From 5bf3cf964c8994888f330f23a28ccb8f2bcd582b Mon Sep 17 00:00:00 2001
From: "data-plane-api(Azure Pipelines)"
 <data-plane-api@users.noreply.github.com>
Date: Mon, 4 Apr 2022 17:54:54 +0000
Subject: [PATCH] http conn manager: configure which address ranges are
 considered internal (#20548)

Fixes #19844

Signed-off-by: deveshkandpal1224 <deveshkandpal1224@gmail.com>

Mirrored from https://github.com/envoyproxy/envoy @ e4eaf1b970876d269f7e15dc049f90c79742e298
---
 .../http_connection_manager/v3/http_connection_manager.proto | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
index 5a130b84..7bff1de5 100644
--- a/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
+++ b/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
@@ -3,6 +3,7 @@ syntax = "proto3";
 package envoy.extensions.filters.network.http_connection_manager.v3;
 
 import "envoy/config/accesslog/v3/accesslog.proto";
+import "envoy/config/core/v3/address.proto";
 import "envoy/config/core/v3/base.proto";
 import "envoy/config/core/v3/config_source.proto";
 import "envoy/config/core/v3/extension.proto";
@@ -202,6 +203,10 @@ message HttpConnectionManager {
 
     // Whether unix socket addresses should be considered internal.
     bool unix_sockets = 1;
+
+    // List of CIDR ranges that are treated as internal. If unset, then RFC1918 / RFC4193
+    // IP addresses will be considered internal.
+    repeated config.core.v3.CidrRange cidr_ranges = 2;
   }
 
   // [#next-free-field: 7]