proxy protocol: optionally auto-detect presence of proxy protocol (#18951)

Allows users to opt-in to functionality to auto-detect proxy protocol if present, and skip the filter if it's not present. Signed-off-by: Kevin Dorosh <kevin.dorosh@solo.io> Mirrored from https://github.com/envoyproxy/envoy @ 18c59eaf1b78c5b6bbe4d6ad96009ec3ecd895e1
3 years ago · 3ad64fb397
parent 7849e30b37
commit 3ad64fb397
1 changed files with 17 additions and 0 deletions
--- a/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto
+++ b/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto
@ -41,4 +41,21 @@ message ProxyProtocol {

  // The list of rules to apply to requests.
  repeated Rule rules = 1;
+
+  // Allow requests through that don't use proxy protocol. Defaults to false.
+  //
+  // .. attention::
+  //
+  //   This breaks conformance with the specification.
+  //   Only enable if ALL traffic to the listener comes from a trusted source.
+  //   For more information on the security implications of this feature, see
+  //   https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt
+  //
+  // .. attention::
+  //
+  //   Requests of 12 or fewer bytes that match the proxy protocol v2 signature
+  //   and requests of 6 or fewer bytes that match the proxy protocol v1
+  //   signature will timeout (Envoy is unable to differentiate these requests
+  //   from incomplete proxy protocol requests).
+  bool allow_requests_without_proxy_protocol = 2;
 }