XFF original IP detection extension

extensions.http.original_ip_detection.xff.v3.XffConfig

[extensions.http.original_ip_detection.xff.v3.XffConfig proto]

This extension allows for the original downstream remote IP to be detected by reading the x-forwarded-for header.

This extension may be referenced by the qualified name envoy.http.original_ip_detection.xff

Note

This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.

Tip

This extension extends and can be used with the following extension category:

{
  "xff_num_trusted_hops": "..."
}
xff_num_trusted_hops

(uint32) The number of additional ingress proxy hops from the right side of the x-forwarded-for HTTP header to trust when determining the origin client’s IP address. The default is zero if this option is not specified. See the documentation for x-forwarded-for for more information.