From 2bf5d617042e52b7f4f834f87792f1638bfa7bbc Mon Sep 17 00:00:00 2001 From: Brian Pane Date: Tue, 6 Feb 2018 12:20:40 -0800 Subject: [PATCH] enable configuration of the number of trusted addresses in XFF (#459) * enable configuration of the number of trusted addresses in x-forwarded-for --- .../v2/http_connection_manager.proto | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto b/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto index 286c33cd..559bc2fe 100644 --- a/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto +++ b/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto @@ -160,6 +160,15 @@ message HttpConnectionManager { // :ref:`config_http_conn_man_headers_x-envoy-external-address` for more information. google.protobuf.BoolValue use_remote_address = 14; + // [#not-implemented-hide:] + // The number of additional ingress proxy hops from the right side of the + // :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header to trust when + // determining the origin client's IP address. The default is zero if this option + // is not specified. See the documentation for + // :ref:`config_http_conn_man_headers_x-forwarded-for` for more information. + uint32 xff_num_trusted_hops = 19; + + // of the client connection as the origin client address if *use_remote_address* is true // Whether the connection manager will generate the :ref:`x-request-id // ` header if it does not exist. This defaults to // true. Generating a random UUID4 is expensive so in high throughput scenarios where this feature