.. _envoy_v3_api_file_envoy/config/route/v3/route_components.proto:
HTTP route components (proto)
=============================
* Routing :ref:`architecture overview <arch_overview_http_routing>`
* HTTP :ref:`router filter <config_http_filters_router>`
.. _envoy_v3_api_msg_config.route.v3.VirtualHost:
config.route.v3.VirtualHost
---------------------------
:repo:`[config.route.v3.VirtualHost proto] <api/envoy/config/route/v3/route_components.proto#L44>`
The top level element in the routing configuration is a virtual host. Each virtual host has
a logical name as well as a set of domains that get routed to it based on the incoming request's
host header. This allows a single listener to service multiple top level domain path trees. Once
a virtual host is selected based on the domain, the routes are processed in order to see which
upstream cluster to route to or whether to perform a redirect.
.. code-block:: json
:force:
{
"name": ...,
"domains": [],
"routes": [],
"matcher": {...},
"require_tls": ...,
"virtual_clusters": [],
"rate_limits": [],
"request_headers_to_add": [],
"request_headers_to_remove": [],
"response_headers_to_add": [],
"response_headers_to_remove": [],
"cors": {...},
"typed_per_filter_config": {...},
"include_request_attempt_count": ...,
"include_attempt_count_in_response": ...,
"retry_policy": {...},
"hedge_policy": {...},
"include_is_timeout_retry_header": ...,
"per_request_buffer_limit_bytes": {...},
"request_mirror_policies": [],
"metadata": {...}
}
.. _envoy_v3_api_field_config.route.v3.VirtualHost.name:
name
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) The logical name of the virtual host. This is used when emitting certain
statistics but is not relevant for routing.
.. _envoy_v3_api_field_config.route.v3.VirtualHost.domains:
domains
(**repeated** `string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) A list of domains (host/authority header) that will be matched to this
virtual host. Wildcard hosts are supported in the suffix or prefix form.
Domain search order:
1. Exact domain names: ``www.foo.com``.
2. Suffix domain wildcards: ``*.foo.com`` or ``*-bar.foo.com``.
3. Prefix domain wildcards: ``foo.*`` or ``foo-*``.
4. Special wildcard ``*`` matching any domain.
.. note::
The wildcard will not match the empty string.
e.g. ``*-bar.foo.com`` will match ``baz-bar.foo.com`` but not ``-bar.foo.com``.
The longest wildcards match first.
Only a single virtual host in the entire route configuration can match on ``*``. A domain
must be unique across all virtual hosts or the config will fail to load.
Domains cannot contain control characters. This is validated by the well_known_regex HTTP_HEADER_VALUE.
.. _envoy_v3_api_field_config.route.v3.VirtualHost.routes:
routes
(**repeated** :ref:`config.route.v3.Route <envoy_v3_api_msg_config.route.v3.Route>`) The list of routes that will be matched, in order, for incoming requests.
The first route that matches will be used.
Only one of this and ``matcher`` can be specified.
.. _envoy_v3_api_field_config.route.v3.VirtualHost.matcher:
matcher
(:ref:`.xds.type.matcher.v3.Matcher <envoy_v3_api_msg_.xds.type.matcher.v3.Matcher>`) The match tree to use when resolving route actions for incoming requests. Only one of this and ``routes``
can be specified.
.. warning::
This API feature is currently work-in-progress. API features marked as work-in-progress are not considered stable, are not covered by the :ref:`threat model <arch_overview_threat_model>`, are not supported by the security team, and are subject to breaking changes. Do not use this feature without understanding each of the previous points.
.. _envoy_v3_api_field_config.route.v3.VirtualHost.require_tls:
require_tls
(:ref:`config.route.v3.VirtualHost.TlsRequirementType <envoy_v3_api_enum_config.route.v3.VirtualHost.TlsRequirementType>`) Specifies the type of TLS enforcement the virtual host expects. If this option is not
specified, there is no TLS requirement for the virtual host.
.. _envoy_v3_api_field_config.route.v3.VirtualHost.virtual_clusters:
virtual_clusters
(**repeated** :ref:`config.route.v3.VirtualCluster <envoy_v3_api_msg_config.route.v3.VirtualCluster>`) A list of virtual clusters defined for this virtual host. Virtual clusters
are used for additional statistics gathering.
.. _envoy_v3_api_field_config.route.v3.VirtualHost.rate_limits:
rate_limits
(**repeated** :ref:`config.route.v3.RateLimit <envoy_v3_api_msg_config.route.v3.RateLimit>`) Specifies a set of rate limit configurations that will be applied to the
virtual host.
.. _envoy_v3_api_field_config.route.v3.VirtualHost.request_headers_to_add:
request_headers_to_add
(**repeated** :ref:`config.core.v3.HeaderValueOption <envoy_v3_api_msg_config.core.v3.HeaderValueOption>`) Specifies a list of HTTP headers that should be added to each request
handled by this virtual host. Headers specified at this level are applied
after headers from enclosed :ref:`envoy_v3_api_msg_config.route.v3.Route` and before headers from the
enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including
details on header value syntax, see the documentation on :ref:`custom request headers
<config_http_conn_man_headers_custom_request_headers>`.
.. _envoy_v3_api_field_config.route.v3.VirtualHost.request_headers_to_remove:
request_headers_to_remove
(**repeated** `string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Specifies a list of HTTP headers that should be removed from each request
handled by this virtual host.
.. _envoy_v3_api_field_config.route.v3.VirtualHost.response_headers_to_add:
response_headers_to_add
(**repeated** :ref:`config.core.v3.HeaderValueOption <envoy_v3_api_msg_config.core.v3.HeaderValueOption>`) Specifies a list of HTTP headers that should be added to each response
handled by this virtual host. Headers specified at this level are applied
after headers from enclosed :ref:`envoy_v3_api_msg_config.route.v3.Route` and before headers from the
enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including
details on header value syntax, see the documentation on :ref:`custom request headers
<config_http_conn_man_headers_custom_request_headers>`.
.. _envoy_v3_api_field_config.route.v3.VirtualHost.response_headers_to_remove:
response_headers_to_remove
(**repeated** `string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Specifies a list of HTTP headers that should be removed from each response
handled by this virtual host.
.. _envoy_v3_api_field_config.route.v3.VirtualHost.cors:
cors
(:ref:`config.route.v3.CorsPolicy <envoy_v3_api_msg_config.route.v3.CorsPolicy>`) Indicates that the virtual host has a CORS policy. This field is ignored if related cors policy is
found in the
:ref:`VirtualHost.typed_per_filter_config<envoy_v3_api_field_config.route.v3.VirtualHost.typed_per_filter_config>`.
.. attention::
This option has been deprecated. Please use
:ref:`VirtualHost.typed_per_filter_config<envoy_v3_api_field_config.route.v3.VirtualHost.typed_per_filter_config>`
to configure the CORS HTTP filter.
.. _envoy_v3_api_field_config.route.v3.VirtualHost.typed_per_filter_config:
typed_per_filter_config
(**repeated** map<`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, `Any <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#any>`_>) This field can be used to provide virtual host level per filter config. The key should match the
:ref:`filter config name
<envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpFilter.name>`.
See :ref:`Http filter route specific config <arch_overview_http_filters_per_filter_config>`
for details.
.. _envoy_v3_api_field_config.route.v3.VirtualHost.include_request_attempt_count:
include_request_attempt_count
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Decides whether the :ref:`x-envoy-attempt-count
<config_http_filters_router_x-envoy-attempt-count>` header should be included
in the upstream request. Setting this option will cause it to override any existing header
value, so in the case of two Envoys on the request path with this option enabled, the upstream
will see the attempt count as perceived by the second Envoy. Defaults to false.
This header is unaffected by the
:ref:`suppress_envoy_headers
<envoy_v3_api_field_extensions.filters.http.router.v3.Router.suppress_envoy_headers>` flag.
.. _envoy_v3_api_field_config.route.v3.VirtualHost.include_attempt_count_in_response:
include_attempt_count_in_response
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Decides whether the :ref:`x-envoy-attempt-count
<config_http_filters_router_x-envoy-attempt-count>` header should be included
in the downstream response. Setting this option will cause the router to override any existing header
value, so in the case of two Envoys on the request path with this option enabled, the downstream
will see the attempt count as perceived by the Envoy closest upstream from itself. Defaults to false.
This header is unaffected by the
:ref:`suppress_envoy_headers
<envoy_v3_api_field_extensions.filters.http.router.v3.Router.suppress_envoy_headers>` flag.
.. _envoy_v3_api_field_config.route.v3.VirtualHost.retry_policy:
retry_policy
(:ref:`config.route.v3.RetryPolicy <envoy_v3_api_msg_config.route.v3.RetryPolicy>`) Indicates the retry policy for all routes in this virtual host. Note that setting a
route level entry will take precedence over this config and it'll be treated
independently (e.g.: values are not inherited).
.. _envoy_v3_api_field_config.route.v3.VirtualHost.hedge_policy:
hedge_policy
(:ref:`config.route.v3.HedgePolicy <envoy_v3_api_msg_config.route.v3.HedgePolicy>`) Indicates the hedge policy for all routes in this virtual host. Note that setting a
route level entry will take precedence over this config and it'll be treated
independently (e.g.: values are not inherited).
.. _envoy_v3_api_field_config.route.v3.VirtualHost.include_is_timeout_retry_header:
include_is_timeout_retry_header
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Decides whether to include the :ref:`x-envoy-is-timeout-retry <config_http_filters_router_x-envoy-is-timeout-retry>`
request header in retries initiated by per try timeouts.
.. _envoy_v3_api_field_config.route.v3.VirtualHost.per_request_buffer_limit_bytes:
per_request_buffer_limit_bytes
(`UInt32Value <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#uint32value>`_) The maximum bytes which will be buffered for retries and shadowing.
If set and a route-specific limit is not set, the bytes actually buffered will be the minimum
value of this and the listener per_connection_buffer_limit_bytes.
.. _envoy_v3_api_field_config.route.v3.VirtualHost.request_mirror_policies:
request_mirror_policies
(**repeated** :ref:`config.route.v3.RouteAction.RequestMirrorPolicy <envoy_v3_api_msg_config.route.v3.RouteAction.RequestMirrorPolicy>`) Specify a set of default request mirroring policies for every route under this virtual host.
It takes precedence over the route config mirror policy entirely.
That is, policies are not merged, the most specific non-empty one becomes the mirror policies.
.. _envoy_v3_api_field_config.route.v3.VirtualHost.metadata:
metadata
(:ref:`config.core.v3.Metadata <envoy_v3_api_msg_config.core.v3.Metadata>`) The metadata field can be used to provide additional information
about the virtual host. It can be used for configuration, stats, and logging.
The metadata should go under the filter namespace that will need it.
For instance, if the metadata is intended for the Router filter,
the filter name should be specified as ``envoy.filters.http.router``.
.. _envoy_v3_api_enum_config.route.v3.VirtualHost.TlsRequirementType:
Enum config.route.v3.VirtualHost.TlsRequirementType
---------------------------------------------------
:repo:`[config.route.v3.VirtualHost.TlsRequirementType proto] <api/envoy/config/route/v3/route_components.proto#L47>`
.. _envoy_v3_api_enum_value_config.route.v3.VirtualHost.TlsRequirementType.NONE:
NONE
*(DEFAULT)* No TLS requirement for the virtual host.
.. _envoy_v3_api_enum_value_config.route.v3.VirtualHost.TlsRequirementType.EXTERNAL_ONLY:
EXTERNAL_ONLY
External requests must use TLS. If a request is external and it is not
using TLS, a 301 redirect will be sent telling the client to use HTTPS.
.. _envoy_v3_api_enum_value_config.route.v3.VirtualHost.TlsRequirementType.ALL:
ALL
All requests must use TLS. If a request is not using TLS, a 301 redirect
will be sent telling the client to use HTTPS.
.. _envoy_v3_api_msg_config.route.v3.FilterAction:
config.route.v3.FilterAction
----------------------------
:repo:`[config.route.v3.FilterAction proto] <api/envoy/config/route/v3/route_components.proto#L227>`
A filter-defined action type.
.. code-block:: json
:force:
{
"action": {...}
}
.. _envoy_v3_api_field_config.route.v3.FilterAction.action:
action
(`Any <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#any>`_)
.. _envoy_v3_api_msg_config.route.v3.RouteList:
config.route.v3.RouteList
-------------------------
:repo:`[config.route.v3.RouteList proto] <api/envoy/config/route/v3/route_components.proto#L235>`
This can be used in route matcher :ref:`VirtualHost.matcher <envoy_v3_api_field_config.route.v3.VirtualHost.matcher>`.
When the matcher matches, routes will be matched and run.
.. code-block:: json
:force:
{
"routes": []
}
.. _envoy_v3_api_field_config.route.v3.RouteList.routes:
routes
(**repeated** :ref:`config.route.v3.Route <envoy_v3_api_msg_config.route.v3.Route>`) The list of routes that will be matched and run, in order. The first route that matches will be used.
.. _envoy_v3_api_msg_config.route.v3.Route:
config.route.v3.Route
---------------------
:repo:`[config.route.v3.Route proto] <api/envoy/config/route/v3/route_components.proto#L248>`
A route is both a specification of how to match a request as well as an indication of what to do
next (e.g., redirect, forward, rewrite, etc.).
.. attention::
Envoy supports routing on HTTP method via :ref:`header matching
<envoy_v3_api_msg_config.route.v3.HeaderMatcher>`.
.. code-block:: json
:force:
{
"name": ...,
"match": {...},
"route": {...},
"redirect": {...},
"direct_response": {...},
"metadata": {...},
"decorator": {...},
"typed_per_filter_config": {...},
"request_headers_to_add": [],
"request_headers_to_remove": [],
"response_headers_to_add": [],
"response_headers_to_remove": [],
"tracing": {...},
"per_request_buffer_limit_bytes": {...},
"stat_prefix": ...
}
.. _envoy_v3_api_field_config.route.v3.Route.name:
name
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Name for the route.
.. _envoy_v3_api_field_config.route.v3.Route.match:
match
(:ref:`config.route.v3.RouteMatch <envoy_v3_api_msg_config.route.v3.RouteMatch>`, *REQUIRED*) Route matching parameters.
.. _envoy_v3_api_field_config.route.v3.Route.route:
route
(:ref:`config.route.v3.RouteAction <envoy_v3_api_msg_config.route.v3.RouteAction>`) Route request to some upstream cluster.
Precisely one of :ref:`route <envoy_v3_api_field_config.route.v3.Route.route>`, :ref:`redirect <envoy_v3_api_field_config.route.v3.Route.redirect>`, :ref:`direct_response <envoy_v3_api_field_config.route.v3.Route.direct_response>` must be set.
.. _envoy_v3_api_field_config.route.v3.Route.redirect:
redirect
(:ref:`config.route.v3.RedirectAction <envoy_v3_api_msg_config.route.v3.RedirectAction>`) Return a redirect.
Precisely one of :ref:`route <envoy_v3_api_field_config.route.v3.Route.route>`, :ref:`redirect <envoy_v3_api_field_config.route.v3.Route.redirect>`, :ref:`direct_response <envoy_v3_api_field_config.route.v3.Route.direct_response>` must be set.
.. _envoy_v3_api_field_config.route.v3.Route.direct_response:
direct_response
(:ref:`config.route.v3.DirectResponseAction <envoy_v3_api_msg_config.route.v3.DirectResponseAction>`) Return an arbitrary HTTP response directly, without proxying.
Precisely one of :ref:`route <envoy_v3_api_field_config.route.v3.Route.route>`, :ref:`redirect <envoy_v3_api_field_config.route.v3.Route.redirect>`, :ref:`direct_response <envoy_v3_api_field_config.route.v3.Route.direct_response>` must be set.
.. _envoy_v3_api_field_config.route.v3.Route.metadata:
metadata
(:ref:`config.core.v3.Metadata <envoy_v3_api_msg_config.core.v3.Metadata>`) The Metadata field can be used to provide additional information
about the route. It can be used for configuration, stats, and logging.
The metadata should go under the filter namespace that will need it.
For instance, if the metadata is intended for the Router filter,
the filter name should be specified as ``envoy.filters.http.router``.
.. _envoy_v3_api_field_config.route.v3.Route.decorator:
decorator
(:ref:`config.route.v3.Decorator <envoy_v3_api_msg_config.route.v3.Decorator>`) Decorator for the matched route.
.. _envoy_v3_api_field_config.route.v3.Route.typed_per_filter_config:
typed_per_filter_config
(**repeated** map<`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, `Any <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#any>`_>) This field can be used to provide route specific per filter config. The key should match the
:ref:`filter config name
<envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpFilter.name>`.
See :ref:`Http filter route specific config <arch_overview_http_filters_per_filter_config>`
for details.
.. _envoy_v3_api_field_config.route.v3.Route.request_headers_to_add:
request_headers_to_add
(**repeated** :ref:`config.core.v3.HeaderValueOption <envoy_v3_api_msg_config.core.v3.HeaderValueOption>`) Specifies a set of headers that will be added to requests matching this
route. Headers specified at this level are applied before headers from the
enclosing :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost` and
:ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including details on
header value syntax, see the documentation on :ref:`custom request headers
<config_http_conn_man_headers_custom_request_headers>`.
.. _envoy_v3_api_field_config.route.v3.Route.request_headers_to_remove:
request_headers_to_remove
(**repeated** `string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Specifies a list of HTTP headers that should be removed from each request
matching this route.
.. _envoy_v3_api_field_config.route.v3.Route.response_headers_to_add:
response_headers_to_add
(**repeated** :ref:`config.core.v3.HeaderValueOption <envoy_v3_api_msg_config.core.v3.HeaderValueOption>`) Specifies a set of headers that will be added to responses to requests
matching this route. Headers specified at this level are applied before
headers from the enclosing :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost` and
:ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including
details on header value syntax, see the documentation on
:ref:`custom request headers <config_http_conn_man_headers_custom_request_headers>`.
.. _envoy_v3_api_field_config.route.v3.Route.response_headers_to_remove:
response_headers_to_remove
(**repeated** `string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Specifies a list of HTTP headers that should be removed from each response
to requests matching this route.
.. _envoy_v3_api_field_config.route.v3.Route.tracing:
tracing
(:ref:`config.route.v3.Tracing <envoy_v3_api_msg_config.route.v3.Tracing>`) Presence of the object defines whether the connection manager's tracing configuration
is overridden by this route specific instance.
.. _envoy_v3_api_field_config.route.v3.Route.per_request_buffer_limit_bytes:
per_request_buffer_limit_bytes
(`UInt32Value <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#uint32value>`_) The maximum bytes which will be buffered for retries and shadowing.
If set, the bytes actually buffered will be the minimum value of this and the
listener per_connection_buffer_limit_bytes.
.. _envoy_v3_api_field_config.route.v3.Route.stat_prefix:
stat_prefix
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) The human readable prefix to use when emitting statistics for this endpoint.
The statistics are rooted at vhost.<virtual host name>.route.<stat_prefix>.
This should be set for highly critical
endpoints that one wishes to get “per-route” statistics on.
If not set, endpoint statistics are not generated.
The emitted statistics are the same as those documented for :ref:`virtual clusters <config_http_filters_router_vcluster_stats>`.
.. warning::
We do not recommend setting up a stat prefix for
every application endpoint. This is both not easily maintainable and
statistics use a non-trivial amount of memory(approximately 1KiB per route).
.. _envoy_v3_api_msg_config.route.v3.WeightedCluster:
config.route.v3.WeightedCluster
-------------------------------
:repo:`[config.route.v3.WeightedCluster proto] <api/envoy/config/route/v3/route_components.proto#L368>`
Compared to the :ref:`cluster <envoy_v3_api_field_config.route.v3.RouteAction.cluster>` field that specifies a
single upstream cluster as the target of a request, the :ref:`weighted_clusters
<envoy_v3_api_field_config.route.v3.RouteAction.weighted_clusters>` option allows for specification of
multiple upstream clusters along with weights that indicate the percentage of
traffic to be forwarded to each cluster. The router selects an upstream cluster based on the
weights.
.. code-block:: json
:force:
{
"clusters": [],
"total_weight": {...},
"runtime_key_prefix": ...,
"header_name": ...
}
.. _envoy_v3_api_field_config.route.v3.WeightedCluster.clusters:
clusters
(**repeated** :ref:`config.route.v3.WeightedCluster.ClusterWeight <envoy_v3_api_msg_config.route.v3.WeightedCluster.ClusterWeight>`, *REQUIRED*) Specifies one or more upstream clusters associated with the route.
