-
Notifications
You must be signed in to change notification settings - Fork 328
-
Notifications
You must be signed in to change notification settings - Fork 328
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for disabling xff header append #4233
Labels
Comments
is this because the upstream is expecting a single value in XFF or unable to parse the XFF ? |
upstream doesn't want trusted values in XFF, basically the values which are of our infra, @arkodg. Upstreams can parse, but the logic that right most has to be ignored has to be added in all upstreams. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
EG by default sets use-remote-address to
true
currently atgateway/internal/xds/translator/listener.go
Line 242 in 14f687f
while in envoy this is
false
by default. My understanding is that as eg is supposed to be the first L7 layer for downstream traffic, hence this has been set totrue
.However in our use case eg is not the first L7 layer, rather its aws ALB due to which ALB private ip gets appended to xff header which we don't want. Hence we want this to be
false
or an option to setskip_xff_append
totrue
. So it would be nice to have an api to set above two fields.For anyone else facing the same issue for now you can use below
jsonPatch
inEnvoyPatchPolicy
:The text was updated successfully, but these errors were encountered: