gateway icon indicating copy to clipboard operation
gateway copied to clipboard

Published 20 hours ago verified publisher icon envoyproxy

Support for disabling xff header append

Open luvk1412 opened this issue 5 months ago • 3 comments

EG by default sets use-remote-address to true currently at https://github.com/envoyproxy/gateway/blob/14f687fb4fd18b98de654d22119f4e4bd10a71e2/internal/xds/translator/listener.go#L242 while in envoy this is false by default. My understanding is that as eg is supposed to be the first L7 layer for downstream traffic, hence this has been set to true.

However in our use case eg is not the first L7 layer, rather its aws ALB due to which ALB private ip gets appended to xff header which we don't want. Hence we want this to be false or an option to set skip_xff_append to true. So it would be nice to have an api to set above two fields.

For anyone else facing the same issue for now you can use below jsonPatch in EnvoyPatchPolicy:

  jsonPatches:
    - type: "type.googleapis.com/envoy.config.listener.v3.Listener"
      # The listener name is of the form <GatewayNamespace>/<GatewayName>/<GatewayListenerName>
      name: staging/eg-staging/http
      operation:
        op: add
        path: "/default_filter_chain/filters/0/typed_config/skip_xff_append"
        value: true

luvk1412 avatar Sep 13 '24 13:09 luvk1412