.. _envoy_v3_api_field_config.route.v3.WeightedCluster.total_weight:
total_weight
(`UInt32Value <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#uint32value>`_) Specifies the total weight across all clusters. The sum of all cluster weights must equal this
value, if this is greater than 0.
This field is now deprecated, and the client will use the sum of all
cluster weights. It is up to the management server to supply the correct weights.
.. _envoy_v3_api_field_config.route.v3.WeightedCluster.runtime_key_prefix:
runtime_key_prefix
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Specifies the runtime key prefix that should be used to construct the
runtime keys associated with each cluster. When the ``runtime_key_prefix`` is
specified, the router will look for weights associated with each upstream
cluster under the key ``runtime_key_prefix`` + ``.`` + ``cluster[i].name`` where
``cluster[i]`` denotes an entry in the clusters array field. If the runtime
key for the cluster does not exist, the value specified in the
configuration file will be used as the default weight. See the :ref:`runtime documentation
<operations_runtime>` for how key names map to the underlying implementation.
.. _envoy_v3_api_field_config.route.v3.WeightedCluster.header_name:
header_name
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Specifies the header name that is used to look up the random value passed in the request header.
This is used to ensure consistent cluster picking across multiple proxy levels for weighted traffic.
If header is not present or invalid, Envoy will fall back to use the internally generated random value.
This header is expected to be single-valued header as we only want to have one selected value throughout
the process for the consistency. And the value is a unsigned number between 0 and UINT64_MAX.
.. _envoy_v3_api_msg_config.route.v3.WeightedCluster.ClusterWeight:
config.route.v3.WeightedCluster.ClusterWeight
---------------------------------------------
:repo:`[config.route.v3.WeightedCluster.ClusterWeight proto] <api/envoy/config/route/v3/route_components.proto#L372>`
.. code-block:: json
:force:
{
"name": ...,
"cluster_header": ...,
"weight": {...},
"metadata_match": {...},
"request_headers_to_add": [],
"request_headers_to_remove": [],
"response_headers_to_add": [],
"response_headers_to_remove": [],
"typed_per_filter_config": {...},
"host_rewrite_literal": ...
}
.. _envoy_v3_api_field_config.route.v3.WeightedCluster.ClusterWeight.name:
name
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Only one of ``name`` and ``cluster_header`` may be specified.
Name of the upstream cluster. The cluster must exist in the
:ref:`cluster manager configuration <config_cluster_manager>`.
.. _envoy_v3_api_field_config.route.v3.WeightedCluster.ClusterWeight.cluster_header:
cluster_header
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Only one of ``name`` and ``cluster_header`` may be specified.
Envoy will determine the cluster to route to by reading the value of the
HTTP header named by cluster_header from the request headers. If the
header is not found or the referenced cluster does not exist, Envoy will
return a 404 response.
.. attention::
Internally, Envoy always uses the HTTP/2 ``:authority`` header to represent the HTTP/1
``Host`` header. Thus, if attempting to match on ``Host``, match on ``:authority`` instead.
.. note::
If the header appears multiple times only the first value is used.
.. _envoy_v3_api_field_config.route.v3.WeightedCluster.ClusterWeight.weight:
weight
(`UInt32Value <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#uint32value>`_) The weight of the cluster. This value is relative to the other clusters'
weights. When a request matches the route, the choice of an upstream cluster
is determined by its weight. The sum of weights across all
entries in the clusters array must be greater than 0, and must not exceed
uint32_t maximal value (4294967295).
.. _envoy_v3_api_field_config.route.v3.WeightedCluster.ClusterWeight.metadata_match:
metadata_match
(:ref:`config.core.v3.Metadata <envoy_v3_api_msg_config.core.v3.Metadata>`) Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints in
the upstream cluster with metadata matching what is set in this field will be considered for
load balancing. Note that this will be merged with what's provided in
:ref:`RouteAction.metadata_match <envoy_v3_api_field_config.route.v3.RouteAction.metadata_match>`, with
values here taking precedence. The filter name should be specified as ``envoy.lb``.
.. _envoy_v3_api_field_config.route.v3.WeightedCluster.ClusterWeight.request_headers_to_add:
request_headers_to_add
(**repeated** :ref:`config.core.v3.HeaderValueOption <envoy_v3_api_msg_config.core.v3.HeaderValueOption>`) Specifies a list of headers to be added to requests when this cluster is selected
through the enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteAction`.
Headers specified at this level are applied before headers from the enclosing
:ref:`envoy_v3_api_msg_config.route.v3.Route`, :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost`, and
:ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including details on
header value syntax, see the documentation on :ref:`custom request headers
<config_http_conn_man_headers_custom_request_headers>`.
.. _envoy_v3_api_field_config.route.v3.WeightedCluster.ClusterWeight.request_headers_to_remove:
request_headers_to_remove
(**repeated** `string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Specifies a list of HTTP headers that should be removed from each request when
this cluster is selected through the enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteAction`.
.. _envoy_v3_api_field_config.route.v3.WeightedCluster.ClusterWeight.response_headers_to_add:
response_headers_to_add
(**repeated** :ref:`config.core.v3.HeaderValueOption <envoy_v3_api_msg_config.core.v3.HeaderValueOption>`) Specifies a list of headers to be added to responses when this cluster is selected
through the enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteAction`.
Headers specified at this level are applied before headers from the enclosing
:ref:`envoy_v3_api_msg_config.route.v3.Route`, :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost`, and
:ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including details on
header value syntax, see the documentation on :ref:`custom request headers
<config_http_conn_man_headers_custom_request_headers>`.
.. _envoy_v3_api_field_config.route.v3.WeightedCluster.ClusterWeight.response_headers_to_remove:
response_headers_to_remove
(**repeated** `string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Specifies a list of headers to be removed from responses when this cluster is selected
through the enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteAction`.
.. _envoy_v3_api_field_config.route.v3.WeightedCluster.ClusterWeight.typed_per_filter_config:
typed_per_filter_config
(**repeated** map<`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, `Any <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#any>`_>) This field can be used to provide weighted cluster specific per filter config. The key should match the
:ref:`filter config name
<envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpFilter.name>`.
See :ref:`Http filter route specific config <arch_overview_http_filters_per_filter_config>`
for details.
.. _envoy_v3_api_field_config.route.v3.WeightedCluster.ClusterWeight.host_rewrite_literal:
host_rewrite_literal
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Indicates that during forwarding, the host header will be swapped with
this value.
.. _envoy_v3_api_msg_config.route.v3.ClusterSpecifierPlugin:
config.route.v3.ClusterSpecifierPlugin
--------------------------------------
:repo:`[config.route.v3.ClusterSpecifierPlugin proto] <api/envoy/config/route/v3/route_components.proto#L502>`
Configuration for a cluster specifier plugin.
.. code-block:: json
:force:
{
"extension": {...},
"is_optional": ...
}
.. _envoy_v3_api_field_config.route.v3.ClusterSpecifierPlugin.extension:
extension
(:ref:`config.core.v3.TypedExtensionConfig <envoy_v3_api_msg_config.core.v3.TypedExtensionConfig>`, *REQUIRED*) The name of the plugin and its opaque configuration.
.. _envoy_v3_api_field_config.route.v3.ClusterSpecifierPlugin.is_optional:
is_optional
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) If is_optional is not set or is set to false and the plugin defined by this message is not a
supported type, the containing resource is NACKed. If is_optional is set to true, the resource
would not be NACKed for this reason. In this case, routes referencing this plugin's name would
not be treated as an illegal configuration, but would result in a failure if the route is
selected.
.. _envoy_v3_api_msg_config.route.v3.RouteMatch:
config.route.v3.RouteMatch
--------------------------
:repo:`[config.route.v3.RouteMatch proto] <api/envoy/config/route/v3/route_components.proto#L515>`
.. code-block:: json
:force:
{
"prefix": ...,
"path": ...,
"safe_regex": {...},
"connect_matcher": {...},
"path_separated_prefix": ...,
"path_match_policy": {...},
"case_sensitive": {...},
"runtime_fraction": {...},
"headers": [],
"query_parameters": [],
"grpc": {...},
"tls_context": {...},
"dynamic_metadata": []
}
.. _envoy_v3_api_field_config.route.v3.RouteMatch.prefix:
prefix
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) If specified, the route is a prefix rule meaning that the prefix must
match the beginning of the ``:path`` header.
Precisely one of :ref:`prefix <envoy_v3_api_field_config.route.v3.RouteMatch.prefix>`, :ref:`path <envoy_v3_api_field_config.route.v3.RouteMatch.path>`, :ref:`safe_regex <envoy_v3_api_field_config.route.v3.RouteMatch.safe_regex>`, :ref:`connect_matcher <envoy_v3_api_field_config.route.v3.RouteMatch.connect_matcher>`, :ref:`path_separated_prefix <envoy_v3_api_field_config.route.v3.RouteMatch.path_separated_prefix>`, :ref:`path_match_policy <envoy_v3_api_field_config.route.v3.RouteMatch.path_match_policy>` must be set.
.. _envoy_v3_api_field_config.route.v3.RouteMatch.path:
path
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) If specified, the route is an exact path rule meaning that the path must
exactly match the ``:path`` header once the query string is removed.
Precisely one of :ref:`prefix <envoy_v3_api_field_config.route.v3.RouteMatch.prefix>`, :ref:`path <envoy_v3_api_field_config.route.v3.RouteMatch.path>`, :ref:`safe_regex <envoy_v3_api_field_config.route.v3.RouteMatch.safe_regex>`, :ref:`connect_matcher <envoy_v3_api_field_config.route.v3.RouteMatch.connect_matcher>`, :ref:`path_separated_prefix <envoy_v3_api_field_config.route.v3.RouteMatch.path_separated_prefix>`, :ref:`path_match_policy <envoy_v3_api_field_config.route.v3.RouteMatch.path_match_policy>` must be set.
.. _envoy_v3_api_field_config.route.v3.RouteMatch.safe_regex:
safe_regex
(:ref:`type.matcher.v3.RegexMatcher <envoy_v3_api_msg_type.matcher.v3.RegexMatcher>`) If specified, the route is a regular expression rule meaning that the
regex must match the ``:path`` header once the query string is removed. The entire path
(without the query string) must match the regex. The rule will not match if only a
subsequence of the ``:path`` header matches the regex.
Precisely one of :ref:`prefix <envoy_v3_api_field_config.route.v3.RouteMatch.prefix>`, :ref:`path <envoy_v3_api_field_config.route.v3.RouteMatch.path>`, :ref:`safe_regex <envoy_v3_api_field_config.route.v3.RouteMatch.safe_regex>`, :ref:`connect_matcher <envoy_v3_api_field_config.route.v3.RouteMatch.connect_matcher>`, :ref:`path_separated_prefix <envoy_v3_api_field_config.route.v3.RouteMatch.path_separated_prefix>`, :ref:`path_match_policy <envoy_v3_api_field_config.route.v3.RouteMatch.path_match_policy>` must be set.
.. _envoy_v3_api_field_config.route.v3.RouteMatch.connect_matcher:
connect_matcher
(:ref:`config.route.v3.RouteMatch.ConnectMatcher <envoy_v3_api_msg_config.route.v3.RouteMatch.ConnectMatcher>`) If this is used as the matcher, the matcher will only match CONNECT or CONNECT-UDP requests.
Note that this will not match other Extended CONNECT requests (WebSocket and the like) as
they are normalized in Envoy as HTTP/1.1 style upgrades.
This is the only way to match CONNECT requests for HTTP/1.1. For HTTP/2 and HTTP/3,
where Extended CONNECT requests may have a path, the path matchers will work if
there is a path present.
Note that CONNECT support is currently considered alpha in Envoy.
Precisely one of :ref:`prefix <envoy_v3_api_field_config.route.v3.RouteMatch.prefix>`, :ref:`path <envoy_v3_api_field_config.route.v3.RouteMatch.path>`, :ref:`safe_regex <envoy_v3_api_field_config.route.v3.RouteMatch.safe_regex>`, :ref:`connect_matcher <envoy_v3_api_field_config.route.v3.RouteMatch.connect_matcher>`, :ref:`path_separated_prefix <envoy_v3_api_field_config.route.v3.RouteMatch.path_separated_prefix>`, :ref:`path_match_policy <envoy_v3_api_field_config.route.v3.RouteMatch.path_match_policy>` must be set.
.. _envoy_v3_api_field_config.route.v3.RouteMatch.path_separated_prefix:
path_separated_prefix
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) If specified, the route is a path-separated prefix rule meaning that the
``:path`` header (without the query string) must either exactly match the
``path_separated_prefix`` or have it as a prefix, followed by ``/``
For example, ``/api/dev`` would match
``/api/dev``, ``/api/dev/``, ``/api/dev/v1``, and ``/api/dev?param=true``
but would not match ``/api/developer``
Expect the value to not contain ``?`` or ``#`` and not to end in ``/``
Precisely one of :ref:`prefix <envoy_v3_api_field_config.route.v3.RouteMatch.prefix>`, :ref:`path <envoy_v3_api_field_config.route.v3.RouteMatch.path>`, :ref:`safe_regex <envoy_v3_api_field_config.route.v3.RouteMatch.safe_regex>`, :ref:`connect_matcher <envoy_v3_api_field_config.route.v3.RouteMatch.connect_matcher>`, :ref:`path_separated_prefix <envoy_v3_api_field_config.route.v3.RouteMatch.path_separated_prefix>`, :ref:`path_match_policy <envoy_v3_api_field_config.route.v3.RouteMatch.path_match_policy>` must be set.
.. _envoy_v3_api_field_config.route.v3.RouteMatch.path_match_policy:
path_match_policy
(:ref:`config.core.v3.TypedExtensionConfig <envoy_v3_api_msg_config.core.v3.TypedExtensionConfig>`)
.. _extension_category_envoy.path.match:
.. tip::
This extension category has the following known extensions:
- :ref:`envoy.path.match.uri_template.uri_template_matcher <extension_envoy.path.match.uri_template.uri_template_matcher>`
Precisely one of :ref:`prefix <envoy_v3_api_field_config.route.v3.RouteMatch.prefix>`, :ref:`path <envoy_v3_api_field_config.route.v3.RouteMatch.path>`, :ref:`safe_regex <envoy_v3_api_field_config.route.v3.RouteMatch.safe_regex>`, :ref:`connect_matcher <envoy_v3_api_field_config.route.v3.RouteMatch.connect_matcher>`, :ref:`path_separated_prefix <envoy_v3_api_field_config.route.v3.RouteMatch.path_separated_prefix>`, :ref:`path_match_policy <envoy_v3_api_field_config.route.v3.RouteMatch.path_match_policy>` must be set.
.. _envoy_v3_api_field_config.route.v3.RouteMatch.case_sensitive:
case_sensitive
(`BoolValue <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue>`_) Indicates that prefix/path matching should be case sensitive. The default
is true. Ignored for safe_regex matching.
.. _envoy_v3_api_field_config.route.v3.RouteMatch.runtime_fraction:
runtime_fraction
(:ref:`config.core.v3.RuntimeFractionalPercent <envoy_v3_api_msg_config.core.v3.RuntimeFractionalPercent>`) Indicates that the route should additionally match on a runtime key. Every time the route
is considered for a match, it must also fall under the percentage of matches indicated by
this field. For some fraction N/D, a random number in the range [0,D) is selected. If the
number is <= the value of the numerator N, or if the key is not present, the default
value, the router continues to evaluate the remaining match criteria. A runtime_fraction
route configuration can be used to roll out route changes in a gradual manner without full
code/config deploys. Refer to the :ref:`traffic shifting
<config_http_conn_man_route_table_traffic_splitting_shift>` docs for additional documentation.
.. note::
Parsing this field is implemented such that the runtime key's data may be represented
as a FractionalPercent proto represented as JSON/YAML and may also be represented as an
integer with the assumption that the value is an integral percentage out of 100. For
instance, a runtime key lookup returning the value "42" would parse as a FractionalPercent
whose numerator is 42 and denominator is HUNDRED. This preserves legacy semantics.
.. _envoy_v3_api_field_config.route.v3.RouteMatch.headers:
headers
(**repeated** :ref:`config.route.v3.HeaderMatcher <envoy_v3_api_msg_config.route.v3.HeaderMatcher>`) Specifies a set of headers that the route should match on. The router will
check the request’s headers against all the specified headers in the route
config. A match will happen if all the headers in the route are present in
the request with the same values (or based on presence if the value field
is not in the config).
.. _envoy_v3_api_field_config.route.v3.RouteMatch.query_parameters:
query_parameters
(**repeated** :ref:`config.route.v3.QueryParameterMatcher <envoy_v3_api_msg_config.route.v3.QueryParameterMatcher>`) Specifies a set of URL query parameters on which the route should
match. The router will check the query string from the ``path`` header
against all the specified query parameters. If the number of specified
query parameters is nonzero, they all must match the ``path`` header's
query string for a match to occur. In the event query parameters are
repeated, only the first value for each key will be considered.
.. note::
If query parameters are used to pass request message fields when
`grpc_json_transcoder <https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/grpc_json_transcoder_filter>`_
is used, the transcoded message fields maybe different. The query parameters are
url encoded, but the message fields are not. For example, if a query
parameter is "foo%20bar", the message field will be "foo bar".
.. _envoy_v3_api_field_config.route.v3.RouteMatch.grpc:
grpc
(:ref:`config.route.v3.RouteMatch.GrpcRouteMatchOptions <envoy_v3_api_msg_config.route.v3.RouteMatch.GrpcRouteMatchOptions>`) If specified, only gRPC requests will be matched. The router will check
that the content-type header has a application/grpc or one of the various
application/grpc+ values.
.. _envoy_v3_api_field_config.route.v3.RouteMatch.tls_context:
tls_context
(:ref:`config.route.v3.RouteMatch.TlsContextMatchOptions <envoy_v3_api_msg_config.route.v3.RouteMatch.TlsContextMatchOptions>`) If specified, the client tls context will be matched against the defined
match options.
.. _envoy_v3_api_field_config.route.v3.RouteMatch.dynamic_metadata:
dynamic_metadata
(**repeated** :ref:`type.matcher.v3.MetadataMatcher <envoy_v3_api_msg_type.matcher.v3.MetadataMatcher>`) Specifies a set of dynamic metadata matchers on which the route should match.
The router will check the dynamic metadata against all the specified dynamic metadata matchers.
If the number of specified dynamic metadata matchers is nonzero, they all must match the
dynamic metadata for a match to occur.
.. _envoy_v3_api_msg_config.route.v3.RouteMatch.GrpcRouteMatchOptions:
config.route.v3.RouteMatch.GrpcRouteMatchOptions
------------------------------------------------
:repo:`[config.route.v3.RouteMatch.GrpcRouteMatchOptions proto] <api/envoy/config/route/v3/route_components.proto#L518>`
.. _envoy_v3_api_msg_config.route.v3.RouteMatch.TlsContextMatchOptions:
config.route.v3.RouteMatch.TlsContextMatchOptions
-------------------------------------------------
:repo:`[config.route.v3.RouteMatch.TlsContextMatchOptions proto] <api/envoy/config/route/v3/route_components.proto#L523>`
.. code-block:: json
:force:
{
"presented": {...},
"validated": {...}
}
.. _envoy_v3_api_field_config.route.v3.RouteMatch.TlsContextMatchOptions.presented:
presented
(`BoolValue <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue>`_) If specified, the route will match against whether or not a certificate is presented.
If not specified, certificate presentation status (true or false) will not be considered when route matching.
.. _envoy_v3_api_field_config.route.v3.RouteMatch.TlsContextMatchOptions.validated:
validated
(`BoolValue <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue>`_) If specified, the route will match against whether or not a certificate is validated.
If not specified, certificate validation status (true or false) will not be considered when route matching.
.. warning::
Client certificate validation is not currently performed upon TLS session resumption. For
a resumed TLS session the route will match only when ``validated`` is false, regardless of
whether the client TLS certificate is valid.
The only known workaround for this issue is to disable TLS session resumption entirely, by
setting both :ref:`disable_stateless_session_resumption <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.disable_stateless_session_resumption>`
and :ref:`disable_stateful_session_resumption <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.disable_stateful_session_resumption>` on the DownstreamTlsContext.
