http: limiting number and size of user defined headers (#4525)

limiting user defined header alterations to 25 alterations (add/remove request/response headers) and 1024 bytes per alteration.

Risk Level: medium (if someone needs higher limits we can roll back and roll forward with new values)
Testing: new unit tests of one of the 17 fields affected
Release Notes: noted the new limitations
Fixes #4268

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

Mirrored from https://github.com/envoyproxy/envoy @ b9bee1e649399f838b23cb1cedfba888e1925605
pull/620/head
data-plane-api(CircleCI) 6 years ago
parent b8077159d3
commit cd0ef756db
  1. 4
      envoy/api/v2/core/base.proto
  2. 3
      envoy/api/v2/core/health_check.proto
  3. 7
      envoy/api/v2/rds.proto
  4. 18
      envoy/api/v2/route/route.proto

@ -136,14 +136,14 @@ enum RequestMethod {
// Header name/value pair.
message HeaderValue {
// Header name.
string key = 1 [(validate.rules).string.min_bytes = 1];
string key = 1 [(validate.rules).string = {min_bytes: 1, max_bytes: 16384}];
// Header value.
//
// The same :ref:`format specifier <config_access_log_format>` as used for
// :ref:`HTTP access logging <config_access_log>` applies here, however
// unknown header values are replaced with the empty string instead of `-`.
string value = 2;
string value = 2 [(validate.rules).string.max_bytes = 16384];
}
// Header name/value pair plus option to control append behavior.

@ -105,7 +105,8 @@ message HealthCheck {
// health checked cluster. For more information, including details on header value syntax, see
// the documentation on :ref:`custom request headers
// <config_http_conn_man_headers_custom_request_headers>`.
repeated core.HeaderValueOption request_headers_to_add = 6;
repeated core.HeaderValueOption request_headers_to_add = 6
[(validate.rules).repeated .max_items = 1000];
// Specifies a list of HTTP headers that should be removed from each request that is sent to the
// health checked cluster.

@ -11,6 +11,7 @@ import "envoy/api/v2/route/route.proto";
import "google/api/annotations.proto";
import "google/protobuf/wrappers.proto";
import "validate/validate.proto";
import "gogoproto/gogo.proto";
option (gogoproto.equal_all) = true;
@ -63,7 +64,8 @@ message RouteConfiguration {
// :ref:`envoy_api_msg_route.RouteAction`. For more information, including details on
// header value syntax, see the documentation on :ref:`custom request headers
// <config_http_conn_man_headers_custom_request_headers>`.
repeated core.HeaderValueOption response_headers_to_add = 4;
repeated core.HeaderValueOption response_headers_to_add = 4
[(validate.rules).repeated .max_items = 1000];
// Specifies a list of HTTP headers that should be removed from each response
// that the connection manager encodes.
@ -75,7 +77,8 @@ message RouteConfiguration {
// :ref:`envoy_api_msg_route.RouteAction`. For more information, including details on
// header value syntax, see the documentation on :ref:`custom request headers
// <config_http_conn_man_headers_custom_request_headers>`.
repeated core.HeaderValueOption request_headers_to_add = 6;
repeated core.HeaderValueOption request_headers_to_add = 6
[(validate.rules).repeated .max_items = 1000];
// Specifies a list of HTTP headers that should be removed from each request
// routed by the HTTP connection manager.

@ -80,7 +80,8 @@ message VirtualHost {
// enclosing :ref:`envoy_api_msg_RouteConfiguration`. For more information, including
// details on header value syntax, see the documentation on :ref:`custom request headers
// <config_http_conn_man_headers_custom_request_headers>`.
repeated core.HeaderValueOption request_headers_to_add = 7;
repeated core.HeaderValueOption request_headers_to_add = 7
[(validate.rules).repeated .max_items = 1000];
// Specifies a list of HTTP headers that should be removed from each request
// handled by this virtual host.
@ -92,7 +93,8 @@ message VirtualHost {
// enclosing :ref:`envoy_api_msg_RouteConfiguration`. For more information, including
// details on header value syntax, see the documentation on :ref:`custom request headers
// <config_http_conn_man_headers_custom_request_headers>`.
repeated core.HeaderValueOption response_headers_to_add = 10;
repeated core.HeaderValueOption response_headers_to_add = 10
[(validate.rules).repeated .max_items = 1000];
// Specifies a list of HTTP headers that should be removed from each response
// handled by this virtual host.
@ -171,7 +173,8 @@ message Route {
// :ref:`envoy_api_msg_RouteConfiguration`. For more information, including details on
// header value syntax, see the documentation on :ref:`custom request headers
// <config_http_conn_man_headers_custom_request_headers>`.
repeated core.HeaderValueOption request_headers_to_add = 9;
repeated core.HeaderValueOption request_headers_to_add = 9
[(validate.rules).repeated .max_items = 1000];
// Specifies a list of HTTP headers that should be removed from each request
// matching this route.
@ -183,7 +186,8 @@ message Route {
// :ref:`envoy_api_msg_RouteConfiguration`. For more information, including
// details on header value syntax, see the documentation on
// :ref:`custom request headers <config_http_conn_man_headers_custom_request_headers>`.
repeated core.HeaderValueOption response_headers_to_add = 10;
repeated core.HeaderValueOption response_headers_to_add = 10
[(validate.rules).repeated .max_items = 1000];
// Specifies a list of HTTP headers that should be removed from each response
// to requests matching this route.
@ -223,7 +227,8 @@ message WeightedCluster {
// :ref:`envoy_api_msg_RouteConfiguration`. For more information, including details on
// header value syntax, see the documentation on :ref:`custom request headers
// <config_http_conn_man_headers_custom_request_headers>`.
repeated core.HeaderValueOption request_headers_to_add = 4;
repeated core.HeaderValueOption request_headers_to_add = 4
[(validate.rules).repeated .max_items = 1000];
// Specifies a list of HTTP headers that should be removed from each request when
// this cluster is selected through the enclosing :ref:`envoy_api_msg_route.RouteAction`.
@ -236,7 +241,8 @@ message WeightedCluster {
// :ref:`envoy_api_msg_RouteConfiguration`. For more information, including details on
// header value syntax, see the documentation on :ref:`custom request headers
// <config_http_conn_man_headers_custom_request_headers>`.
repeated core.HeaderValueOption response_headers_to_add = 5;
repeated core.HeaderValueOption response_headers_to_add = 5
[(validate.rules).repeated .max_items = 1000];
// Specifies a list of headers to be removed from responses when this cluster is selected
// through the enclosing :ref:`envoy_api_msg_route.RouteAction`.

Loading…
Cancel
Save