Comments (3)
adisuissa
commented on June 16, 2024
from envoy.
alyssawilk
commented on June 16, 2024
because there may be proxies in front of Envoy and they communicate end user IP via x-forwarded-for. Envoy treats x-forwarded for as an untrusted header: a correctly configured edge proxy won't for example treat a request which claims to be from a trusted IP in an untrusted x-forwarded-for header as a trusted request. oauth code should do the same
from envoy.
Kiblyn11
commented on June 16, 2024
Well, if Envoy is configured as Edge, it shouldn't have any proxy in front of it right ?
I'm not sure to understand why Envoy is accepting this header if it's not trusted, it's forwarding internally an untrusted value ?
Internal apps rely on X-Forwarded-X headers because it's standard and they are supposed to be trusty if your edge proxy forge it (and do not trust incoming headers), having to use extra app-specific header is a pain.
from envoy.
Related Issues (20)
- Envoy 1.30.0 docker image is not working. It is crashing while creating container HOT 6
- QuicHttpIntegrationTests/QuicHttpIntegrationTest.Http3ClientKeepalive is flaky
- IpVersions/TcpListenerImplTest.EachQueuedConnectionShouldQueryTheLoadShedPoint is flaky
- tls: add histogram measuring ssl negotiation latency HOT 1
- connections are not uniformly spread across the workers HOT 4
- Question: How can we defer bootstrap extension to be run after envoy server completely starts? HOT 5
- Newer release available `com_google_protobuf`: v26.1 (current: v24.4) HOT 1
- Question/documentation: GRPC-JSON transcoder and grpc ext_authz filter (envoy control plane ext_authz ) integration HOT 6
- Newer release available `aspect_bazel_lib`: v2.7.1 (current: v2.7.0)
- Failed to load MI Debugger HOT 11
- My Envoy gateway tcp proxy max connections too low,what's the problem? HOT 4
- Envoy filter to intercept and inspect gRPC messages HOT 3
- Cold-start Admission Control filter rejects before receiving the entire sliding window of samples. HOT 9
- Newer release available `com_github_wasmtime`: v20.0.0 (current: v9.0.3)
- Newer release available `io_opentelemetry_cpp`: v1.15.0 (current: v1.14.2)
- Envoy windows build for v1.30.1 not working using Windows 2019 Envoy image HOT 2
- Envoy::Json::Streamer needs support for boolean types
- Why add user home in devcontainer HOT 4
- [Questions] Why envoy access log not support size limit & rotation ? And is there any good practice for this access log & envoy binary debug log ? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from envoy.