.. _envoy_v3_api_msg_config.route.v3.RouteMatch.ConnectMatcher:
config.route.v3.RouteMatch.ConnectMatcher
-----------------------------------------
:repo:`[config.route.v3.RouteMatch.ConnectMatcher proto] <api/envoy/config/route/v3/route_components.proto#L547>`
An extensible message for matching CONNECT or CONNECT-UDP requests.
.. _envoy_v3_api_msg_config.route.v3.CorsPolicy:
config.route.v3.CorsPolicy
--------------------------
:repo:`[config.route.v3.CorsPolicy proto] <api/envoy/config/route/v3/route_components.proto#L676>`
Cors policy configuration.
.. attention::
This message has been deprecated. Please use
:ref:`CorsPolicy in filter extension <envoy_v3_api_msg_extensions.filters.http.cors.v3.CorsPolicy>`
as as alternative.
.. code-block:: json
:force:
{
"allow_origin_string_match": [],
"allow_methods": ...,
"allow_headers": ...,
"expose_headers": ...,
"max_age": ...,
"allow_credentials": {...},
"filter_enabled": {...},
"shadow_enabled": {...},
"allow_private_network_access": {...},
"forward_not_matching_preflights": {...}
}
.. _envoy_v3_api_field_config.route.v3.CorsPolicy.allow_origin_string_match:
allow_origin_string_match
(**repeated** :ref:`type.matcher.v3.StringMatcher <envoy_v3_api_msg_type.matcher.v3.StringMatcher>`) Specifies string patterns that match allowed origins. An origin is allowed if any of the
string matchers match.
.. _envoy_v3_api_field_config.route.v3.CorsPolicy.allow_methods:
allow_methods
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Specifies the content for the ``access-control-allow-methods`` header.
.. _envoy_v3_api_field_config.route.v3.CorsPolicy.allow_headers:
allow_headers
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Specifies the content for the ``access-control-allow-headers`` header.
.. _envoy_v3_api_field_config.route.v3.CorsPolicy.expose_headers:
expose_headers
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Specifies the content for the ``access-control-expose-headers`` header.
.. _envoy_v3_api_field_config.route.v3.CorsPolicy.max_age:
max_age
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Specifies the content for the ``access-control-max-age`` header.
.. _envoy_v3_api_field_config.route.v3.CorsPolicy.allow_credentials:
allow_credentials
(`BoolValue <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue>`_) Specifies whether the resource allows credentials.
.. _envoy_v3_api_field_config.route.v3.CorsPolicy.filter_enabled:
filter_enabled
(:ref:`config.core.v3.RuntimeFractionalPercent <envoy_v3_api_msg_config.core.v3.RuntimeFractionalPercent>`) Specifies the % of requests for which the CORS filter is enabled.
If neither ``enabled``, ``filter_enabled``, nor ``shadow_enabled`` are specified, the CORS
filter will be enabled for 100% of the requests.
If :ref:`runtime_key <envoy_v3_api_field_config.core.v3.RuntimeFractionalPercent.runtime_key>` is
specified, Envoy will lookup the runtime key to get the percentage of requests to filter.
.. _envoy_v3_api_field_config.route.v3.CorsPolicy.shadow_enabled:
shadow_enabled
(:ref:`config.core.v3.RuntimeFractionalPercent <envoy_v3_api_msg_config.core.v3.RuntimeFractionalPercent>`) Specifies the % of requests for which the CORS policies will be evaluated and tracked, but not
enforced.
This field is intended to be used when ``filter_enabled`` and ``enabled`` are off. One of those
fields have to explicitly disable the filter in order for this setting to take effect.
If :ref:`runtime_key <envoy_v3_api_field_config.core.v3.RuntimeFractionalPercent.runtime_key>` is specified,
Envoy will lookup the runtime key to get the percentage of requests for which it will evaluate
and track the request's ``Origin`` to determine if it's valid but will not enforce any policies.
.. _envoy_v3_api_field_config.route.v3.CorsPolicy.allow_private_network_access:
allow_private_network_access
(`BoolValue <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue>`_) Specify whether allow requests whose target server's IP address is more private than that from
which the request initiator was fetched.
More details refer to https://developer.chrome.com/blog/private-network-access-preflight.
.. _envoy_v3_api_field_config.route.v3.CorsPolicy.forward_not_matching_preflights:
forward_not_matching_preflights
(`BoolValue <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue>`_) Specifies if preflight requests not matching the configured allowed origin should be forwarded
to the upstream. Default is true.
.. _envoy_v3_api_msg_config.route.v3.RouteAction:
config.route.v3.RouteAction
---------------------------
:repo:`[config.route.v3.RouteAction proto] <api/envoy/config/route/v3/route_components.proto#L736>`
.. code-block:: json
:force:
{
"cluster": ...,
"cluster_header": ...,
"weighted_clusters": {...},
"cluster_specifier_plugin": ...,
"inline_cluster_specifier_plugin": {...},
"cluster_not_found_response_code": ...,
"metadata_match": {...},
"prefix_rewrite": ...,
"regex_rewrite": {...},
"path_rewrite_policy": {...},
"host_rewrite_literal": ...,
"auto_host_rewrite": {...},
"host_rewrite_header": ...,
"host_rewrite_path_regex": {...},
"append_x_forwarded_host": ...,
"timeout": {...},
"idle_timeout": {...},
"early_data_policy": {...},
"retry_policy": {...},
"request_mirror_policies": [],
"priority": ...,
"rate_limits": [],
"include_vh_rate_limits": {...},
"hash_policy": [],
"cors": {...},
"max_grpc_timeout": {...},
"grpc_timeout_offset": {...},
"upgrade_configs": [],
"internal_redirect_policy": {...},
"internal_redirect_action": ...,
"max_internal_redirects": {...},
"hedge_policy": {...},
"max_stream_duration": {...}
}
.. _envoy_v3_api_field_config.route.v3.RouteAction.cluster:
cluster
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Indicates the upstream cluster to which the request should be routed
to.
Precisely one of :ref:`cluster <envoy_v3_api_field_config.route.v3.RouteAction.cluster>`, :ref:`cluster_header <envoy_v3_api_field_config.route.v3.RouteAction.cluster_header>`, :ref:`weighted_clusters <envoy_v3_api_field_config.route.v3.RouteAction.weighted_clusters>`, :ref:`cluster_specifier_plugin <envoy_v3_api_field_config.route.v3.RouteAction.cluster_specifier_plugin>`, :ref:`inline_cluster_specifier_plugin <envoy_v3_api_field_config.route.v3.RouteAction.inline_cluster_specifier_plugin>` must be set.
.. _envoy_v3_api_field_config.route.v3.RouteAction.cluster_header:
cluster_header
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Envoy will determine the cluster to route to by reading the value of the
HTTP header named by cluster_header from the request headers. If the
header is not found or the referenced cluster does not exist, Envoy will
return a 404 response.
.. attention::
Internally, Envoy always uses the HTTP/2 ``:authority`` header to represent the HTTP/1
``Host`` header. Thus, if attempting to match on ``Host``, match on ``:authority`` instead.
.. note::
If the header appears multiple times only the first value is used.
Precisely one of :ref:`cluster <envoy_v3_api_field_config.route.v3.RouteAction.cluster>`, :ref:`cluster_header <envoy_v3_api_field_config.route.v3.RouteAction.cluster_header>`, :ref:`weighted_clusters <envoy_v3_api_field_config.route.v3.RouteAction.weighted_clusters>`, :ref:`cluster_specifier_plugin <envoy_v3_api_field_config.route.v3.RouteAction.cluster_specifier_plugin>`, :ref:`inline_cluster_specifier_plugin <envoy_v3_api_field_config.route.v3.RouteAction.inline_cluster_specifier_plugin>` must be set.
.. _envoy_v3_api_field_config.route.v3.RouteAction.weighted_clusters:
weighted_clusters
(:ref:`config.route.v3.WeightedCluster <envoy_v3_api_msg_config.route.v3.WeightedCluster>`) Multiple upstream clusters can be specified for a given route. The
request is routed to one of the upstream clusters based on weights
assigned to each cluster. See
:ref:`traffic splitting <config_http_conn_man_route_table_traffic_splitting_split>`
for additional documentation.
Precisely one of :ref:`cluster <envoy_v3_api_field_config.route.v3.RouteAction.cluster>`, :ref:`cluster_header <envoy_v3_api_field_config.route.v3.RouteAction.cluster_header>`, :ref:`weighted_clusters <envoy_v3_api_field_config.route.v3.RouteAction.weighted_clusters>`, :ref:`cluster_specifier_plugin <envoy_v3_api_field_config.route.v3.RouteAction.cluster_specifier_plugin>`, :ref:`inline_cluster_specifier_plugin <envoy_v3_api_field_config.route.v3.RouteAction.inline_cluster_specifier_plugin>` must be set.
.. _envoy_v3_api_field_config.route.v3.RouteAction.cluster_specifier_plugin:
cluster_specifier_plugin
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Name of the cluster specifier plugin to use to determine the cluster for requests on this route.
The cluster specifier plugin name must be defined in the associated
:ref:`cluster specifier plugins <envoy_v3_api_field_config.route.v3.RouteConfiguration.cluster_specifier_plugins>`
in the :ref:`name <envoy_v3_api_field_config.core.v3.TypedExtensionConfig.name>` field.
Precisely one of :ref:`cluster <envoy_v3_api_field_config.route.v3.RouteAction.cluster>`, :ref:`cluster_header <envoy_v3_api_field_config.route.v3.RouteAction.cluster_header>`, :ref:`weighted_clusters <envoy_v3_api_field_config.route.v3.RouteAction.weighted_clusters>`, :ref:`cluster_specifier_plugin <envoy_v3_api_field_config.route.v3.RouteAction.cluster_specifier_plugin>`, :ref:`inline_cluster_specifier_plugin <envoy_v3_api_field_config.route.v3.RouteAction.inline_cluster_specifier_plugin>` must be set.
.. _envoy_v3_api_field_config.route.v3.RouteAction.inline_cluster_specifier_plugin:
inline_cluster_specifier_plugin
(:ref:`config.route.v3.ClusterSpecifierPlugin <envoy_v3_api_msg_config.route.v3.ClusterSpecifierPlugin>`) Custom cluster specifier plugin configuration to use to determine the cluster for requests
on this route.
Precisely one of :ref:`cluster <envoy_v3_api_field_config.route.v3.RouteAction.cluster>`, :ref:`cluster_header <envoy_v3_api_field_config.route.v3.RouteAction.cluster_header>`, :ref:`weighted_clusters <envoy_v3_api_field_config.route.v3.RouteAction.weighted_clusters>`, :ref:`cluster_specifier_plugin <envoy_v3_api_field_config.route.v3.RouteAction.cluster_specifier_plugin>`, :ref:`inline_cluster_specifier_plugin <envoy_v3_api_field_config.route.v3.RouteAction.inline_cluster_specifier_plugin>` must be set.
.. _envoy_v3_api_field_config.route.v3.RouteAction.cluster_not_found_response_code:
cluster_not_found_response_code
(:ref:`config.route.v3.RouteAction.ClusterNotFoundResponseCode <envoy_v3_api_enum_config.route.v3.RouteAction.ClusterNotFoundResponseCode>`) The HTTP status code to use when configured cluster is not found.
The default response code is 503 Service Unavailable.
.. _envoy_v3_api_field_config.route.v3.RouteAction.metadata_match:
metadata_match
(:ref:`config.core.v3.Metadata <envoy_v3_api_msg_config.core.v3.Metadata>`) Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints
in the upstream cluster with metadata matching what's set in this field will be considered
for load balancing. If using :ref:`weighted_clusters
<envoy_v3_api_field_config.route.v3.RouteAction.weighted_clusters>`, metadata will be merged, with values
provided there taking precedence. The filter name should be specified as ``envoy.lb``.
.. _envoy_v3_api_field_config.route.v3.RouteAction.prefix_rewrite:
prefix_rewrite
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Indicates that during forwarding, the matched prefix (or path) should be
swapped with this value. This option allows application URLs to be rooted
at a different path from those exposed at the reverse proxy layer. The router filter will
place the original path before rewrite into the :ref:`x-envoy-original-path
<config_http_filters_router_x-envoy-original-path>` header.
Only one of :ref:`regex_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.regex_rewrite>`
:ref:`path_rewrite_policy <envoy_v3_api_field_config.route.v3.RouteAction.path_rewrite_policy>`,
or :ref:`prefix_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.prefix_rewrite>` may be specified.
.. attention::
Pay careful attention to the use of trailing slashes in the
:ref:`route's match <envoy_v3_api_field_config.route.v3.Route.match>` prefix value.
Stripping a prefix from a path requires multiple Routes to handle all cases. For example,
rewriting ``/prefix`` to ``/`` and ``/prefix/etc`` to ``/etc`` cannot be done in a single
:ref:`Route <envoy_v3_api_msg_config.route.v3.Route>`, as shown by the below config entries:
.. code-block:: yaml
- match:
prefix: "/prefix/"
route:
prefix_rewrite: "/"
- match:
prefix: "/prefix"
route:
prefix_rewrite: "/"
Having above entries in the config, requests to ``/prefix`` will be stripped to ``/``, while
requests to ``/prefix/etc`` will be stripped to ``/etc``.
.. _envoy_v3_api_field_config.route.v3.RouteAction.regex_rewrite:
regex_rewrite
(:ref:`type.matcher.v3.RegexMatchAndSubstitute <envoy_v3_api_msg_type.matcher.v3.RegexMatchAndSubstitute>`) Indicates that during forwarding, portions of the path that match the
pattern should be rewritten, even allowing the substitution of capture
groups from the pattern into the new path as specified by the rewrite
substitution string. This is useful to allow application paths to be
rewritten in a way that is aware of segments with variable content like
identifiers. The router filter will place the original path as it was
before the rewrite into the :ref:`x-envoy-original-path
<config_http_filters_router_x-envoy-original-path>` header.
Only one of :ref:`regex_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.regex_rewrite>`,
:ref:`prefix_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.prefix_rewrite>`, or
:ref:`path_rewrite_policy <envoy_v3_api_field_config.route.v3.RouteAction.path_rewrite_policy>`]
may be specified.
Examples using Google's `RE2 <https://github.com/google/re2>`_ engine:
* The path pattern ``^/service/([^/]+)(/.*)$`` paired with a substitution
string of ``\2/instance/\1`` would transform ``/service/foo/v1/api``
into ``/v1/api/instance/foo``.
* The pattern ``one`` paired with a substitution string of ``two`` would
transform ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/two/zzz``.
* The pattern ``^(.*?)one(.*)$`` paired with a substitution string of
``\1two\2`` would replace only the first occurrence of ``one``,
transforming path ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/one/zzz``.
* The pattern ``(?i)/xxx/`` paired with a substitution string of ``/yyy/``
would do a case-insensitive match and transform path ``/aaa/XxX/bbb`` to
``/aaa/yyy/bbb``.
.. _envoy_v3_api_field_config.route.v3.RouteAction.path_rewrite_policy:
path_rewrite_policy
(:ref:`config.core.v3.TypedExtensionConfig <envoy_v3_api_msg_config.core.v3.TypedExtensionConfig>`)
.. _extension_category_envoy.path.rewrite:
.. tip::
This extension category has the following known extensions:
- :ref:`envoy.path.rewrite.uri_template.uri_template_rewriter <extension_envoy.path.rewrite.uri_template.uri_template_rewriter>`
.. _envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_literal:
host_rewrite_literal
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Indicates that during forwarding, the host header will be swapped with
this value. Using this option will append the
:ref:`config_http_conn_man_headers_x-forwarded-host` header if
:ref:`append_x_forwarded_host <envoy_v3_api_field_config.route.v3.RouteAction.append_x_forwarded_host>`
is set.
Only one of :ref:`host_rewrite_literal <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_literal>`, :ref:`auto_host_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.auto_host_rewrite>`, :ref:`host_rewrite_header <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_header>`, :ref:`host_rewrite_path_regex <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_path_regex>` may be set.
.. _envoy_v3_api_field_config.route.v3.RouteAction.auto_host_rewrite:
auto_host_rewrite
(`BoolValue <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue>`_) Indicates that during forwarding, the host header will be swapped with
the hostname of the upstream host chosen by the cluster manager. This
option is applicable only when the destination cluster for a route is of
type ``strict_dns`` or ``logical_dns``,
or when :ref:`hostname <envoy_v3_api_field_config.endpoint.v3.Endpoint.hostname>`
field is not empty. Setting this to true with other cluster types
has no effect. Using this option will append the
:ref:`config_http_conn_man_headers_x-forwarded-host` header if
:ref:`append_x_forwarded_host <envoy_v3_api_field_config.route.v3.RouteAction.append_x_forwarded_host>`
is set.
Only one of :ref:`host_rewrite_literal <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_literal>`, :ref:`auto_host_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.auto_host_rewrite>`, :ref:`host_rewrite_header <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_header>`, :ref:`host_rewrite_path_regex <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_path_regex>` may be set.
.. _envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_header:
host_rewrite_header
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Indicates that during forwarding, the host header will be swapped with the content of given
downstream or :ref:`custom <config_http_conn_man_headers_custom_request_headers>` header.
If header value is empty, host header is left intact. Using this option will append the
:ref:`config_http_conn_man_headers_x-forwarded-host` header if
:ref:`append_x_forwarded_host <envoy_v3_api_field_config.route.v3.RouteAction.append_x_forwarded_host>`
is set.
.. attention::
Pay attention to the potential security implications of using this option. Provided header
must come from trusted source.
.. note::
If the header appears multiple times only the first value is used.
Only one of :ref:`host_rewrite_literal <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_literal>`, :ref:`auto_host_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.auto_host_rewrite>`, :ref:`host_rewrite_header <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_header>`, :ref:`host_rewrite_path_regex <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_path_regex>` may be set.
.. _envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_path_regex:
host_rewrite_path_regex
(:ref:`type.matcher.v3.RegexMatchAndSubstitute <envoy_v3_api_msg_type.matcher.v3.RegexMatchAndSubstitute>`) Indicates that during forwarding, the host header will be swapped with
the result of the regex substitution executed on path value with query and fragment removed.
This is useful for transitioning variable content between path segment and subdomain.
Using this option will append the
:ref:`config_http_conn_man_headers_x-forwarded-host` header if
:ref:`append_x_forwarded_host <envoy_v3_api_field_config.route.v3.RouteAction.append_x_forwarded_host>`
is set.
For example with the following config:
.. code-block:: yaml
host_rewrite_path_regex:
pattern:
google_re2: {}
regex: "^/(.+)/.+$"
substitution: \1
Would rewrite the host header to ``envoyproxy.io`` given the path ``/envoyproxy.io/some/path``.
Only one of :ref:`host_rewrite_literal <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_literal>`, :ref:`auto_host_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.auto_host_rewrite>`, :ref:`host_rewrite_header <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_header>`, :ref:`host_rewrite_path_regex <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_path_regex>` may be set.
.. _envoy_v3_api_field_config.route.v3.RouteAction.append_x_forwarded_host:
append_x_forwarded_host
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) If set, then a host rewrite action (one of
:ref:`host_rewrite_literal <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_literal>`,
:ref:`auto_host_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.auto_host_rewrite>`,
:ref:`host_rewrite_header <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_header>`, or
:ref:`host_rewrite_path_regex <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_path_regex>`)
causes the original value of the host header, if any, to be appended to the
:ref:`config_http_conn_man_headers_x-forwarded-host` HTTP header if it is different to the last value appended.
.. _envoy_v3_api_field_config.route.v3.RouteAction.timeout:
timeout
(`Duration <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration>`_) Specifies the upstream timeout for the route. If not specified, the default is 15s. This
spans between the point at which the entire downstream request (i.e. end-of-stream) has been
processed and when the upstream response has been completely processed. A value of 0 will
disable the route's timeout.
.. note::
This timeout includes all retries. See also
:ref:`config_http_filters_router_x-envoy-upstream-rq-timeout-ms`,
:ref:`config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms`, and the
:ref:`retry overview <arch_overview_http_routing_retry>`.
.. _envoy_v3_api_field_config.route.v3.RouteAction.idle_timeout:
idle_timeout
(`Duration <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration>`_) Specifies the idle timeout for the route. If not specified, there is no per-route idle timeout,
although the connection manager wide :ref:`stream_idle_timeout
<envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.stream_idle_timeout>`
will still apply. A value of 0 will completely disable the route's idle timeout, even if a
connection manager stream idle timeout is configured.
The idle timeout is distinct to :ref:`timeout
<envoy_v3_api_field_config.route.v3.RouteAction.timeout>`, which provides an upper bound
on the upstream response time; :ref:`idle_timeout
<envoy_v3_api_field_config.route.v3.RouteAction.idle_timeout>` instead bounds the amount
of time the request's stream may be idle.
After header decoding, the idle timeout will apply on downstream and
upstream request events. Each time an encode/decode event for headers or
data is processed for the stream, the timer will be reset. If the timeout
fires, the stream is terminated with a 408 Request Timeout error code if no
upstream response header has been received, otherwise a stream reset
occurs.
If the :ref:`overload action <config_overload_manager_overload_actions>` "envoy.overload_actions.reduce_timeouts"
is configured, this timeout is scaled according to the value for
:ref:`HTTP_DOWNSTREAM_STREAM_IDLE <envoy_v3_api_enum_value_config.overload.v3.ScaleTimersOverloadActionConfig.TimerType.HTTP_DOWNSTREAM_STREAM_IDLE>`.
.. _envoy_v3_api_field_config.route.v3.RouteAction.early_data_policy:
early_data_policy
(:ref:`config.core.v3.TypedExtensionConfig <envoy_v3_api_msg_config.core.v3.TypedExtensionConfig>`) Specifies how to send request over TLS early data.
If absent, allows `safe HTTP requests <https://www.rfc-editor.org/rfc/rfc7231#section-4.2.1>`_ to be sent on early data.
.. _extension_category_envoy.route.early_data_policy:
.. tip::
This extension category has the following known extensions:
- :ref:`envoy.route.early_data_policy.default <extension_envoy.route.early_data_policy.default>`
.. _envoy_v3_api_field_config.route.v3.RouteAction.retry_policy:
retry_policy
(:ref:`config.route.v3.RetryPolicy <envoy_v3_api_msg_config.route.v3.RetryPolicy>`) Indicates that the route has a retry policy. Note that if this is set,
it'll take precedence over the virtual host level retry policy entirely
(e.g.: policies are not merged, most internal one becomes the enforced policy).
.. _envoy_v3_api_field_config.route.v3.RouteAction.request_mirror_policies:
request_mirror_policies
(**repeated** :ref:`config.route.v3.RouteAction.RequestMirrorPolicy <envoy_v3_api_msg_config.route.v3.RouteAction.RequestMirrorPolicy>`) Specify a set of route request mirroring policies.
It takes precedence over the virtual host and route config mirror policy entirely.
That is, policies are not merged, the most specific non-empty one becomes the mirror policies.
.. _envoy_v3_api_field_config.route.v3.RouteAction.priority:
priority
(:ref:`config.core.v3.RoutingPriority <envoy_v3_api_enum_config.core.v3.RoutingPriority>`) Optionally specifies the :ref:`routing priority <arch_overview_http_routing_priority>`.
.. _envoy_v3_api_field_config.route.v3.RouteAction.rate_limits:
rate_limits
(**repeated** :ref:`config.route.v3.RateLimit <envoy_v3_api_msg_config.route.v3.RateLimit>`) Specifies a set of rate limit configurations that could be applied to the
route.
.. _envoy_v3_api_field_config.route.v3.RouteAction.include_vh_rate_limits:
include_vh_rate_limits
(`BoolValue <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue>`_) Specifies if the rate limit filter should include the virtual host rate
limits. By default, if the route configured rate limits, the virtual host
:ref:`rate_limits <envoy_v3_api_field_config.route.v3.VirtualHost.rate_limits>` are not applied to the
request.
This field is deprecated. Please use :ref:`vh_rate_limits <envoy_v3_api_field_extensions.filters.http.ratelimit.v3.RateLimitPerRoute.vh_rate_limits>`
.. _envoy_v3_api_field_config.route.v3.RouteAction.hash_policy:
hash_policy
(**repeated** :ref:`config.route.v3.RouteAction.HashPolicy <envoy_v3_api_msg_config.route.v3.RouteAction.HashPolicy>`) Specifies a list of hash policies to use for ring hash load balancing. Each
hash policy is evaluated individually and the combined result is used to
route the request. The method of combination is deterministic such that
identical lists of hash policies will produce the same hash. Since a hash
policy examines specific parts of a request, it can fail to produce a hash
(i.e. if the hashed header is not present). If (and only if) all configured
hash policies fail to generate a hash, no hash will be produced for
the route. In this case, the behavior is the same as if no hash policies
were specified (i.e. the ring hash load balancer will choose a random
backend). If a hash policy has the "terminal" attribute set to true, and
there is already a hash generated, the hash is returned immediately,
ignoring the rest of the hash policy list.
.. _envoy_v3_api_field_config.route.v3.RouteAction.cors:
cors
(:ref:`config.route.v3.CorsPolicy <envoy_v3_api_msg_config.route.v3.CorsPolicy>`) Indicates that the route has a CORS policy. This field is ignored if related cors policy is
found in the :ref:`Route.typed_per_filter_config<envoy_v3_api_field_config.route.v3.Route.typed_per_filter_config>` or
:ref:`WeightedCluster.ClusterWeight.typed_per_filter_config<envoy_v3_api_field_config.route.v3.WeightedCluster.ClusterWeight.typed_per_filter_config>`.
.. attention::
This option has been deprecated. Please use
:ref:`Route.typed_per_filter_config<envoy_v3_api_field_config.route.v3.Route.typed_per_filter_config>` or
:ref:`WeightedCluster.ClusterWeight.typed_per_filter_config<envoy_v3_api_field_config.route.v3.WeightedCluster.ClusterWeight.typed_per_filter_config>`
to configure the CORS HTTP filter.
.. _envoy_v3_api_field_config.route.v3.RouteAction.max_grpc_timeout:
max_grpc_timeout
(`Duration <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration>`_) Deprecated by :ref:`grpc_timeout_header_max <envoy_v3_api_field_config.route.v3.RouteAction.MaxStreamDuration.grpc_timeout_header_max>`
If present, and the request is a gRPC request, use the
`grpc-timeout header <https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md>`_,
or its default value (infinity) instead of
:ref:`timeout <envoy_v3_api_field_config.route.v3.RouteAction.timeout>`, but limit the applied timeout
to the maximum value specified here. If configured as 0, the maximum allowed timeout for
gRPC requests is infinity. If not configured at all, the ``grpc-timeout`` header is not used
and gRPC requests time out like any other requests using
:ref:`timeout <envoy_v3_api_field_config.route.v3.RouteAction.timeout>` or its default.
This can be used to prevent unexpected upstream request timeouts due to potentially long
time gaps between gRPC request and response in gRPC streaming mode.
.. note::
If a timeout is specified using :ref:`config_http_filters_router_x-envoy-upstream-rq-timeout-ms`, it takes
precedence over `grpc-timeout header <https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md>`_, when
both are present. See also
:ref:`config_http_filters_router_x-envoy-upstream-rq-timeout-ms`,
:ref:`config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms`, and the
:ref:`retry overview <arch_overview_http_routing_retry>`.
.. _envoy_v3_api_field_config.route.v3.RouteAction.grpc_timeout_offset:
grpc_timeout_offset
(`Duration <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration>`_) Deprecated by :ref:`grpc_timeout_header_offset <envoy_v3_api_field_config.route.v3.RouteAction.MaxStreamDuration.grpc_timeout_header_offset>`.
If present, Envoy will adjust the timeout provided by the ``grpc-timeout`` header by subtracting
the provided duration from the header. This is useful in allowing Envoy to set its global
timeout to be less than that of the deadline imposed by the calling client, which makes it more
likely that Envoy will handle the timeout instead of having the call canceled by the client.
The offset will only be applied if the provided grpc_timeout is greater than the offset. This
ensures that the offset will only ever decrease the timeout and never set it to 0 (meaning
infinity).
.. _envoy_v3_api_field_config.route.v3.RouteAction.upgrade_configs:
upgrade_configs
(**repeated** :ref:`config.route.v3.RouteAction.UpgradeConfig <envoy_v3_api_msg_config.route.v3.RouteAction.UpgradeConfig>`)
.. _envoy_v3_api_field_config.route.v3.RouteAction.internal_redirect_policy:
internal_redirect_policy
(:ref:`config.route.v3.InternalRedirectPolicy <envoy_v3_api_msg_config.route.v3.InternalRedirectPolicy>`) If present, Envoy will try to follow an upstream redirect response instead of proxying the
response back to the downstream. An upstream redirect response is defined
by :ref:`redirect_response_codes
<envoy_v3_api_field_config.route.v3.InternalRedirectPolicy.redirect_response_codes>`.
.. _envoy_v3_api_field_config.route.v3.RouteAction.internal_redirect_action:
internal_redirect_action
(:ref:`config.route.v3.RouteAction.InternalRedirectAction <envoy_v3_api_enum_config.route.v3.RouteAction.InternalRedirectAction>`)
.. _envoy_v3_api_field_config.route.v3.RouteAction.max_internal_redirects:
max_internal_redirects
(`UInt32Value <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#uint32value>`_) An internal redirect is handled, iff the number of previous internal redirects that a
downstream request has encountered is lower than this value, and
:ref:`internal_redirect_action <envoy_v3_api_field_config.route.v3.RouteAction.internal_redirect_action>`
is set to :ref:`HANDLE_INTERNAL_REDIRECT
<envoy_v3_api_enum_value_config.route.v3.RouteAction.InternalRedirectAction.HANDLE_INTERNAL_REDIRECT>`
In the case where a downstream request is bounced among multiple routes by internal redirect,
the first route that hits this threshold, or has
:ref:`internal_redirect_action <envoy_v3_api_field_config.route.v3.RouteAction.internal_redirect_action>`
set to
:ref:`PASS_THROUGH_INTERNAL_REDIRECT
<envoy_v3_api_enum_value_config.route.v3.RouteAction.InternalRedirectAction.PASS_THROUGH_INTERNAL_REDIRECT>`
will pass the redirect back to downstream.
If not specified, at most one redirect will be followed.
.. _envoy_v3_api_field_config.route.v3.RouteAction.hedge_policy:
hedge_policy
(:ref:`config.route.v3.HedgePolicy <envoy_v3_api_msg_config.route.v3.HedgePolicy>`) Indicates that the route has a hedge policy. Note that if this is set,
it'll take precedence over the virtual host level hedge policy entirely
(e.g.: policies are not merged, most internal one becomes the enforced policy).
.. _envoy_v3_api_field_config.route.v3.RouteAction.max_stream_duration:
max_stream_duration
(:ref:`config.route.v3.RouteAction.MaxStreamDuration <envoy_v3_api_msg_config.route.v3.RouteAction.MaxStreamDuration>`) Specifies the maximum stream duration for this route.
.. _envoy_v3_api_msg_config.route.v3.RouteAction.RequestMirrorPolicy:
config.route.v3.RouteAction.RequestMirrorPolicy
-----------------------------------------------
:repo:`[config.route.v3.RouteAction.RequestMirrorPolicy proto] <api/envoy/config/route/v3/route_components.proto#L776>`
The router is capable of shadowing traffic from one cluster to another. The current
implementation is "fire and forget," meaning Envoy will not wait for the shadow cluster to
respond before returning the response from the primary cluster. All normal statistics are
collected for the shadow cluster making this feature useful for testing.
During shadowing, the host/authority header is altered such that ``-shadow`` is appended. This is
useful for logging. For example, ``cluster1`` becomes ``cluster1-shadow``. This behavior can be
disabled by setting ``disable_shadow_host_suffix_append`` to ``true``.
.. note::
Shadowing will not be triggered if the primary cluster does not exist.
.. note::
Shadowing doesn't support Http CONNECT and upgrades.
.. code-block:: json
:force:
{
"cluster": ...,
"cluster_header": ...,
"runtime_fraction": {...},
"trace_sampled": {...},
"disable_shadow_host_suffix_append": ...
}
.. _envoy_v3_api_field_config.route.v3.RouteAction.RequestMirrorPolicy.cluster:
cluster
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Only one of ``cluster`` and ``cluster_header`` can be specified.
Specifies the cluster that requests will be mirrored to. The cluster must
exist in the cluster manager configuration.
.. _envoy_v3_api_field_config.route.v3.RouteAction.RequestMirrorPolicy.cluster_header:
cluster_header
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Only one of ``cluster`` and ``cluster_header`` can be specified.
Envoy will determine the cluster to route to by reading the value of the
HTTP header named by cluster_header from the request headers. Only the first value in header is used,
and no shadow request will happen if the value is not found in headers. Envoy will not wait for
the shadow cluster to respond before returning the response from the primary cluster.
.. attention::
Internally, Envoy always uses the HTTP/2 ``:authority`` header to represent the HTTP/1
``Host`` header. Thus, if attempting to match on ``Host``, match on ``:authority`` instead.
.. note::
If the header appears multiple times only the first value is used.
.. _envoy_v3_api_field_config.route.v3.RouteAction.RequestMirrorPolicy.runtime_fraction:
runtime_fraction
(:ref:`config.core.v3.RuntimeFractionalPercent <envoy_v3_api_msg_config.core.v3.RuntimeFractionalPercent>`) If not specified, all requests to the target cluster will be mirrored.
If specified, this field takes precedence over the ``runtime_key`` field and requests must also
fall under the percentage of matches indicated by this field.
For some fraction N/D, a random number in the range [0,D) is selected. If the
number is <= the value of the numerator N, or if the key is not present, the default
value, the request will be mirrored.
.. _envoy_v3_api_field_config.route.v3.RouteAction.RequestMirrorPolicy.trace_sampled:
trace_sampled
(`BoolValue <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue>`_) Determines if the trace span should be sampled. Defaults to true.
.. _envoy_v3_api_field_config.route.v3.RouteAction.RequestMirrorPolicy.disable_shadow_host_suffix_append:
disable_shadow_host_suffix_append
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Disables appending the ``-shadow`` suffix to the shadowed ``Host`` header. Defaults to ``false``.
.. _envoy_v3_api_msg_config.route.v3.RouteAction.HashPolicy:
config.route.v3.RouteAction.HashPolicy
--------------------------------------
:repo:`[config.route.v3.RouteAction.HashPolicy proto] <api/envoy/config/route/v3/route_components.proto#L829>`
Specifies the route's hashing policy if the upstream cluster uses a hashing :ref:`load balancer
<arch_overview_load_balancing_types>`.
.. code-block:: json
:force:
{
"header": {...},
"cookie": {...},
"connection_properties": {...},
"query_parameter": {...},
"filter_state": {...},
"terminal": ...
}
.. _envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.header:
header
(:ref:`config.route.v3.RouteAction.HashPolicy.Header <envoy_v3_api_msg_config.route.v3.RouteAction.HashPolicy.Header>`) Header hash policy.
Precisely one of :ref:`header <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.header>`, :ref:`cookie <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.cookie>`, :ref:`connection_properties <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.connection_properties>`, :ref:`query_parameter <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.query_parameter>`, :ref:`filter_state <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.filter_state>` must be set.
.. _envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.cookie:
cookie
(:ref:`config.route.v3.RouteAction.HashPolicy.Cookie <envoy_v3_api_msg_config.route.v3.RouteAction.HashPolicy.Cookie>`) Cookie hash policy.
Precisely one of :ref:`header <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.header>`, :ref:`cookie <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.cookie>`, :ref:`connection_properties <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.connection_properties>`, :ref:`query_parameter <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.query_parameter>`, :ref:`filter_state <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.filter_state>` must be set.
.. _envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.connection_properties:
connection_properties
(:ref:`config.route.v3.RouteAction.HashPolicy.ConnectionProperties <envoy_v3_api_msg_config.route.v3.RouteAction.HashPolicy.ConnectionProperties>`) Connection properties hash policy.
Precisely one of :ref:`header <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.header>`, :ref:`cookie <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.cookie>`, :ref:`connection_properties <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.connection_properties>`, :ref:`query_parameter <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.query_parameter>`, :ref:`filter_state <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.filter_state>` must be set.
.. _envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.query_parameter:
query_parameter
(:ref:`config.route.v3.RouteAction.HashPolicy.QueryParameter <envoy_v3_api_msg_config.route.v3.RouteAction.HashPolicy.QueryParameter>`) Query parameter hash policy.
Precisely one of :ref:`header <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.header>`, :ref:`cookie <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.cookie>`, :ref:`connection_properties <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.connection_properties>`, :ref:`query_parameter <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.query_parameter>`, :ref:`filter_state <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.filter_state>` must be set.
.. _envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.filter_state:
filter_state
(:ref:`config.route.v3.RouteAction.HashPolicy.FilterState <envoy_v3_api_msg_config.route.v3.RouteAction.HashPolicy.FilterState>`) Filter state hash policy.
Precisely one of :ref:`header <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.header>`, :ref:`cookie <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.cookie>`, :ref:`connection_properties <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.connection_properties>`, :ref:`query_parameter <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.query_parameter>`, :ref:`filter_state <envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.filter_state>` must be set.
.. _envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.terminal:
terminal
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) The flag that short-circuits the hash computing. This field provides a
'fallback' style of configuration: "if a terminal policy doesn't work,
fallback to rest of the policy list", it saves time when the terminal
policy works.
If true, and there is already a hash computed, ignore rest of the
list of hash polices.
For example, if the following hash methods are configured:
========= ========
specifier terminal
========= ========
Header A true
Header B false
Header C false
========= ========
The generateHash process ends if policy "header A" generates a hash, as
it's a terminal policy.
.. _envoy_v3_api_msg_config.route.v3.RouteAction.HashPolicy.Header:
config.route.v3.RouteAction.HashPolicy.Header
---------------------------------------------
:repo:`[config.route.v3.RouteAction.HashPolicy.Header proto] <api/envoy/config/route/v3/route_components.proto#L833>`
.. code-block:: json
:force:
{
"header_name": ...,
"regex_rewrite": {...}
}
.. _envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.Header.header_name:
header_name
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) The name of the request header that will be used to obtain the hash
key. If the request header is not present, no hash will be produced.
.. _envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.Header.regex_rewrite:
regex_rewrite
(:ref:`type.matcher.v3.RegexMatchAndSubstitute <envoy_v3_api_msg_type.matcher.v3.RegexMatchAndSubstitute>`) If specified, the request header value will be rewritten and used
to produce the hash key.
.. _envoy_v3_api_msg_config.route.v3.RouteAction.HashPolicy.CookieAttribute:
config.route.v3.RouteAction.HashPolicy.CookieAttribute
------------------------------------------------------
:repo:`[config.route.v3.RouteAction.HashPolicy.CookieAttribute proto] <api/envoy/config/route/v3/route_components.proto#L848>`
CookieAttribute defines an API for adding additional attributes for a HTTP cookie.
.. code-block:: json
:force:
{
"name": ...,
"value": ...
}
.. _envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.CookieAttribute.name:
name
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) The name of the cookie attribute.
.. _envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.CookieAttribute.value:
value
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) The optional value of the cookie attribute.
.. _envoy_v3_api_msg_config.route.v3.RouteAction.HashPolicy.Cookie:
config.route.v3.RouteAction.HashPolicy.Cookie
---------------------------------------------
:repo:`[config.route.v3.RouteAction.HashPolicy.Cookie proto] <api/envoy/config/route/v3/route_components.proto#L873>`
Envoy supports two types of cookie affinity:
1. Passive. Envoy takes a cookie that's present in the cookies header and
hashes on its value.
2. Generated. Envoy generates and sets a cookie with an expiration (TTL)
on the first request from the client in its response to the client,
based on the endpoint the request gets sent to. The client then
presents this on the next and all subsequent requests. The hash of
this is sufficient to ensure these requests get sent to the same
endpoint. The cookie is generated by hashing the source and
destination ports and addresses so that multiple independent HTTP2
streams on the same connection will independently receive the same
cookie, even if they arrive at the Envoy simultaneously.
.. code-block:: json
:force:
{
"name": ...,
"ttl": {...},
"path": ...,
"attributes": []
}
.. _envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.Cookie.name:
name
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) The name of the cookie that will be used to obtain the hash key. If the
cookie is not present and ttl below is not set, no hash will be
produced.
.. _envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.Cookie.ttl:
ttl
(`Duration <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration>`_) If specified, a cookie with the TTL will be generated if the cookie is
not present. If the TTL is present and zero, the generated cookie will
be a session cookie.
.. _envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.Cookie.path:
path
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) The name of the path for the cookie. If no path is specified here, no path
will be set for the cookie.
