From e1192f447376990b237c8123bd2dd13b75dad5ac Mon Sep 17 00:00:00 2001 From: "data-plane-api(CircleCI)" Date: Fri, 25 Sep 2020 17:55:09 +0000 Subject: [PATCH] http: add CDN-Loop header filter (#13158) The CdnLoopFilter implements an HTTP filter that detects and prevents CDN loops using the RFC 8586 CDN-Loop header. The filter can be configured with the CDN identifier to look for as well as the number of times the CDN identifier can be seen before responding with an error. Signed-off-by: Justin Mazzola Paluska Mirrored from https://github.com/envoyproxy/envoy @ c71ec2729cc3c0708223d303e0f24e3bf9a5d0eb --- BUILD | 1 + .../filters/http/cdn_loop/v3alpha/BUILD | 9 +++++ .../http/cdn_loop/v3alpha/cdn_loop.proto | 37 +++++++++++++++++++ versioning/BUILD | 1 + 4 files changed, 48 insertions(+) create mode 100644 envoy/extensions/filters/http/cdn_loop/v3alpha/BUILD create mode 100644 envoy/extensions/filters/http/cdn_loop/v3alpha/cdn_loop.proto diff --git a/BUILD b/BUILD index d981622e..79b2194f 100644 --- a/BUILD +++ b/BUILD @@ -171,6 +171,7 @@ proto_library( "//envoy/extensions/filters/http/aws_request_signing/v3:pkg", "//envoy/extensions/filters/http/buffer/v3:pkg", "//envoy/extensions/filters/http/cache/v3alpha:pkg", + "//envoy/extensions/filters/http/cdn_loop/v3alpha:pkg", "//envoy/extensions/filters/http/compressor/v3:pkg", "//envoy/extensions/filters/http/cors/v3:pkg", "//envoy/extensions/filters/http/csrf/v3:pkg", diff --git a/envoy/extensions/filters/http/cdn_loop/v3alpha/BUILD b/envoy/extensions/filters/http/cdn_loop/v3alpha/BUILD new file mode 100644 index 00000000..ee92fb65 --- /dev/null +++ b/envoy/extensions/filters/http/cdn_loop/v3alpha/BUILD @@ -0,0 +1,9 @@ +# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"], +) diff --git a/envoy/extensions/filters/http/cdn_loop/v3alpha/cdn_loop.proto b/envoy/extensions/filters/http/cdn_loop/v3alpha/cdn_loop.proto new file mode 100644 index 00000000..3f8b7f5b --- /dev/null +++ b/envoy/extensions/filters/http/cdn_loop/v3alpha/cdn_loop.proto @@ -0,0 +1,37 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.cdn_loop.v3alpha; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.cdn_loop.v3alpha"; +option java_outer_classname = "CdnLoopProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).work_in_progress = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: HTTP CDN-Loop Filter] +// [#extension: envoy.filters.http.cdn_loop] + +// CDN-Loop Header filter config. See the :ref:`configuration overview +// ` for more information. +message CdnLoopConfig { + // The CDN identifier to use for loop checks and to append to the + // CDN-Loop header. + // + // RFC 8586 calls this the cdn-id. The cdn-id can either be a + // pseudonym or hostname the CDN is in control of. + // + // cdn_id must not be empty. + string cdn_id = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The maximum allowed count of cdn_id in the downstream CDN-Loop + // request header. + // + // The default of 0 means a request can transit the CdnLoopFilter + // once. A value of 1 means that a request can transit the + // CdnLoopFilter twice and so on. + uint32 max_allowed_occurrences = 2; +} diff --git a/versioning/BUILD b/versioning/BUILD index 48c8df7f..9abb9f09 100644 --- a/versioning/BUILD +++ b/versioning/BUILD @@ -54,6 +54,7 @@ proto_library( "//envoy/extensions/filters/http/aws_request_signing/v3:pkg", "//envoy/extensions/filters/http/buffer/v3:pkg", "//envoy/extensions/filters/http/cache/v3alpha:pkg", + "//envoy/extensions/filters/http/cdn_loop/v3alpha:pkg", "//envoy/extensions/filters/http/compressor/v3:pkg", "//envoy/extensions/filters/http/cors/v3:pkg", "//envoy/extensions/filters/http/csrf/v3:pkg",