contour icon indicating copy to clipboard operation
contour copied to clipboard

Published 20 hours ago verified publisher icon projectcontour

Is is possible to "disable_on_etag_header: true" to envoy compressor extension

Open boatmisser opened this issue 3 years ago • 4 comments

Can I pass disable_on_etag_header: true to envoy; preferably by HTTPProxy route; but envoy as whole would be acceptable. Searched docs from both contour and envoy and haven't had much luck. Thanks

Environment:

  • Contour version: v1.18.3
  • Kubernetes version: (use kubectl version): v1.21.14-eks-18ef993

boatmisser avatar Aug 19 '22 00:08 boatmisser

could you add a little more detail to the description on why this feature is useful to you? just for context for anyone picking this up and to add some justification

seems reasonable as a feature to add

see here where we configure the compressor filter: https://github.com/projectcontour/contour/blob/491e263e2ab3f4b6e6c0fa629b580491a03ab2da/internal/envoy/v3/listener.go#L251-L277

we will likely have to add this feature as a global configuration, since the compressor filter is per Envoy HTTPConnectionManager and for HTTP virtualhosts there is only one (though there are many filter chains for HTTPS virtualhosts)

the global flag will probably go somewhere here: https://github.com/projectcontour/contour/blob/491e263e2ab3f4b6e6c0fa629b580491a03ab2da/apis/projectcontour/v1alpha1/contourconfig.go#L324 (and accompanying config file location since that hasnt been deprecated yet)

let us know if you are willing to contribute, PRs are welcome! otherwise we will get this in the backlog and prioritized

sunjayBhatia avatar Aug 22 '22 14:08 sunjayBhatia

thanks for the reply we have a couple of issues; the first is Etag being stripped when envoy compresses the response. The other is that we have a WAF outside of our cluster that performs some security checking on the response; this means that the WAF has to de-compress, process, then re-compress. So this first issue could be worked around with using disable_on_etag_header: true; and this is the one we are concerned about. However if we can't pass config to envoy; is it possible to disable envoy compression entirely?

boatmisser avatar Aug 30 '22 21:08 boatmisser

you can disable compression if your response content-type is not in this set: https://github.com/projectcontour/contour/blob/602a77f4a735a45bf58b8cc642eaf66392e166c4/internal/envoy/v3/listener.go#L272-L281

see envoy field documentation: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/compressor/v3/compressor.proto#envoy-v3-api-field-extensions-filters-http-compressor-v3-compressor-content-type

sunjayBhatia avatar Oct 31 '22 17:10 sunjayBhatia