.. _envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.Cookie.attributes:
attributes
(**repeated** :ref:`config.route.v3.RouteAction.HashPolicy.CookieAttribute <envoy_v3_api_msg_config.route.v3.RouteAction.HashPolicy.CookieAttribute>`) Additional attributes for the cookie. They will be used when generating a new cookie.
.. _envoy_v3_api_msg_config.route.v3.RouteAction.HashPolicy.ConnectionProperties:
config.route.v3.RouteAction.HashPolicy.ConnectionProperties
-----------------------------------------------------------
:repo:`[config.route.v3.RouteAction.HashPolicy.ConnectionProperties proto] <api/envoy/config/route/v3/route_components.proto#L895>`
.. code-block:: json
:force:
{
"source_ip": ...
}
.. _envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.ConnectionProperties.source_ip:
source_ip
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Hash on source IP address.
.. _envoy_v3_api_msg_config.route.v3.RouteAction.HashPolicy.QueryParameter:
config.route.v3.RouteAction.HashPolicy.QueryParameter
-----------------------------------------------------
:repo:`[config.route.v3.RouteAction.HashPolicy.QueryParameter proto] <api/envoy/config/route/v3/route_components.proto#L903>`
.. code-block:: json
:force:
{
"name": ...
}
.. _envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.QueryParameter.name:
name
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) The name of the URL query parameter that will be used to obtain the hash
key. If the parameter is not present, no hash will be produced. Query
parameter names are case-sensitive. If query parameters are repeated, only
the first value will be considered.
.. _envoy_v3_api_msg_config.route.v3.RouteAction.HashPolicy.FilterState:
config.route.v3.RouteAction.HashPolicy.FilterState
--------------------------------------------------
:repo:`[config.route.v3.RouteAction.HashPolicy.FilterState proto] <api/envoy/config/route/v3/route_components.proto#L914>`
.. code-block:: json
:force:
{
"key": ...
}
.. _envoy_v3_api_field_config.route.v3.RouteAction.HashPolicy.FilterState.key:
key
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) The name of the Object in the per-request filterState, which is an
Envoy::Hashable object. If there is no data associated with the key,
or the stored object is not Envoy::Hashable, no hash will be produced.
.. _envoy_v3_api_msg_config.route.v3.RouteAction.UpgradeConfig:
config.route.v3.RouteAction.UpgradeConfig
-----------------------------------------
:repo:`[config.route.v3.RouteAction.UpgradeConfig proto] <api/envoy/config/route/v3/route_components.proto#L971>`
Allows enabling and disabling upgrades on a per-route basis.
This overrides any enabled/disabled upgrade filter chain specified in the
HttpConnectionManager
:ref:`upgrade_configs
<envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.upgrade_configs>`
but does not affect any custom filter chain specified there.
.. code-block:: json
:force:
{
"upgrade_type": ...,
"enabled": {...},
"connect_config": {...}
}
.. _envoy_v3_api_field_config.route.v3.RouteAction.UpgradeConfig.upgrade_type:
upgrade_type
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) The case-insensitive name of this upgrade, e.g. "websocket".
For each upgrade type present in upgrade_configs, requests with
Upgrade: [upgrade_type] will be proxied upstream.
.. _envoy_v3_api_field_config.route.v3.RouteAction.UpgradeConfig.enabled:
enabled
(`BoolValue <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue>`_) Determines if upgrades are available on this route. Defaults to true.
.. _envoy_v3_api_field_config.route.v3.RouteAction.UpgradeConfig.connect_config:
connect_config
(:ref:`config.route.v3.RouteAction.UpgradeConfig.ConnectConfig <envoy_v3_api_msg_config.route.v3.RouteAction.UpgradeConfig.ConnectConfig>`) Configuration for sending data upstream as a raw data payload. This is used for
CONNECT requests, when forwarding CONNECT payload as raw TCP.
Note that CONNECT support is currently considered alpha in Envoy.
.. _envoy_v3_api_msg_config.route.v3.RouteAction.UpgradeConfig.ConnectConfig:
config.route.v3.RouteAction.UpgradeConfig.ConnectConfig
-------------------------------------------------------
:repo:`[config.route.v3.RouteAction.UpgradeConfig.ConnectConfig proto] <api/envoy/config/route/v3/route_components.proto#L977>`
Configuration for sending data upstream as a raw data payload. This is used for
CONNECT or POST requests, when forwarding request payload as raw TCP.
.. code-block:: json
:force:
{
"proxy_protocol_config": {...},
"allow_post": ...
}
.. _envoy_v3_api_field_config.route.v3.RouteAction.UpgradeConfig.ConnectConfig.proxy_protocol_config:
proxy_protocol_config
(:ref:`config.core.v3.ProxyProtocolConfig <envoy_v3_api_msg_config.core.v3.ProxyProtocolConfig>`) If present, the proxy protocol header will be prepended to the CONNECT payload sent upstream.
.. _envoy_v3_api_field_config.route.v3.RouteAction.UpgradeConfig.ConnectConfig.allow_post:
allow_post
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) If set, the route will also allow forwarding POST payload as raw TCP.
.. _envoy_v3_api_msg_config.route.v3.RouteAction.MaxStreamDuration:
config.route.v3.RouteAction.MaxStreamDuration
---------------------------------------------
:repo:`[config.route.v3.RouteAction.MaxStreamDuration proto] <api/envoy/config/route/v3/route_components.proto#L1001>`
.. code-block:: json
:force:
{
"max_stream_duration": {...},
"grpc_timeout_header_max": {...},
"grpc_timeout_header_offset": {...}
}
.. _envoy_v3_api_field_config.route.v3.RouteAction.MaxStreamDuration.max_stream_duration:
max_stream_duration
(`Duration <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration>`_) Specifies the maximum duration allowed for streams on the route. If not specified, the value
from the :ref:`max_stream_duration
<envoy_v3_api_field_config.core.v3.HttpProtocolOptions.max_stream_duration>` field in
:ref:`HttpConnectionManager.common_http_protocol_options
<envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.common_http_protocol_options>`
is used. If this field is set explicitly to zero, any
HttpConnectionManager max_stream_duration timeout will be disabled for
this route.
.. _envoy_v3_api_field_config.route.v3.RouteAction.MaxStreamDuration.grpc_timeout_header_max:
grpc_timeout_header_max
(`Duration <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration>`_) If present, and the request contains a `grpc-timeout header
<https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md>`_, use that value as the
``max_stream_duration``, but limit the applied timeout to the maximum value specified here.
If set to 0, the ``grpc-timeout`` header is used without modification.
.. _envoy_v3_api_field_config.route.v3.RouteAction.MaxStreamDuration.grpc_timeout_header_offset:
grpc_timeout_header_offset
(`Duration <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration>`_) If present, Envoy will adjust the timeout provided by the ``grpc-timeout`` header by
subtracting the provided duration from the header. This is useful for allowing Envoy to set
its global timeout to be less than that of the deadline imposed by the calling client, which
makes it more likely that Envoy will handle the timeout instead of having the call canceled
by the client. If, after applying the offset, the resulting timeout is zero or negative,
the stream will timeout immediately.
.. _envoy_v3_api_enum_config.route.v3.RouteAction.ClusterNotFoundResponseCode:
Enum config.route.v3.RouteAction.ClusterNotFoundResponseCode
------------------------------------------------------------
:repo:`[config.route.v3.RouteAction.ClusterNotFoundResponseCode proto] <api/envoy/config/route/v3/route_components.proto#L739>`
.. _envoy_v3_api_enum_value_config.route.v3.RouteAction.ClusterNotFoundResponseCode.SERVICE_UNAVAILABLE:
SERVICE_UNAVAILABLE
*(DEFAULT)* HTTP status code - 503 Service Unavailable.
.. _envoy_v3_api_enum_value_config.route.v3.RouteAction.ClusterNotFoundResponseCode.NOT_FOUND:
NOT_FOUND
HTTP status code - 404 Not Found.
.. _envoy_v3_api_enum_value_config.route.v3.RouteAction.ClusterNotFoundResponseCode.INTERNAL_SERVER_ERROR:
INTERNAL_SERVER_ERROR
HTTP status code - 500 Internal Server Error.
.. _envoy_v3_api_enum_config.route.v3.RouteAction.InternalRedirectAction:
Enum config.route.v3.RouteAction.InternalRedirectAction
-------------------------------------------------------
:repo:`[config.route.v3.RouteAction.InternalRedirectAction proto] <api/envoy/config/route/v3/route_components.proto#L752>`
Configures :ref:`internal redirect <arch_overview_internal_redirects>` behavior.
.. _envoy_v3_api_enum_value_config.route.v3.RouteAction.InternalRedirectAction.PASS_THROUGH_INTERNAL_REDIRECT:
PASS_THROUGH_INTERNAL_REDIRECT
*(DEFAULT)*
.. _envoy_v3_api_enum_value_config.route.v3.RouteAction.InternalRedirectAction.HANDLE_INTERNAL_REDIRECT:
HANDLE_INTERNAL_REDIRECT
.. _envoy_v3_api_msg_config.route.v3.RetryPolicy:
config.route.v3.RetryPolicy
---------------------------
:repo:`[config.route.v3.RetryPolicy proto] <api/envoy/config/route/v3/route_components.proto#L1397>`
HTTP retry :ref:`architecture overview <arch_overview_http_routing_retry>`.
.. code-block:: json
:force:
{
"retry_on": ...,
"num_retries": {...},
"per_try_timeout": {...},
"per_try_idle_timeout": {...},
"retry_priority": {...},
"retry_host_predicate": [],
"retry_options_predicates": [],
"host_selection_retry_max_attempts": ...,
"retriable_status_codes": [],
"retry_back_off": {...},
"rate_limited_retry_back_off": {...},
"retriable_headers": [],
"retriable_request_headers": []
}
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.retry_on:
retry_on
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Specifies the conditions under which retry takes place. These are the same
conditions documented for :ref:`config_http_filters_router_x-envoy-retry-on` and
:ref:`config_http_filters_router_x-envoy-retry-grpc-on`.
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.num_retries:
num_retries
(`UInt32Value <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#uint32value>`_) Specifies the allowed number of retries. This parameter is optional and
defaults to 1. These are the same conditions documented for
:ref:`config_http_filters_router_x-envoy-max-retries`.
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.per_try_timeout:
per_try_timeout
(`Duration <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration>`_) Specifies a non-zero upstream timeout per retry attempt (including the initial attempt). This
parameter is optional. The same conditions documented for
:ref:`config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms` apply.
.. note::
If left unspecified, Envoy will use the global
:ref:`route timeout <envoy_v3_api_field_config.route.v3.RouteAction.timeout>` for the request.
Consequently, when using a :ref:`5xx <config_http_filters_router_x-envoy-retry-on>` based
retry policy, a request that times out will not be retried as the total timeout budget
would have been exhausted.
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.per_try_idle_timeout:
per_try_idle_timeout
(`Duration <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration>`_) Specifies an upstream idle timeout per retry attempt (including the initial attempt). This
parameter is optional and if absent there is no per try idle timeout. The semantics of the per
try idle timeout are similar to the
:ref:`route idle timeout <envoy_v3_api_field_config.route.v3.RouteAction.timeout>` and
:ref:`stream idle timeout
<envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.stream_idle_timeout>`
both enforced by the HTTP connection manager. The difference is that this idle timeout
is enforced by the router for each individual attempt and thus after all previous filters have
run, as opposed to *before* all previous filters run for the other idle timeouts. This timeout
is useful in cases in which total request timeout is bounded by a number of retries and a
:ref:`per_try_timeout <envoy_v3_api_field_config.route.v3.RetryPolicy.per_try_timeout>`, but
there is a desire to ensure each try is making incremental progress. Note also that similar
to :ref:`per_try_timeout <envoy_v3_api_field_config.route.v3.RetryPolicy.per_try_timeout>`,
this idle timeout does not start until after both the entire request has been received by the
router *and* a connection pool connection has been obtained. Unlike
:ref:`per_try_timeout <envoy_v3_api_field_config.route.v3.RetryPolicy.per_try_timeout>`,
the idle timer continues once the response starts streaming back to the downstream client.
This ensures that response data continues to make progress without using one of the HTTP
connection manager idle timeouts.
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.retry_priority:
retry_priority
(:ref:`config.route.v3.RetryPolicy.RetryPriority <envoy_v3_api_msg_config.route.v3.RetryPolicy.RetryPriority>`) Specifies an implementation of a RetryPriority which is used to determine the
distribution of load across priorities used for retries. Refer to
:ref:`retry plugin configuration <arch_overview_http_retry_plugins>` for more details.
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.retry_host_predicate:
retry_host_predicate
(**repeated** :ref:`config.route.v3.RetryPolicy.RetryHostPredicate <envoy_v3_api_msg_config.route.v3.RetryPolicy.RetryHostPredicate>`) Specifies a collection of RetryHostPredicates that will be consulted when selecting a host
for retries. If any of the predicates reject the host, host selection will be reattempted.
Refer to :ref:`retry plugin configuration <arch_overview_http_retry_plugins>` for more
details.
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.retry_options_predicates:
retry_options_predicates
(**repeated** :ref:`config.core.v3.TypedExtensionConfig <envoy_v3_api_msg_config.core.v3.TypedExtensionConfig>`) Retry options predicates that will be applied prior to retrying a request. These predicates
allow customizing request behavior between retries.
when there are built-in extensions]
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.host_selection_retry_max_attempts:
host_selection_retry_max_attempts
(`int64 <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) The maximum number of times host selection will be reattempted before giving up, at which
point the host that was last selected will be routed to. If unspecified, this will default to
retrying once.
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.retriable_status_codes:
retriable_status_codes
(**repeated** `uint32 <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) HTTP status codes that should trigger a retry in addition to those specified by retry_on.
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.retry_back_off:
retry_back_off
(:ref:`config.route.v3.RetryPolicy.RetryBackOff <envoy_v3_api_msg_config.route.v3.RetryPolicy.RetryBackOff>`) Specifies parameters that control exponential retry back off. This parameter is optional, in which case the
default base interval is 25 milliseconds or, if set, the current value of the
``upstream.base_retry_backoff_ms`` runtime parameter. The default maximum interval is 10 times
the base interval. The documentation for :ref:`config_http_filters_router_x-envoy-max-retries`
describes Envoy's back-off algorithm.
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.rate_limited_retry_back_off:
rate_limited_retry_back_off
(:ref:`config.route.v3.RetryPolicy.RateLimitedRetryBackOff <envoy_v3_api_msg_config.route.v3.RetryPolicy.RateLimitedRetryBackOff>`) Specifies parameters that control a retry back-off strategy that is used
when the request is rate limited by the upstream server. The server may
return a response header like ``Retry-After`` or ``X-RateLimit-Reset`` to
provide feedback to the client on how long to wait before retrying. If
configured, this back-off strategy will be used instead of the
default exponential back off strategy (configured using ``retry_back_off``)
whenever a response includes the matching headers.
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.retriable_headers:
retriable_headers
(**repeated** :ref:`config.route.v3.HeaderMatcher <envoy_v3_api_msg_config.route.v3.HeaderMatcher>`) HTTP response headers that trigger a retry if present in the response. A retry will be
triggered if any of the header matches match the upstream response headers.
The field is only consulted if 'retriable-headers' retry policy is active.
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.retriable_request_headers:
retriable_request_headers
(**repeated** :ref:`config.route.v3.HeaderMatcher <envoy_v3_api_msg_config.route.v3.HeaderMatcher>`) HTTP headers which must be present in the request for retries to be attempted.
.. _envoy_v3_api_msg_config.route.v3.RetryPolicy.RetryPriority:
config.route.v3.RetryPolicy.RetryPriority
-----------------------------------------
:repo:`[config.route.v3.RetryPolicy.RetryPriority proto] <api/envoy/config/route/v3/route_components.proto#L1405>`
.. code-block:: json
:force:
{
"name": ...,
"typed_config": {...}
}
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.RetryPriority.name:
name
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*)
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.RetryPriority.typed_config:
typed_config
(`Any <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#any>`_)
.. _extension_category_envoy.retry_priorities:
.. tip::
This extension category has the following known extensions:
- :ref:`envoy.retry_priorities.previous_priorities <extension_envoy.retry_priorities.previous_priorities>`
.. _envoy_v3_api_msg_config.route.v3.RetryPolicy.RetryHostPredicate:
config.route.v3.RetryPolicy.RetryHostPredicate
----------------------------------------------
:repo:`[config.route.v3.RetryPolicy.RetryHostPredicate proto] <api/envoy/config/route/v3/route_components.proto#L1421>`
.. code-block:: json
:force:
{
"name": ...,
"typed_config": {...}
}
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.RetryHostPredicate.name:
name
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*)
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.RetryHostPredicate.typed_config:
typed_config
(`Any <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#any>`_)
.. _extension_category_envoy.retry_host_predicates:
.. tip::
This extension category has the following known extensions:
- :ref:`envoy.retry_host_predicates.omit_canary_hosts <extension_envoy.retry_host_predicates.omit_canary_hosts>`
- :ref:`envoy.retry_host_predicates.omit_host_metadata <extension_envoy.retry_host_predicates.omit_host_metadata>`
- :ref:`envoy.retry_host_predicates.previous_hosts <extension_envoy.retry_host_predicates.previous_hosts>`
.. _envoy_v3_api_msg_config.route.v3.RetryPolicy.RetryBackOff:
config.route.v3.RetryPolicy.RetryBackOff
----------------------------------------
:repo:`[config.route.v3.RetryPolicy.RetryBackOff proto] <api/envoy/config/route/v3/route_components.proto#L1437>`
.. code-block:: json
:force:
{
"base_interval": {...},
"max_interval": {...}
}
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.RetryBackOff.base_interval:
base_interval
(`Duration <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration>`_, *REQUIRED*) Specifies the base interval between retries. This parameter is required and must be greater
than zero. Values less than 1 ms are rounded up to 1 ms.
See :ref:`config_http_filters_router_x-envoy-max-retries` for a discussion of Envoy's
back-off algorithm.
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.RetryBackOff.max_interval:
max_interval
(`Duration <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration>`_) Specifies the maximum interval between retries. This parameter is optional, but must be
greater than or equal to the ``base_interval`` if set. The default is 10 times the
``base_interval``. See :ref:`config_http_filters_router_x-envoy-max-retries` for a discussion
of Envoy's back-off algorithm.
.. _envoy_v3_api_msg_config.route.v3.RetryPolicy.ResetHeader:
config.route.v3.RetryPolicy.ResetHeader
---------------------------------------
:repo:`[config.route.v3.RetryPolicy.ResetHeader proto] <api/envoy/config/route/v3/route_components.proto#L1457>`
.. code-block:: json
:force:
{
"name": ...,
"format": ...
}
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.ResetHeader.name:
name
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) The name of the reset header.
.. note::
If the header appears multiple times only the first value is used.
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.ResetHeader.format:
format
(:ref:`config.route.v3.RetryPolicy.ResetHeaderFormat <envoy_v3_api_enum_config.route.v3.RetryPolicy.ResetHeaderFormat>`) The format of the reset header.
.. _envoy_v3_api_msg_config.route.v3.RetryPolicy.RateLimitedRetryBackOff:
config.route.v3.RetryPolicy.RateLimitedRetryBackOff
---------------------------------------------------
:repo:`[config.route.v3.RetryPolicy.RateLimitedRetryBackOff proto] <api/envoy/config/route/v3/route_components.proto#L1513>`
A retry back-off strategy that applies when the upstream server rate limits
the request.
Given this configuration:
.. code-block:: yaml
rate_limited_retry_back_off:
reset_headers:
- name: Retry-After
format: SECONDS
- name: X-RateLimit-Reset
format: UNIX_TIMESTAMP
max_interval: "300s"
The following algorithm will apply:
1. If the response contains the header ``Retry-After`` its value must be on
the form ``120`` (an integer that represents the number of seconds to
wait before retrying). If so, this value is used as the back-off interval.
2. Otherwise, if the response contains the header ``X-RateLimit-Reset`` its
value must be on the form ``1595320702`` (an integer that represents the
point in time at which to retry, as a Unix timestamp in seconds). If so,
the current time is subtracted from this value and the result is used as
the back-off interval.
3. Otherwise, Envoy will use the default
:ref:`exponential back-off <envoy_v3_api_field_config.route.v3.RetryPolicy.retry_back_off>`
strategy.
No matter which format is used, if the resulting back-off interval exceeds
``max_interval`` it is discarded and the next header in ``reset_headers``
is tried. If a request timeout is configured for the route it will further
limit how long the request will be allowed to run.
