Comments (6)
from envoy.
because there may be proxies in front of Envoy and they communicate end user IP via x-forwarded-for. Envoy treats x-forwarded for as an untrusted header: a correctly configured edge proxy won't for example treat a request which claims to be from a trusted IP in an untrusted x-forwarded-for header as a trusted request. oauth code should do the same
from envoy.
Well, if Envoy is configured as Edge, it shouldn't have any proxy in front of it right ?
I'm not sure to understand why Envoy is accepting this header if it's not trusted, it's forwarding internally an untrusted value ?
Internal apps rely on X-Forwarded-X headers because it's standard and they are supposed to be trusty if your edge proxy forge it (and do not trust incoming headers), having to use extra app-specific header is a pain.
from envoy.
the internet is filled with HTTP proxies. the x-forwarded header is a internet standard way of those proxies informing the next hop that they terminated TCP and what the original client IP is.
from envoy.
This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.
from envoy.
This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.
from envoy.
Related Issues (20)
- Does envoy supports configuring upstream application layer protocol? HOT 1
- Clean up Stats header import of MemoryTest
- Newer release available `aspect_bazel_lib`: v2.7.8 (current: v2.7.7)
- Newer release available `com_github_bufbuild_buf`: v1.34.0 (current: v1.32.2)
- Newer release available `com_github_datadog_dd_trace_cpp`: v0.2.2 (current: v0.2.1)
- Newer release available `io_opentelemetry_cpp`: v1.16.0 (current: v1.14.2)
- Could you add some examples about outlier_detection in the examples directory?
- List of matchers for route HOT 2
- API Key auth HOT 1
- Callback for request cancelled from client HOT 2
- Exposing Wasm VM state in a health check endpoint
- Envoy HTTP Local rate Limit Inconsistent Token available with load HOT 6
- Graceful shutdown with HTTP2 CONNECT HOT 4
- VHost metadata in logs and attributes HOT 1
- Support matching route metadata in the HTTP RBAC filter HOT 1
- Does RequestMirrorPolicy support xDS? HOT 1
- Newer release available `com_google_protobuf`: v27.2 (current: v25.3)
- [overload] Fix extension name of Downstream connections monitor
- observability_mode is not working on ext_proc filter HOT 8
- HTTP1.1 unsupported protocal HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from envoy.