpa/annotations:pkg", |
||||
"@com_github_cncf_udpa//xds/annotations/v3:pkg", |
||||
], |
||||
) |
||||
@ -0,0 +1,90 @@ |
||||
syntax = "proto3"; |
||||
|
||||
package envoy.extensions.filters.http.geoip.v3; |
||||
|
||||
import "envoy/config/core/v3/extension.proto"; |
||||
|
||||
import "xds/annotations/v3/status.proto"; |
||||
|
||||
import "udpa/annotations/status.proto"; |
||||
import "validate/validate.proto"; |
||||
|
||||
option java_package = "io.envoyproxy.envoy.extensions.filters.http.geoip.v3"; |
||||
option java_outer_classname = "GeoipProto"; |
||||
option java_multiple_files = true; |
||||
option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/geoip/v3;geoipv3"; |
||||
option (udpa.annotations.file_status).package_version_status = ACTIVE; |
||||
option (xds.annotations.v3.file_status).work_in_progress = true; |
||||
|
||||
// [#protodoc-title: Geoip] |
||||
// Geoip :ref:`configuration overview <config_http_filters_geoip>`. |
||||
// [#extension: envoy.filters.http.geoip] |
||||
|
||||
message Geoip { |
||||
// The set of geolocation headers to add to request. If any of the configured headers is present |
||||
// in the incoming request, it will be overridden by Geoip filter. |
||||
// [#next-free-field: 10] |
||||
message GeolocationHeadersToAdd { |
||||
// If set, the header will be used to populate the country ISO code associated with the IP address. |
||||
string country = 1 |
||||
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}]; |
||||
|
||||
// If set, the header will be used to populate the city associated with the IP address. |
||||
string city = 2 |
||||
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}]; |
||||
|
||||
// If set, the header will be used to populate the region ISO code associated with the IP address. |
||||
string region = 3 |
||||
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}]; |
||||
|
||||
// If set, the header will be used to populate the ASN associated with the IP address. |
||||
string asn = 4 |
||||
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}]; |
||||
|
||||
// If set, the IP address will be checked if it belongs to any type of anonymization network (e.g. VPN, public proxy etc) |
||||
// and header will be populated with the check result. Header value will be set to either "true" or "false" depending on the check result. |
||||
string is_anon = 5 |
||||
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}]; |
||||
|
||||
// If set, the IP address will be checked if it belongs to a VPN and header will be populated with the check result. |
||||
// Header value will be set to either "true" or "false" depending on the check result. |
||||
string anon_vpn = 6 |
||||
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}]; |
||||
|
||||
// If set, the IP address will be checked if it belongs to a hosting provider and header will be populated with the check result. |
||||
// Header value will be set to either "true" or "false" depending on the check result. |
||||
string anon_hosting = 7 |
||||
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}]; |
||||
|
||||
// If set, the IP address will be checked if it belongs to a TOR exit node and header will be populated with the check result. |
||||
// Header value will be set to either "true" or "false" depending on the check result. |
||||
string anon_tor = 8 |
||||
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}]; |
||||
|
||||
// If set, the IP address will be checked if it belongs to a public proxy and header will be populated with the check result. |
||||
// Header value will be set to either "true" or "false" depending on the check result. |
||||
string anon_proxy = 9 |
||||
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}]; |
||||
} |
||||
|
||||
message XffConfig { |
||||
// The number of additional ingress proxy hops from the right side of the |
||||
// :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header to trust when |
||||
// determining the origin client's IP address. The default is zero if this option |
||||
// is not specified. See the documentation for |
||||
// :ref:`config_http_conn_man_headers_x-forwarded-for` for more information. |
||||
uint32 xff_num_trusted_hops = 1; |
||||
} |
||||
|
||||
// If set, the :ref:`xff_num_trusted_hops <envoy_v3_api_field_extensions.filters.http.geoip.v3.Geoip.XffConfig.xff_num_trusted_hops>` field will be used to determine |
||||
// trusted client address from `x-forwarded-for` header. |
||||
// Otherwise, the immediate downstream connection source address will be used. |
||||
// [#next-free-field: 2] |
||||
XffConfig xff_config = 1; |
||||
|
||||
// Configuration for geolocation headers to add to request. |
||||
GeolocationHeadersToAdd geo_headers_to_add = 2 [(validate.rules).message = {required: true}]; |
||||
|
||||
// Geolocation provider specific configuration. |
||||
config.core.v3.TypedExtensionConfig provider = 3 [(validate.rules).message = {required: true}]; |
||||
} |
||||
Loading…
Reference in new issue