To prevent many clients retrying at the same point in time jitter is added
to the back-off interval, so the resulting interval is decided by taking:
``random(interval, interval * 1.5)``.
.. attention::
Configuring ``rate_limited_retry_back_off`` will not by itself cause a request
to be retried. You will still need to configure the right retry policy to match
the responses from the upstream server.
.. code-block:: json
:force:
{
"reset_headers": [],
"max_interval": {...}
}
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.RateLimitedRetryBackOff.reset_headers:
reset_headers
(**repeated** :ref:`config.route.v3.RetryPolicy.ResetHeader <envoy_v3_api_msg_config.route.v3.RetryPolicy.ResetHeader>`, *REQUIRED*) Specifies the reset headers (like ``Retry-After`` or ``X-RateLimit-Reset``)
to match against the response. Headers are tried in order, and matched case
insensitive. The first header to be parsed successfully is used. If no headers
match the default exponential back-off is used instead.
.. _envoy_v3_api_field_config.route.v3.RetryPolicy.RateLimitedRetryBackOff.max_interval:
max_interval
(`Duration <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration>`_) Specifies the maximum back off interval that Envoy will allow. If a reset
header contains an interval longer than this then it will be discarded and
the next header will be tried. Defaults to 300 seconds.
.. _envoy_v3_api_enum_config.route.v3.RetryPolicy.ResetHeaderFormat:
Enum config.route.v3.RetryPolicy.ResetHeaderFormat
--------------------------------------------------
:repo:`[config.route.v3.RetryPolicy.ResetHeaderFormat proto] <api/envoy/config/route/v3/route_components.proto#L1400>`
.. _envoy_v3_api_enum_value_config.route.v3.RetryPolicy.ResetHeaderFormat.SECONDS:
SECONDS
*(DEFAULT)*
.. _envoy_v3_api_enum_value_config.route.v3.RetryPolicy.ResetHeaderFormat.UNIX_TIMESTAMP:
UNIX_TIMESTAMP
.. _envoy_v3_api_msg_config.route.v3.HedgePolicy:
config.route.v3.HedgePolicy
---------------------------
:repo:`[config.route.v3.HedgePolicy proto] <api/envoy/config/route/v3/route_components.proto#L1621>`
HTTP request hedging :ref:`architecture overview <arch_overview_http_routing_hedging>`.
.. code-block:: json
:force:
{
"hedge_on_per_try_timeout": ...
}
.. _envoy_v3_api_field_config.route.v3.HedgePolicy.hedge_on_per_try_timeout:
hedge_on_per_try_timeout
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Indicates that a hedged request should be sent when the per-try timeout is hit.
This means that a retry will be issued without resetting the original request, leaving multiple upstream requests in flight.
The first request to complete successfully will be the one returned to the caller.
* At any time, a successful response (i.e. not triggering any of the retry-on conditions) would be returned to the client.
* Before per-try timeout, an error response (per retry-on conditions) would be retried immediately or returned ot the client
if there are no more retries left.
* After per-try timeout, an error response would be discarded, as a retry in the form of a hedged request is already in progress.
Note: For this to have effect, you must have a :ref:`RetryPolicy <envoy_v3_api_msg_config.route.v3.RetryPolicy>` that retries at least
one error code and specifies a maximum number of retries.
Defaults to false.
.. _envoy_v3_api_msg_config.route.v3.RedirectAction:
config.route.v3.RedirectAction
------------------------------
:repo:`[config.route.v3.RedirectAction proto] <api/envoy/config/route/v3/route_components.proto#L1653>`
.. code-block:: json
:force:
{
"https_redirect": ...,
"scheme_redirect": ...,
"host_redirect": ...,
"port_redirect": ...,
"path_redirect": ...,
"prefix_rewrite": ...,
"regex_rewrite": {...},
"response_code": ...,
"strip_query": ...
}
.. _envoy_v3_api_field_config.route.v3.RedirectAction.https_redirect:
https_redirect
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) The scheme portion of the URL will be swapped with "https".
When the scheme redirection take place, the following rules apply:
1. If the source URI scheme is ``http`` and the port is explicitly
set to ``:80``, the port will be removed after the redirection
2. If the source URI scheme is ``https`` and the port is explicitly
set to ``:443``, the port will be removed after the redirection
Only one of :ref:`https_redirect <envoy_v3_api_field_config.route.v3.RedirectAction.https_redirect>`, :ref:`scheme_redirect <envoy_v3_api_field_config.route.v3.RedirectAction.scheme_redirect>` may be set.
.. _envoy_v3_api_field_config.route.v3.RedirectAction.scheme_redirect:
scheme_redirect
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) The scheme portion of the URL will be swapped with this value.
When the scheme redirection take place, the following rules apply:
1. If the source URI scheme is ``http`` and the port is explicitly
set to ``:80``, the port will be removed after the redirection
2. If the source URI scheme is ``https`` and the port is explicitly
set to ``:443``, the port will be removed after the redirection
Only one of :ref:`https_redirect <envoy_v3_api_field_config.route.v3.RedirectAction.https_redirect>`, :ref:`scheme_redirect <envoy_v3_api_field_config.route.v3.RedirectAction.scheme_redirect>` may be set.
.. _envoy_v3_api_field_config.route.v3.RedirectAction.host_redirect:
host_redirect
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) The host portion of the URL will be swapped with this value.
.. _envoy_v3_api_field_config.route.v3.RedirectAction.port_redirect:
port_redirect
(`uint32 <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) The port value of the URL will be swapped with this value.
.. _envoy_v3_api_field_config.route.v3.RedirectAction.path_redirect:
path_redirect
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) The path portion of the URL will be swapped with this value.
Please note that query string in path_redirect will override the
request's query string and will not be stripped.
For example, let's say we have the following routes:
- match: { path: "/old-path-1" }
redirect: { path_redirect: "/new-path-1" }
- match: { path: "/old-path-2" }
redirect: { path_redirect: "/new-path-2", strip-query: "true" }
- match: { path: "/old-path-3" }
redirect: { path_redirect: "/new-path-3?foo=1", strip_query: "true" }
1. if request uri is "/old-path-1?bar=1", users will be redirected to "/new-path-1?bar=1"
2. if request uri is "/old-path-2?bar=1", users will be redirected to "/new-path-2"
3. if request uri is "/old-path-3?bar=1", users will be redirected to "/new-path-3?foo=1"
Only one of :ref:`path_redirect <envoy_v3_api_field_config.route.v3.RedirectAction.path_redirect>`, :ref:`prefix_rewrite <envoy_v3_api_field_config.route.v3.RedirectAction.prefix_rewrite>`, :ref:`regex_rewrite <envoy_v3_api_field_config.route.v3.RedirectAction.regex_rewrite>` may be set.
.. _envoy_v3_api_field_config.route.v3.RedirectAction.prefix_rewrite:
prefix_rewrite
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Indicates that during redirection, the matched prefix (or path)
should be swapped with this value. This option allows redirect URLs be dynamically created
based on the request.
.. attention::
Pay attention to the use of trailing slashes as mentioned in
:ref:`RouteAction's prefix_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.prefix_rewrite>`.
Only one of :ref:`path_redirect <envoy_v3_api_field_config.route.v3.RedirectAction.path_redirect>`, :ref:`prefix_rewrite <envoy_v3_api_field_config.route.v3.RedirectAction.prefix_rewrite>`, :ref:`regex_rewrite <envoy_v3_api_field_config.route.v3.RedirectAction.regex_rewrite>` may be set.
.. _envoy_v3_api_field_config.route.v3.RedirectAction.regex_rewrite:
regex_rewrite
(:ref:`type.matcher.v3.RegexMatchAndSubstitute <envoy_v3_api_msg_type.matcher.v3.RegexMatchAndSubstitute>`) Indicates that during redirect, portions of the path that match the
pattern should be rewritten, even allowing the substitution of capture
groups from the pattern into the new path as specified by the rewrite
substitution string. This is useful to allow application paths to be
rewritten in a way that is aware of segments with variable content like
identifiers.
Examples using Google's `RE2 <https://github.com/google/re2>`_ engine:
* The path pattern ``^/service/([^/]+)(/.*)$`` paired with a substitution
string of ``\2/instance/\1`` would transform ``/service/foo/v1/api``
into ``/v1/api/instance/foo``.
* The pattern ``one`` paired with a substitution string of ``two`` would
transform ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/two/zzz``.
* The pattern ``^(.*?)one(.*)$`` paired with a substitution string of
``\1two\2`` would replace only the first occurrence of ``one``,
transforming path ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/one/zzz``.
* The pattern ``(?i)/xxx/`` paired with a substitution string of ``/yyy/``
would do a case-insensitive match and transform path ``/aaa/XxX/bbb`` to
``/aaa/yyy/bbb``.
Only one of :ref:`path_redirect <envoy_v3_api_field_config.route.v3.RedirectAction.path_redirect>`, :ref:`prefix_rewrite <envoy_v3_api_field_config.route.v3.RedirectAction.prefix_rewrite>`, :ref:`regex_rewrite <envoy_v3_api_field_config.route.v3.RedirectAction.regex_rewrite>` may be set.
.. _envoy_v3_api_field_config.route.v3.RedirectAction.response_code:
response_code
(:ref:`config.route.v3.RedirectAction.RedirectResponseCode <envoy_v3_api_enum_config.route.v3.RedirectAction.RedirectResponseCode>`) The HTTP status code to use in the redirect response. The default response
code is MOVED_PERMANENTLY (301).
.. _envoy_v3_api_field_config.route.v3.RedirectAction.strip_query:
strip_query
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Indicates that during redirection, the query portion of the URL will
be removed. Default value is false.
.. _envoy_v3_api_enum_config.route.v3.RedirectAction.RedirectResponseCode:
Enum config.route.v3.RedirectAction.RedirectResponseCode
--------------------------------------------------------
:repo:`[config.route.v3.RedirectAction.RedirectResponseCode proto] <api/envoy/config/route/v3/route_components.proto#L1656>`
.. _envoy_v3_api_enum_value_config.route.v3.RedirectAction.RedirectResponseCode.MOVED_PERMANENTLY:
MOVED_PERMANENTLY
*(DEFAULT)* Moved Permanently HTTP Status Code - 301.
.. _envoy_v3_api_enum_value_config.route.v3.RedirectAction.RedirectResponseCode.FOUND:
FOUND
Found HTTP Status Code - 302.
.. _envoy_v3_api_enum_value_config.route.v3.RedirectAction.RedirectResponseCode.SEE_OTHER:
SEE_OTHER
See Other HTTP Status Code - 303.
.. _envoy_v3_api_enum_value_config.route.v3.RedirectAction.RedirectResponseCode.TEMPORARY_REDIRECT:
TEMPORARY_REDIRECT
Temporary Redirect HTTP Status Code - 307.
.. _envoy_v3_api_enum_value_config.route.v3.RedirectAction.RedirectResponseCode.PERMANENT_REDIRECT:
PERMANENT_REDIRECT
Permanent Redirect HTTP Status Code - 308.
.. _envoy_v3_api_msg_config.route.v3.DirectResponseAction:
config.route.v3.DirectResponseAction
------------------------------------
:repo:`[config.route.v3.DirectResponseAction proto] <api/envoy/config/route/v3/route_components.proto#L1759>`
.. code-block:: json
:force:
{
"status": ...,
"body": {...}
}
.. _envoy_v3_api_field_config.route.v3.DirectResponseAction.status:
status
(`uint32 <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Specifies the HTTP response status to be returned.
.. _envoy_v3_api_field_config.route.v3.DirectResponseAction.body:
body
(:ref:`config.core.v3.DataSource <envoy_v3_api_msg_config.core.v3.DataSource>`) Specifies the content of the response body. If this setting is omitted,
no body is included in the generated response.
.. note::
Headers can be specified using ``response_headers_to_add`` in the enclosing
:ref:`envoy_v3_api_msg_config.route.v3.Route`, :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration` or
:ref:`envoy_v3_api_msg_config.route.v3.VirtualHost`.
.. _envoy_v3_api_msg_config.route.v3.Decorator:
config.route.v3.Decorator
-------------------------
:repo:`[config.route.v3.Decorator proto] <api/envoy/config/route/v3/route_components.proto#L1781>`
.. code-block:: json
:force:
{
"operation": ...,
"propagate": {...}
}
.. _envoy_v3_api_field_config.route.v3.Decorator.operation:
operation
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) The operation name associated with the request matched to this route. If tracing is
enabled, this information will be used as the span name reported for this request.
.. note::
For ingress (inbound) requests, or egress (outbound) responses, this value may be overridden
by the :ref:`x-envoy-decorator-operation
<config_http_filters_router_x-envoy-decorator-operation>` header.
.. _envoy_v3_api_field_config.route.v3.Decorator.propagate:
propagate
(`BoolValue <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue>`_) Whether the decorated details should be propagated to the other party. The default is true.
.. _envoy_v3_api_msg_config.route.v3.Tracing:
config.route.v3.Tracing
-----------------------
:repo:`[config.route.v3.Tracing proto] <api/envoy/config/route/v3/route_components.proto#L1798>`
.. code-block:: json
:force:
{
"client_sampling": {...},
"random_sampling": {...},
"overall_sampling": {...},
"custom_tags": []
}
.. _envoy_v3_api_field_config.route.v3.Tracing.client_sampling:
client_sampling
(:ref:`type.v3.FractionalPercent <envoy_v3_api_msg_type.v3.FractionalPercent>`) Target percentage of requests managed by this HTTP connection manager that will be force
traced if the :ref:`x-client-trace-id <config_http_conn_man_headers_x-client-trace-id>`
header is set. This field is a direct analog for the runtime variable
'tracing.client_enabled' in the :ref:`HTTP Connection Manager
<config_http_conn_man_runtime>`.
Default: 100%
.. _envoy_v3_api_field_config.route.v3.Tracing.random_sampling:
random_sampling
(:ref:`type.v3.FractionalPercent <envoy_v3_api_msg_type.v3.FractionalPercent>`) Target percentage of requests managed by this HTTP connection manager that will be randomly
selected for trace generation, if not requested by the client or not forced. This field is
a direct analog for the runtime variable 'tracing.random_sampling' in the
:ref:`HTTP Connection Manager <config_http_conn_man_runtime>`.
Default: 100%
.. _envoy_v3_api_field_config.route.v3.Tracing.overall_sampling:
overall_sampling
(:ref:`type.v3.FractionalPercent <envoy_v3_api_msg_type.v3.FractionalPercent>`) Target percentage of requests managed by this HTTP connection manager that will be traced
after all other sampling checks have been applied (client-directed, force tracing, random
sampling). This field functions as an upper limit on the total configured sampling rate. For
instance, setting client_sampling to 100% but overall_sampling to 1% will result in only 1%
of client requests with the appropriate headers to be force traced. This field is a direct
analog for the runtime variable 'tracing.global_enabled' in the
:ref:`HTTP Connection Manager <config_http_conn_man_runtime>`.
Default: 100%
.. _envoy_v3_api_field_config.route.v3.Tracing.custom_tags:
custom_tags
(**repeated** :ref:`type.tracing.v3.CustomTag <envoy_v3_api_msg_type.tracing.v3.CustomTag>`) A list of custom tags with unique tag name to create tags for the active span.
It will take effect after merging with the :ref:`corresponding configuration
<envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.Tracing.custom_tags>`
configured in the HTTP connection manager. If two tags with the same name are configured
each in the HTTP connection manager and the route level, the one configured here takes
priority.
.. _envoy_v3_api_msg_config.route.v3.VirtualCluster:
config.route.v3.VirtualCluster
------------------------------
:repo:`[config.route.v3.VirtualCluster proto] <api/envoy/config/route/v3/route_components.proto#L1852>`
A virtual cluster is a way of specifying a regex matching rule against
certain important endpoints such that statistics are generated explicitly for
the matched requests. The reason this is useful is that when doing
prefix/path matching Envoy does not always know what the application
considers to be an endpoint. Thus, it’s impossible for Envoy to generically
emit per endpoint statistics. However, often systems have highly critical
endpoints that they wish to get “perfect” statistics on. Virtual cluster
statistics are perfect in the sense that they are emitted on the downstream
side such that they include network level failures.
Documentation for :ref:`virtual cluster statistics <config_http_filters_router_vcluster_stats>`.
.. note::
Virtual clusters are a useful tool, but we do not recommend setting up a virtual cluster for
every application endpoint. This is both not easily maintainable and as well the matching and
statistics output are not free.
.. code-block:: json
:force:
{
"headers": [],
"name": ...
}
.. _envoy_v3_api_field_config.route.v3.VirtualCluster.headers:
headers
(**repeated** :ref:`config.route.v3.HeaderMatcher <envoy_v3_api_msg_config.route.v3.HeaderMatcher>`) Specifies a list of header matchers to use for matching requests. Each specified header must
match. The pseudo-headers ``:path`` and ``:method`` can be used to match the request path and
method, respectively.
.. _envoy_v3_api_field_config.route.v3.VirtualCluster.name:
name
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) Specifies the name of the virtual cluster. The virtual cluster name as well
as the virtual host name are used when emitting statistics. The statistics are emitted by the
router filter and are documented :ref:`here <config_http_filters_router_stats>`.
.. _envoy_v3_api_msg_config.route.v3.RateLimit:
config.route.v3.RateLimit
-------------------------
:repo:`[config.route.v3.RateLimit proto] <api/envoy/config/route/v3/route_components.proto#L1872>`
Global rate limiting :ref:`architecture overview <arch_overview_global_rate_limit>`.
Also applies to Local rate limiting :ref:`using descriptors <config_http_filters_local_rate_limit_descriptors>`.
.. code-block:: json
:force:
{
"stage": {...},
"disable_key": ...,
"actions": [],
"limit": {...}
}
.. _envoy_v3_api_field_config.route.v3.RateLimit.stage:
stage
(`UInt32Value <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#uint32value>`_) Refers to the stage set in the filter. The rate limit configuration only
applies to filters with the same stage number. The default stage number is
0.
.. note::
The filter supports a range of 0 - 10 inclusively for stage numbers.
.. _envoy_v3_api_field_config.route.v3.RateLimit.disable_key:
disable_key
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) The key to be set in runtime to disable this rate limit configuration.
.. _envoy_v3_api_field_config.route.v3.RateLimit.actions:
actions
(**repeated** :ref:`config.route.v3.RateLimit.Action <envoy_v3_api_msg_config.route.v3.RateLimit.Action>`, *REQUIRED*) A list of actions that are to be applied for this rate limit configuration.
Order matters as the actions are processed sequentially and the descriptor
is composed by appending descriptor entries in that sequence. If an action
cannot append a descriptor entry, no descriptor is generated for the
configuration. See :ref:`composing actions
<config_http_filters_rate_limit_composing_actions>` for additional documentation.
.. _envoy_v3_api_field_config.route.v3.RateLimit.limit:
limit
(:ref:`config.route.v3.RateLimit.Override <envoy_v3_api_msg_config.route.v3.RateLimit.Override>`) An optional limit override to be appended to the descriptor produced by this
rate limit configuration. If the override value is invalid or cannot be resolved
from metadata, no override is provided. See :ref:`rate limit override
<config_http_filters_rate_limit_rate_limit_override>` for more information.
.. _envoy_v3_api_msg_config.route.v3.RateLimit.Action:
config.route.v3.RateLimit.Action
--------------------------------
:repo:`[config.route.v3.RateLimit.Action proto] <api/envoy/config/route/v3/route_components.proto#L1876>`
.. code-block:: json
:force:
{
"source_cluster": {...},
"destination_cluster": {...},
"request_headers": {...},
"remote_address": {...},
"generic_key": {...},
"header_value_match": {...},
"dynamic_metadata": {...},
"metadata": {...},
"extension": {...},
"masked_remote_address": {...},
"query_parameter_value_match": {...}
}
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.source_cluster:
source_cluster
(:ref:`config.route.v3.RateLimit.Action.SourceCluster <envoy_v3_api_msg_config.route.v3.RateLimit.Action.SourceCluster>`) Rate limit on source cluster.
