Comments (3)
from envoy.
because there may be proxies in front of Envoy and they communicate end user IP via x-forwarded-for. Envoy treats x-forwarded for as an untrusted header: a correctly configured edge proxy won't for example treat a request which claims to be from a trusted IP in an untrusted x-forwarded-for header as a trusted request. oauth code should do the same
from envoy.
Well, if Envoy is configured as Edge, it shouldn't have any proxy in front of it right ?
I'm not sure to understand why Envoy is accepting this header if it's not trusted, it's forwarding internally an untrusted value ?
Internal apps rely on X-Forwarded-X headers because it's standard and they are supposed to be trusty if your edge proxy forge it (and do not trust incoming headers), having to use extra app-specific header is a pain.
from envoy.
Related Issues (20)
- Envoy 1.30.0 docker image is not working. It is crashing while creating container HOT 6
- QuicHttpIntegrationTests/QuicHttpIntegrationTest.Http3ClientKeepalive is flaky
- IpVersions/TcpListenerImplTest.EachQueuedConnectionShouldQueryTheLoadShedPoint is flaky
- tls: add histogram measuring ssl negotiation latency HOT 1
- connections are not uniformly spread across the workers HOT 4
- Question: How can we defer bootstrap extension to be run after envoy server completely starts? HOT 5
- Newer release available `com_google_protobuf`: v26.1 (current: v24.4) HOT 1
- Question/documentation: GRPC-JSON transcoder and grpc ext_authz filter (envoy control plane ext_authz ) integration HOT 6
- Newer release available `aspect_bazel_lib`: v2.7.1 (current: v2.7.0)
- Failed to load MI Debugger HOT 11
- My Envoy gateway tcp proxy max connections too low,what's the problem? HOT 4
- Envoy filter to intercept and inspect gRPC messages HOT 3
- Cold-start Admission Control filter rejects before receiving the entire sliding window of samples. HOT 9
- Newer release available `com_github_wasmtime`: v20.0.0 (current: v9.0.3)
- Newer release available `io_opentelemetry_cpp`: v1.15.0 (current: v1.14.2)
- Envoy windows build for v1.30.1 not working using Windows 2019 Envoy image HOT 2
- Envoy::Json::Streamer needs support for boolean types
- Why add user home in devcontainer HOT 4
- [Questions] Why envoy access log not support size limit & rotation ? And is there any good practice for this access log & envoy binary debug log ? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from envoy.