Precisely one of :ref:`source_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.source_cluster>`, :ref:`destination_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.destination_cluster>`, :ref:`request_headers <envoy_v3_api_field_config.route.v3.RateLimit.Action.request_headers>`, :ref:`remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.remote_address>`, :ref:`generic_key <envoy_v3_api_field_config.route.v3.RateLimit.Action.generic_key>`, :ref:`header_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.header_value_match>`, :ref:`dynamic_metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.dynamic_metadata>`, :ref:`metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.metadata>`, :ref:`extension <envoy_v3_api_field_config.route.v3.RateLimit.Action.extension>`, :ref:`masked_remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.masked_remote_address>`, :ref:`query_parameter_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.query_parameter_value_match>` must be set.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.destination_cluster:
destination_cluster
(:ref:`config.route.v3.RateLimit.Action.DestinationCluster <envoy_v3_api_msg_config.route.v3.RateLimit.Action.DestinationCluster>`) Rate limit on destination cluster.
Precisely one of :ref:`source_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.source_cluster>`, :ref:`destination_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.destination_cluster>`, :ref:`request_headers <envoy_v3_api_field_config.route.v3.RateLimit.Action.request_headers>`, :ref:`remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.remote_address>`, :ref:`generic_key <envoy_v3_api_field_config.route.v3.RateLimit.Action.generic_key>`, :ref:`header_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.header_value_match>`, :ref:`dynamic_metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.dynamic_metadata>`, :ref:`metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.metadata>`, :ref:`extension <envoy_v3_api_field_config.route.v3.RateLimit.Action.extension>`, :ref:`masked_remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.masked_remote_address>`, :ref:`query_parameter_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.query_parameter_value_match>` must be set.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.request_headers:
request_headers
(:ref:`config.route.v3.RateLimit.Action.RequestHeaders <envoy_v3_api_msg_config.route.v3.RateLimit.Action.RequestHeaders>`) Rate limit on request headers.
Precisely one of :ref:`source_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.source_cluster>`, :ref:`destination_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.destination_cluster>`, :ref:`request_headers <envoy_v3_api_field_config.route.v3.RateLimit.Action.request_headers>`, :ref:`remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.remote_address>`, :ref:`generic_key <envoy_v3_api_field_config.route.v3.RateLimit.Action.generic_key>`, :ref:`header_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.header_value_match>`, :ref:`dynamic_metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.dynamic_metadata>`, :ref:`metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.metadata>`, :ref:`extension <envoy_v3_api_field_config.route.v3.RateLimit.Action.extension>`, :ref:`masked_remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.masked_remote_address>`, :ref:`query_parameter_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.query_parameter_value_match>` must be set.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.remote_address:
remote_address
(:ref:`config.route.v3.RateLimit.Action.RemoteAddress <envoy_v3_api_msg_config.route.v3.RateLimit.Action.RemoteAddress>`) Rate limit on remote address.
Precisely one of :ref:`source_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.source_cluster>`, :ref:`destination_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.destination_cluster>`, :ref:`request_headers <envoy_v3_api_field_config.route.v3.RateLimit.Action.request_headers>`, :ref:`remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.remote_address>`, :ref:`generic_key <envoy_v3_api_field_config.route.v3.RateLimit.Action.generic_key>`, :ref:`header_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.header_value_match>`, :ref:`dynamic_metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.dynamic_metadata>`, :ref:`metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.metadata>`, :ref:`extension <envoy_v3_api_field_config.route.v3.RateLimit.Action.extension>`, :ref:`masked_remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.masked_remote_address>`, :ref:`query_parameter_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.query_parameter_value_match>` must be set.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.generic_key:
generic_key
(:ref:`config.route.v3.RateLimit.Action.GenericKey <envoy_v3_api_msg_config.route.v3.RateLimit.Action.GenericKey>`) Rate limit on a generic key.
Precisely one of :ref:`source_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.source_cluster>`, :ref:`destination_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.destination_cluster>`, :ref:`request_headers <envoy_v3_api_field_config.route.v3.RateLimit.Action.request_headers>`, :ref:`remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.remote_address>`, :ref:`generic_key <envoy_v3_api_field_config.route.v3.RateLimit.Action.generic_key>`, :ref:`header_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.header_value_match>`, :ref:`dynamic_metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.dynamic_metadata>`, :ref:`metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.metadata>`, :ref:`extension <envoy_v3_api_field_config.route.v3.RateLimit.Action.extension>`, :ref:`masked_remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.masked_remote_address>`, :ref:`query_parameter_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.query_parameter_value_match>` must be set.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.header_value_match:
header_value_match
(:ref:`config.route.v3.RateLimit.Action.HeaderValueMatch <envoy_v3_api_msg_config.route.v3.RateLimit.Action.HeaderValueMatch>`) Rate limit on the existence of request headers.
Precisely one of :ref:`source_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.source_cluster>`, :ref:`destination_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.destination_cluster>`, :ref:`request_headers <envoy_v3_api_field_config.route.v3.RateLimit.Action.request_headers>`, :ref:`remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.remote_address>`, :ref:`generic_key <envoy_v3_api_field_config.route.v3.RateLimit.Action.generic_key>`, :ref:`header_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.header_value_match>`, :ref:`dynamic_metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.dynamic_metadata>`, :ref:`metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.metadata>`, :ref:`extension <envoy_v3_api_field_config.route.v3.RateLimit.Action.extension>`, :ref:`masked_remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.masked_remote_address>`, :ref:`query_parameter_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.query_parameter_value_match>` must be set.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.dynamic_metadata:
dynamic_metadata
(:ref:`config.route.v3.RateLimit.Action.DynamicMetaData <envoy_v3_api_msg_config.route.v3.RateLimit.Action.DynamicMetaData>`) Rate limit on dynamic metadata.
.. attention::
This field has been deprecated in favor of the :ref:`metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.metadata>` field
Precisely one of :ref:`source_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.source_cluster>`, :ref:`destination_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.destination_cluster>`, :ref:`request_headers <envoy_v3_api_field_config.route.v3.RateLimit.Action.request_headers>`, :ref:`remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.remote_address>`, :ref:`generic_key <envoy_v3_api_field_config.route.v3.RateLimit.Action.generic_key>`, :ref:`header_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.header_value_match>`, :ref:`dynamic_metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.dynamic_metadata>`, :ref:`metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.metadata>`, :ref:`extension <envoy_v3_api_field_config.route.v3.RateLimit.Action.extension>`, :ref:`masked_remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.masked_remote_address>`, :ref:`query_parameter_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.query_parameter_value_match>` must be set.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.metadata:
metadata
(:ref:`config.route.v3.RateLimit.Action.MetaData <envoy_v3_api_msg_config.route.v3.RateLimit.Action.MetaData>`) Rate limit on metadata.
Precisely one of :ref:`source_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.source_cluster>`, :ref:`destination_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.destination_cluster>`, :ref:`request_headers <envoy_v3_api_field_config.route.v3.RateLimit.Action.request_headers>`, :ref:`remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.remote_address>`, :ref:`generic_key <envoy_v3_api_field_config.route.v3.RateLimit.Action.generic_key>`, :ref:`header_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.header_value_match>`, :ref:`dynamic_metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.dynamic_metadata>`, :ref:`metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.metadata>`, :ref:`extension <envoy_v3_api_field_config.route.v3.RateLimit.Action.extension>`, :ref:`masked_remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.masked_remote_address>`, :ref:`query_parameter_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.query_parameter_value_match>` must be set.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.extension:
extension
(:ref:`config.core.v3.TypedExtensionConfig <envoy_v3_api_msg_config.core.v3.TypedExtensionConfig>`) Rate limit descriptor extension. See the rate limit descriptor extensions documentation.
:ref:`HTTP matching input functions <arch_overview_matching_api>` are
permitted as descriptor extensions. The input functions are only
looked up if there is no rate limit descriptor extension matching
the type URL.
.. _extension_category_envoy.rate_limit_descriptors:
.. tip::
This extension category has the following known extensions:
- :ref:`envoy.rate_limit_descriptors.expr <extension_envoy.rate_limit_descriptors.expr>`
Precisely one of :ref:`source_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.source_cluster>`, :ref:`destination_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.destination_cluster>`, :ref:`request_headers <envoy_v3_api_field_config.route.v3.RateLimit.Action.request_headers>`, :ref:`remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.remote_address>`, :ref:`generic_key <envoy_v3_api_field_config.route.v3.RateLimit.Action.generic_key>`, :ref:`header_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.header_value_match>`, :ref:`dynamic_metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.dynamic_metadata>`, :ref:`metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.metadata>`, :ref:`extension <envoy_v3_api_field_config.route.v3.RateLimit.Action.extension>`, :ref:`masked_remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.masked_remote_address>`, :ref:`query_parameter_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.query_parameter_value_match>` must be set.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.masked_remote_address:
masked_remote_address
(:ref:`config.route.v3.RateLimit.Action.MaskedRemoteAddress <envoy_v3_api_msg_config.route.v3.RateLimit.Action.MaskedRemoteAddress>`) Rate limit on masked remote address.
Precisely one of :ref:`source_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.source_cluster>`, :ref:`destination_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.destination_cluster>`, :ref:`request_headers <envoy_v3_api_field_config.route.v3.RateLimit.Action.request_headers>`, :ref:`remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.remote_address>`, :ref:`generic_key <envoy_v3_api_field_config.route.v3.RateLimit.Action.generic_key>`, :ref:`header_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.header_value_match>`, :ref:`dynamic_metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.dynamic_metadata>`, :ref:`metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.metadata>`, :ref:`extension <envoy_v3_api_field_config.route.v3.RateLimit.Action.extension>`, :ref:`masked_remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.masked_remote_address>`, :ref:`query_parameter_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.query_parameter_value_match>` must be set.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.query_parameter_value_match:
query_parameter_value_match
(:ref:`config.route.v3.RateLimit.Action.QueryParameterValueMatch <envoy_v3_api_msg_config.route.v3.RateLimit.Action.QueryParameterValueMatch>`) Rate limit on the existence of query parameters.
Precisely one of :ref:`source_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.source_cluster>`, :ref:`destination_cluster <envoy_v3_api_field_config.route.v3.RateLimit.Action.destination_cluster>`, :ref:`request_headers <envoy_v3_api_field_config.route.v3.RateLimit.Action.request_headers>`, :ref:`remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.remote_address>`, :ref:`generic_key <envoy_v3_api_field_config.route.v3.RateLimit.Action.generic_key>`, :ref:`header_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.header_value_match>`, :ref:`dynamic_metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.dynamic_metadata>`, :ref:`metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.metadata>`, :ref:`extension <envoy_v3_api_field_config.route.v3.RateLimit.Action.extension>`, :ref:`masked_remote_address <envoy_v3_api_field_config.route.v3.RateLimit.Action.masked_remote_address>`, :ref:`query_parameter_value_match <envoy_v3_api_field_config.route.v3.RateLimit.Action.query_parameter_value_match>` must be set.
.. _envoy_v3_api_msg_config.route.v3.RateLimit.Action.SourceCluster:
config.route.v3.RateLimit.Action.SourceCluster
----------------------------------------------
:repo:`[config.route.v3.RateLimit.Action.SourceCluster proto] <api/envoy/config/route/v3/route_components.proto#L1887>`
The following descriptor entry is appended to the descriptor:
.. code-block:: cpp
("source_cluster", "<local service cluster>")
<local service cluster> is derived from the :option:`--service-cluster` option.
.. _envoy_v3_api_msg_config.route.v3.RateLimit.Action.DestinationCluster:
config.route.v3.RateLimit.Action.DestinationCluster
---------------------------------------------------
:repo:`[config.route.v3.RateLimit.Action.DestinationCluster proto] <api/envoy/config/route/v3/route_components.proto#L1908>`
The following descriptor entry is appended to the descriptor:
.. code-block:: cpp
("destination_cluster", "<routed target cluster>")
Once a request matches against a route table rule, a routed cluster is determined by one of
the following :ref:`route table configuration <envoy_v3_api_msg_config.route.v3.RouteConfiguration>`
settings:
* :ref:`cluster <envoy_v3_api_field_config.route.v3.RouteAction.cluster>` indicates the upstream cluster
to route to.
* :ref:`weighted_clusters <envoy_v3_api_field_config.route.v3.RouteAction.weighted_clusters>`
chooses a cluster randomly from a set of clusters with attributed weight.
* :ref:`cluster_header <envoy_v3_api_field_config.route.v3.RouteAction.cluster_header>` indicates which
header in the request contains the target cluster.
.. _envoy_v3_api_msg_config.route.v3.RateLimit.Action.RequestHeaders:
config.route.v3.RateLimit.Action.RequestHeaders
-----------------------------------------------
:repo:`[config.route.v3.RateLimit.Action.RequestHeaders proto] <api/envoy/config/route/v3/route_components.proto#L1919>`
The following descriptor entry is appended when a header contains a key that matches the
``header_name``:
.. code-block:: cpp
("<descriptor_key>", "<header_value_queried_from_header>")
.. code-block:: json
:force:
{
"header_name": ...,
"descriptor_key": ...,
"skip_if_absent": ...
}
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.RequestHeaders.header_name:
header_name
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) The header name to be queried from the request headers. The header’s
value is used to populate the value of the descriptor entry for the
descriptor_key.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.RequestHeaders.descriptor_key:
descriptor_key
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) The key to use in the descriptor entry.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.RequestHeaders.skip_if_absent:
skip_if_absent
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) If set to true, Envoy skips the descriptor while calling rate limiting service
when header is not present in the request. By default it skips calling the
rate limiting service if this header is not present in the request.
.. _envoy_v3_api_msg_config.route.v3.RateLimit.Action.RemoteAddress:
config.route.v3.RateLimit.Action.RemoteAddress
----------------------------------------------
:repo:`[config.route.v3.RateLimit.Action.RemoteAddress proto] <api/envoy/config/route/v3/route_components.proto#L1944>`
The following descriptor entry is appended to the descriptor and is populated using the
trusted address from :ref:`x-forwarded-for <config_http_conn_man_headers_x-forwarded-for>`:
.. code-block:: cpp
("remote_address", "<trusted address from x-forwarded-for>")
.. _envoy_v3_api_msg_config.route.v3.RateLimit.Action.MaskedRemoteAddress:
config.route.v3.RateLimit.Action.MaskedRemoteAddress
----------------------------------------------------
:repo:`[config.route.v3.RateLimit.Action.MaskedRemoteAddress proto] <api/envoy/config/route/v3/route_components.proto#L1955>`
The following descriptor entry is appended to the descriptor and is populated using the
masked address from :ref:`x-forwarded-for <config_http_conn_man_headers_x-forwarded-for>`:
.. code-block:: cpp
("masked_remote_address", "<masked address from x-forwarded-for>")
.. code-block:: json
:force:
{
"v4_prefix_mask_len": {...},
"v6_prefix_mask_len": {...}
}
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.MaskedRemoteAddress.v4_prefix_mask_len:
v4_prefix_mask_len
(`UInt32Value <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#uint32value>`_) Length of prefix mask len for IPv4 (e.g. 0, 32).
Defaults to 32 when unset.
For example, trusted address from x-forwarded-for is ``192.168.1.1``,
the descriptor entry is ("masked_remote_address", "192.168.1.1/32");
if mask len is 24, the descriptor entry is ("masked_remote_address", "192.168.1.0/24").
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.MaskedRemoteAddress.v6_prefix_mask_len:
v6_prefix_mask_len
(`UInt32Value <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#uint32value>`_) Length of prefix mask len for IPv6 (e.g. 0, 128).
Defaults to 128 when unset.
For example, trusted address from x-forwarded-for is ``2001:abcd:ef01:2345:6789:abcd:ef01:234``,
the descriptor entry is ("masked_remote_address", "2001:abcd:ef01:2345:6789:abcd:ef01:234/128");
if mask len is 64, the descriptor entry is ("masked_remote_address", "2001:abcd:ef01:2345::/64").
.. _envoy_v3_api_msg_config.route.v3.RateLimit.Action.GenericKey:
config.route.v3.RateLimit.Action.GenericKey
-------------------------------------------
:repo:`[config.route.v3.RateLimit.Action.GenericKey proto] <api/envoy/config/route/v3/route_components.proto#L1976>`
The following descriptor entry is appended to the descriptor:
.. code-block:: cpp
("generic_key", "<descriptor_value>")
.. code-block:: json
:force:
{
"descriptor_value": ...,
"descriptor_key": ...
}
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.GenericKey.descriptor_value:
descriptor_value
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) The value to use in the descriptor entry.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.GenericKey.descriptor_key:
descriptor_key
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) An optional key to use in the descriptor entry. If not set it defaults
to 'generic_key' as the descriptor key.
.. _envoy_v3_api_msg_config.route.v3.RateLimit.Action.HeaderValueMatch:
config.route.v3.RateLimit.Action.HeaderValueMatch
-------------------------------------------------
:repo:`[config.route.v3.RateLimit.Action.HeaderValueMatch proto] <api/envoy/config/route/v3/route_components.proto#L1993>`
The following descriptor entry is appended to the descriptor:
.. code-block:: cpp
("header_match", "<descriptor_value>")
.. code-block:: json
:force:
{
"descriptor_key": ...,
"descriptor_value": ...,
"expect_match": {...},
"headers": []
}
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.HeaderValueMatch.descriptor_key:
descriptor_key
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) The key to use in the descriptor entry. Defaults to ``header_match``.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.HeaderValueMatch.descriptor_value:
descriptor_value
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) The value to use in the descriptor entry.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.HeaderValueMatch.expect_match:
expect_match
(`BoolValue <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue>`_) If set to true, the action will append a descriptor entry when the
request matches the headers. If set to false, the action will append a
descriptor entry when the request does not match the headers. The
default value is true.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.HeaderValueMatch.headers:
headers
(**repeated** :ref:`config.route.v3.HeaderMatcher <envoy_v3_api_msg_config.route.v3.HeaderMatcher>`, *REQUIRED*) Specifies a set of headers that the rate limit action should match
on. The action will check the request’s headers against all the
specified headers in the config. A match will happen if all the
headers in the config are present in the request with the same values
(or based on presence if the value field is not in the config).
.. _envoy_v3_api_msg_config.route.v3.RateLimit.Action.DynamicMetaData:
config.route.v3.RateLimit.Action.DynamicMetaData
------------------------------------------------
:repo:`[config.route.v3.RateLimit.Action.DynamicMetaData proto] <api/envoy/config/route/v3/route_components.proto#L2026>`
The following descriptor entry is appended when the
:ref:`dynamic metadata <well_known_dynamic_metadata>` contains a key value:
.. code-block:: cpp
("<descriptor_key>", "<value_queried_from_dynamic_metadata>")
.. attention::
This action has been deprecated in favor of the :ref:`metadata <envoy_v3_api_msg_config.route.v3.RateLimit.Action.MetaData>` action
.. code-block:: json
:force:
{
"descriptor_key": ...,
"metadata_key": {...},
"default_value": ...
}
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.DynamicMetaData.descriptor_key:
descriptor_key
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) The key to use in the descriptor entry.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.DynamicMetaData.metadata_key:
metadata_key
(:ref:`type.metadata.v3.MetadataKey <envoy_v3_api_msg_type.metadata.v3.MetadataKey>`, *REQUIRED*) Metadata struct that defines the key and path to retrieve the string value. A match will
only happen if the value in the dynamic metadata is of type string.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.DynamicMetaData.default_value:
default_value
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) An optional value to use if ``metadata_key`` is empty. If not set and
no value is present under the metadata_key then no descriptor is generated.
.. _envoy_v3_api_msg_config.route.v3.RateLimit.Action.MetaData:
config.route.v3.RateLimit.Action.MetaData
-----------------------------------------
:repo:`[config.route.v3.RateLimit.Action.MetaData proto] <api/envoy/config/route/v3/route_components.proto#L2045>`
The following descriptor entry is appended when the metadata contains a key value:
.. code-block:: cpp
("<descriptor_key>", "<value_queried_from_metadata>")
.. code-block:: json
:force:
{
"descriptor_key": ...,
"metadata_key": {...},
"default_value": ...,
"source": ...,
"skip_if_absent": ...
}
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.MetaData.descriptor_key:
descriptor_key
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) The key to use in the descriptor entry.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.MetaData.metadata_key:
metadata_key
(:ref:`type.metadata.v3.MetadataKey <envoy_v3_api_msg_type.metadata.v3.MetadataKey>`, *REQUIRED*) Metadata struct that defines the key and path to retrieve the string value. A match will
only happen if the value in the metadata is of type string.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.MetaData.default_value:
default_value
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) An optional value to use if ``metadata_key`` is empty. If not set and
no value is present under the metadata_key then ``skip_if_absent`` is followed to
skip calling the rate limiting service or skip the descriptor.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.MetaData.source:
source
(:ref:`config.route.v3.RateLimit.Action.MetaData.Source <envoy_v3_api_enum_config.route.v3.RateLimit.Action.MetaData.Source>`) Source of metadata
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.MetaData.skip_if_absent:
skip_if_absent
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) If set to true, Envoy skips the descriptor while calling rate limiting service
when ``metadata_key`` is empty and ``default_value`` is not set. By default it skips calling the
rate limiting service in that case.
.. _envoy_v3_api_enum_config.route.v3.RateLimit.Action.MetaData.Source:
Enum config.route.v3.RateLimit.Action.MetaData.Source
-----------------------------------------------------
:repo:`[config.route.v3.RateLimit.Action.MetaData.Source proto] <api/envoy/config/route/v3/route_components.proto#L2046>`
.. _envoy_v3_api_enum_value_config.route.v3.RateLimit.Action.MetaData.Source.DYNAMIC:
DYNAMIC
*(DEFAULT)* Query :ref:`dynamic metadata <well_known_dynamic_metadata>`
.. _envoy_v3_api_enum_value_config.route.v3.RateLimit.Action.MetaData.Source.ROUTE_ENTRY:
ROUTE_ENTRY
Query :ref:`route entry metadata <envoy_v3_api_field_config.route.v3.Route.metadata>`
.. _envoy_v3_api_msg_config.route.v3.RateLimit.Action.QueryParameterValueMatch:
config.route.v3.RateLimit.Action.QueryParameterValueMatch
---------------------------------------------------------
:repo:`[config.route.v3.RateLimit.Action.QueryParameterValueMatch proto] <api/envoy/config/route/v3/route_components.proto#L2080>`
The following descriptor entry is appended to the descriptor:
.. code-block:: cpp
("query_match", "<descriptor_value>")
.. code-block:: json
:force:
{
"descriptor_key": ...,
"descriptor_value": ...,
"expect_match": {...},
"query_parameters": []
}
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.QueryParameterValueMatch.descriptor_key:
descriptor_key
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) The key to use in the descriptor entry. Defaults to ``query_match``.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.QueryParameterValueMatch.descriptor_value:
descriptor_value
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) The value to use in the descriptor entry.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.QueryParameterValueMatch.expect_match:
expect_match
(`BoolValue <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue>`_) If set to true, the action will append a descriptor entry when the
request matches the headers. If set to false, the action will append a
descriptor entry when the request does not match the headers. The
default value is true.
.. _envoy_v3_api_field_config.route.v3.RateLimit.Action.QueryParameterValueMatch.query_parameters:
query_parameters
(**repeated** :ref:`config.route.v3.QueryParameterMatcher <envoy_v3_api_msg_config.route.v3.QueryParameterMatcher>`, *REQUIRED*) Specifies a set of query parameters that the rate limit action should match
on. The action will check the request’s query parameters against all the
specified query parameters in the config. A match will happen if all the
query parameters in the config are present in the request with the same values
(or based on presence if the value field is not in the config).
.. _envoy_v3_api_msg_config.route.v3.RateLimit.Override:
config.route.v3.RateLimit.Override
----------------------------------
:repo:`[config.route.v3.RateLimit.Override proto] <api/envoy/config/route/v3/route_components.proto#L2154>`
.. code-block:: json
:force:
{
"dynamic_metadata": {...}
}
.. _envoy_v3_api_field_config.route.v3.RateLimit.Override.dynamic_metadata:
dynamic_metadata
(:ref:`config.route.v3.RateLimit.Override.DynamicMetadata <envoy_v3_api_msg_config.route.v3.RateLimit.Override.DynamicMetadata>`, *REQUIRED*) Limit override from dynamic metadata.
.. _envoy_v3_api_msg_config.route.v3.RateLimit.Override.DynamicMetadata:
config.route.v3.RateLimit.Override.DynamicMetadata
--------------------------------------------------
:repo:`[config.route.v3.RateLimit.Override.DynamicMetadata proto] <api/envoy/config/route/v3/route_components.proto#L2156>`
Fetches the override from the dynamic metadata.
.. code-block:: json
:force:
{
"metadata_key": {...}
}
.. _envoy_v3_api_field_config.route.v3.RateLimit.Override.DynamicMetadata.metadata_key:
metadata_key
(:ref:`type.metadata.v3.MetadataKey <envoy_v3_api_msg_type.metadata.v3.MetadataKey>`, *REQUIRED*) Metadata struct that defines the key and path to retrieve the struct value.
The value must be a struct containing an integer "requests_per_unit" property
and a "unit" property with a value parseable to :ref:`RateLimitUnit
enum <envoy_v3_api_enum_type.v3.RateLimitUnit>`
.. _envoy_v3_api_msg_config.route.v3.HeaderMatcher:
config.route.v3.HeaderMatcher
-----------------------------
:repo:`[config.route.v3.HeaderMatcher proto] <api/envoy/config/route/v3/route_components.proto#L2226>`
.. attention::
Internally, Envoy always uses the HTTP/2 ``:authority`` header to represent the HTTP/1 ``Host``
header. Thus, if attempting to match on ``Host``, match on ``:authority`` instead.
.. attention::
To route on HTTP method, use the special HTTP/2 ``:method`` header. This works for both
HTTP/1 and HTTP/2 as Envoy normalizes headers. E.g.,
.. code-block:: json
{
"name": ":method",
"string_match": {
"exact": "POST"
}
}
.. attention::
In the absence of any header match specifier, match will default to :ref:`present_match
<envoy_v3_api_field_config.route.v3.HeaderMatcher.present_match>`. i.e, a request that has the :ref:`name
<envoy_v3_api_field_config.route.v3.HeaderMatcher.name>` header will match, regardless of the header's
value.
.. code-block:: json
:force:
{
"name": ...,
"exact_match": ...,
"safe_regex_match": {...},
"range_match": {...},
"present_match": ...,
"prefix_match": ...,
"suffix_match": ...,
"contains_match": ...,
"string_match": {...},
"invert_match": ...,
"treat_missing_header_as_empty": ...
}
.. _envoy_v3_api_field_config.route.v3.HeaderMatcher.name:
name
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) Specifies the name of the header in the request.
.. _envoy_v3_api_field_config.route.v3.HeaderMatcher.exact_match:
exact_match
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) If specified, header match will be performed based on the value of the header.
This field is deprecated. Please use :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>`.
Specifies how the header match will be performed to route the request.
Only one of :ref:`exact_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.exact_match>`, :ref:`safe_regex_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.safe_regex_match>`, :ref:`range_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.range_match>`, :ref:`present_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.present_match>`, :ref:`prefix_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.prefix_match>`, :ref:`suffix_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.suffix_match>`, :ref:`contains_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.contains_match>`, :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>` may be set.
.. _envoy_v3_api_field_config.route.v3.HeaderMatcher.safe_regex_match:
safe_regex_match
(:ref:`type.matcher.v3.RegexMatcher <envoy_v3_api_msg_type.matcher.v3.RegexMatcher>`) If specified, this regex string is a regular expression rule which implies the entire request
header value must match the regex. The rule will not match if only a subsequence of the
request header value matches the regex.
This field is deprecated. Please use :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>`.
Specifies how the header match will be performed to route the request.
Only one of :ref:`exact_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.exact_match>`, :ref:`safe_regex_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.safe_regex_match>`, :ref:`range_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.range_match>`, :ref:`present_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.present_match>`, :ref:`prefix_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.prefix_match>`, :ref:`suffix_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.suffix_match>`, :ref:`contains_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.contains_match>`, :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>` may be set.
.. _envoy_v3_api_field_config.route.v3.HeaderMatcher.range_match:
range_match
(:ref:`type.v3.Int64Range <envoy_v3_api_msg_type.v3.Int64Range>`) If specified, header match will be performed based on range.
The rule will match if the request header value is within this range.
The entire request header value must represent an integer in base 10 notation: consisting of
an optional plus or minus sign followed by a sequence of digits. The rule will not match if
the header value does not represent an integer. Match will fail for empty values, floating
point numbers or if only a subsequence of the header value is an integer.
Examples:
* For range [-10,0), route will match for header value -1, but not for 0, ``somestring``, 10.9,
``-1somestring``
Specifies how the header match will be performed to route the request.
Only one of :ref:`exact_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.exact_match>`, :ref:`safe_regex_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.safe_regex_match>`, :ref:`range_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.range_match>`, :ref:`present_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.present_match>`, :ref:`prefix_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.prefix_match>`, :ref:`suffix_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.suffix_match>`, :ref:`contains_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.contains_match>`, :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>` may be set.
.. _envoy_v3_api_field_config.route.v3.HeaderMatcher.present_match:
present_match
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) If specified as true, header match will be performed based on whether the header is in the
request. If specified as false, header match will be performed based on whether the header is absent.
Specifies how the header match will be performed to route the request.
Only one of :ref:`exact_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.exact_match>`, :ref:`safe_regex_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.safe_regex_match>`, :ref:`range_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.range_match>`, :ref:`present_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.present_match>`, :ref:`prefix_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.prefix_match>`, :ref:`suffix_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.suffix_match>`, :ref:`contains_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.contains_match>`, :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>` may be set.
.. _envoy_v3_api_field_config.route.v3.HeaderMatcher.prefix_match:
prefix_match
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) If specified, header match will be performed based on the prefix of the header value.
Note: empty prefix is not allowed, please use present_match instead.
This field is deprecated. Please use :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>`.
Examples:
* The prefix ``abcd`` matches the value ``abcdxyz``, but not for ``abcxyz``.
Specifies how the header match will be performed to route the request.
Only one of :ref:`exact_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.exact_match>`, :ref:`safe_regex_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.safe_regex_match>`, :ref:`range_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.range_match>`, :ref:`present_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.present_match>`, :ref:`prefix_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.prefix_match>`, :ref:`suffix_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.suffix_match>`, :ref:`contains_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.contains_match>`, :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>` may be set.
.. _envoy_v3_api_field_config.route.v3.HeaderMatcher.suffix_match:
suffix_match
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) If specified, header match will be performed based on the suffix of the header value.
Note: empty suffix is not allowed, please use present_match instead.
This field is deprecated. Please use :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>`.
Examples:
* The suffix ``abcd`` matches the value ``xyzabcd``, but not for ``xyzbcd``.
Specifies how the header match will be performed to route the request.
Only one of :ref:`exact_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.exact_match>`, :ref:`safe_regex_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.safe_regex_match>`, :ref:`range_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.range_match>`, :ref:`present_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.present_match>`, :ref:`prefix_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.prefix_match>`, :ref:`suffix_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.suffix_match>`, :ref:`contains_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.contains_match>`, :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>` may be set.
.. _envoy_v3_api_field_config.route.v3.HeaderMatcher.contains_match:
contains_match
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) If specified, header match will be performed based on whether the header value contains
the given value or not.
Note: empty contains match is not allowed, please use present_match instead.
This field is deprecated. Please use :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>`.
Examples:
* The value ``abcd`` matches the value ``xyzabcdpqr``, but not for ``xyzbcdpqr``.
Specifies how the header match will be performed to route the request.
Only one of :ref:`exact_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.exact_match>`, :ref:`safe_regex_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.safe_regex_match>`, :ref:`range_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.range_match>`, :ref:`present_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.present_match>`, :ref:`prefix_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.prefix_match>`, :ref:`suffix_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.suffix_match>`, :ref:`contains_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.contains_match>`, :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>` may be set.
.. _envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match:
string_match
(:ref:`type.matcher.v3.StringMatcher <envoy_v3_api_msg_type.matcher.v3.StringMatcher>`) If specified, header match will be performed based on the string match of the header value.
Specifies how the header match will be performed to route the request.
Only one of :ref:`exact_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.exact_match>`, :ref:`safe_regex_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.safe_regex_match>`, :ref:`range_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.range_match>`, :ref:`present_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.present_match>`, :ref:`prefix_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.prefix_match>`, :ref:`suffix_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.suffix_match>`, :ref:`contains_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.contains_match>`, :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>` may be set.
.. _envoy_v3_api_field_config.route.v3.HeaderMatcher.invert_match:
invert_match
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) If specified, the match result will be inverted before checking. Defaults to false.
Examples:
* The regex ``\d{3}`` does not match the value ``1234``, so it will match when inverted.
* The range [-10,0) will match the value -1, so it will not match when inverted.
.. _envoy_v3_api_field_config.route.v3.HeaderMatcher.treat_missing_header_as_empty:
treat_missing_header_as_empty
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) If specified, for any header match rule, if the header match rule specified header
does not exist, this header value will be treated as empty. Defaults to false.
Examples:
* The header match rule specified header "header1" to range match of [0, 10],
:ref:`invert_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.invert_match>`
is set to true and :ref:`treat_missing_header_as_empty <envoy_v3_api_field_config.route.v3.HeaderMatcher.treat_missing_header_as_empty>`
is set to true; The "header1" header is not present. The match rule will
treat the "header1" as an empty header. The empty header does not match the range,
so it will match when inverted.
* The header match rule specified header "header2" to range match of [0, 10],
:ref:`invert_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.invert_match>`
is set to true and :ref:`treat_missing_header_as_empty <envoy_v3_api_field_config.route.v3.HeaderMatcher.treat_missing_header_as_empty>`
is set to false; The "header2" header is not present and the header
matcher rule for "header2" will be ignored so it will not match.
* The header match rule specified header "header3" to a string regex match
``^$`` which means an empty string, and
:ref:`treat_missing_header_as_empty <envoy_v3_api_field_config.route.v3.HeaderMatcher.treat_missing_header_as_empty>`
is set to true; The "header3" header is not present.
The match rule will treat the "header3" header as an empty header so it will match.
* The header match rule specified header "header4" to a string regex match
``^$`` which means an empty string, and
:ref:`treat_missing_header_as_empty <envoy_v3_api_field_config.route.v3.HeaderMatcher.treat_missing_header_as_empty>`
is set to false; The "header4" header is not present.
The match rule for "header4" will be ignored so it will not match.
.. _envoy_v3_api_msg_config.route.v3.QueryParameterMatcher:
config.route.v3.QueryParameterMatcher
-------------------------------------
:repo:`[config.route.v3.QueryParameterMatcher proto] <api/envoy/config/route/v3/route_components.proto#L2352>`
Query parameter matching treats the query string of a request's :path header
as an ampersand-separated list of keys and/or key=value elements.
.. code-block:: json
:force:
{
"name": ...,
"string_match": {...},
"present_match": ...
}
.. _envoy_v3_api_field_config.route.v3.QueryParameterMatcher.name:
name
(`string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_, *REQUIRED*) Specifies the name of a key that must be present in the requested
``path``'s query string.
.. _envoy_v3_api_field_config.route.v3.QueryParameterMatcher.string_match:
string_match
(:ref:`type.matcher.v3.StringMatcher <envoy_v3_api_msg_type.matcher.v3.StringMatcher>`) Specifies whether a query parameter value should match against a string.
Only one of :ref:`string_match <envoy_v3_api_field_config.route.v3.QueryParameterMatcher.string_match>`, :ref:`present_match <envoy_v3_api_field_config.route.v3.QueryParameterMatcher.present_match>` may be set.
.. _envoy_v3_api_field_config.route.v3.QueryParameterMatcher.present_match:
present_match
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Specifies whether a query parameter should be present.
Only one of :ref:`string_match <envoy_v3_api_field_config.route.v3.QueryParameterMatcher.string_match>`, :ref:`present_match <envoy_v3_api_field_config.route.v3.QueryParameterMatcher.present_match>` may be set.
.. _envoy_v3_api_msg_config.route.v3.InternalRedirectPolicy:
config.route.v3.InternalRedirectPolicy
--------------------------------------
:repo:`[config.route.v3.InternalRedirectPolicy proto] <api/envoy/config/route/v3/route_components.proto#L2375>`
HTTP Internal Redirect :ref:`architecture overview <arch_overview_internal_redirects>`.
.. code-block:: json
:force:
{
"max_internal_redirects": {...},
"redirect_response_codes": [],
"predicates": [],
"allow_cross_scheme_redirect": ...,
"response_headers_to_copy": []
}
.. _envoy_v3_api_field_config.route.v3.InternalRedirectPolicy.max_internal_redirects:
max_internal_redirects
(`UInt32Value <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#uint32value>`_) An internal redirect is not handled, unless the number of previous internal redirects that a
downstream request has encountered is lower than this value.
In the case where a downstream request is bounced among multiple routes by internal redirect,
the first route that hits this threshold, or does not set :ref:`internal_redirect_policy
<envoy_v3_api_field_config.route.v3.RouteAction.internal_redirect_policy>`
will pass the redirect back to downstream.
If not specified, at most one redirect will be followed.
.. _envoy_v3_api_field_config.route.v3.InternalRedirectPolicy.redirect_response_codes:
redirect_response_codes
(**repeated** `uint32 <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Defines what upstream response codes are allowed to trigger internal redirect. If unspecified,
only 302 will be treated as internal redirect.
Only 301, 302, 303, 307 and 308 are valid values. Any other codes will be ignored.
.. _envoy_v3_api_field_config.route.v3.InternalRedirectPolicy.predicates:
predicates
(**repeated** :ref:`config.core.v3.TypedExtensionConfig <envoy_v3_api_msg_config.core.v3.TypedExtensionConfig>`) Specifies a list of predicates that are queried when an upstream response is deemed
to trigger an internal redirect by all other criteria. Any predicate in the list can reject
the redirect, causing the response to be proxied to downstream.
.. _extension_category_envoy.internal_redirect_predicates:
.. tip::
This extension category has the following known extensions:
- :ref:`envoy.internal_redirect_predicates.allow_listed_routes <extension_envoy.internal_redirect_predicates.allow_listed_routes>`
- :ref:`envoy.internal_redirect_predicates.previous_routes <extension_envoy.internal_redirect_predicates.previous_routes>`
- :ref:`envoy.internal_redirect_predicates.safe_cross_scheme <extension_envoy.internal_redirect_predicates.safe_cross_scheme>`
.. _envoy_v3_api_field_config.route.v3.InternalRedirectPolicy.allow_cross_scheme_redirect:
allow_cross_scheme_redirect
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Allow internal redirect to follow a target URI with a different scheme than the value of
x-forwarded-proto. The default is false.
.. _envoy_v3_api_field_config.route.v3.InternalRedirectPolicy.response_headers_to_copy:
response_headers_to_copy
(**repeated** `string <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) Specifies a list of headers, by name, to copy from the internal redirect into the subsequent
request. If a header is specified here but not present in the redirect, it will be cleared in
the subsequent request.
.. _envoy_v3_api_msg_config.route.v3.FilterConfig:
config.route.v3.FilterConfig
----------------------------
:repo:`[config.route.v3.FilterConfig proto] <api/envoy/config/route/v3/route_components.proto#L2416>`
A simple wrapper for an HTTP filter config. This is intended to be used as a wrapper for the
map value in
:ref:`VirtualHost.typed_per_filter_config<envoy_v3_api_field_config.route.v3.VirtualHost.typed_per_filter_config>`,
:ref:`Route.typed_per_filter_config<envoy_v3_api_field_config.route.v3.Route.typed_per_filter_config>`,
or :ref:`WeightedCluster.ClusterWeight.typed_per_filter_config<envoy_v3_api_field_config.route.v3.WeightedCluster.ClusterWeight.typed_per_filter_config>`
to add additional flags to the filter.
.. code-block:: json
:force:
{
"config": {...},
"is_optional": ...,
"disabled": ...
}
.. _envoy_v3_api_field_config.route.v3.FilterConfig.config:
config
(`Any <https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#any>`_) The filter config.
.. _envoy_v3_api_field_config.route.v3.FilterConfig.is_optional:
is_optional
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) If true, the filter is optional, meaning that if the client does
not support the specified filter, it may ignore the map entry rather
than rejecting the config.
.. _envoy_v3_api_field_config.route.v3.FilterConfig.disabled:
disabled
(`bool <https://developers.google.com/protocol-buffers/docs/proto#scalar>`_) If true, the filter is disabled in the route or virtual host and the ``config`` field is ignored.
See :ref:`route based filter chain <arch_overview_http_filters_route_based_filter_chain>`
for more details.
.. note::
This field will take effect when the request arrive and filter chain is created for the request.
If initial route is selected for the request and a filter is disabled in the initial route, then
the filter will not be added to the filter chain.
And if the request is mutated later and re-match to another route, the disabled filter by the
initial route will not be added back to the filter chain because the filter chain is already
created and it is too late to change the chain.
This field only make sense for the downstream HTTP filters for now.