Access log specifier %DOWNSTREAM_DIRECT_REMOTE_ADDRESS% does not work as documented with proxy-protocol #10328
Description
Description:
Access log specifier %DOWNSTREAM_DIRECT_REMOTE_ADDRESS% is documented as This is always the physical remote address of the peer even if the downstream remote address has been inferred from proxy proto or x-forwarded-for.
Repro steps:
Run against attached config:
printf "PROXY TCP4 1.2.3.4 2.3.4.5 12345 23456\r\nGET / HTTP/1.1\r\nHost: foo.com\r\n\r\n" | nc -q 1 localhost 8080
Config:
listeners:
- address:
socket_address:
address: 0.0.0.0
port_value: 8080
listener_filters:
- name: 'envoy.filters.listener.proxy_protocol'
filter_chains:
- filters:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
access_log:
- name: envoy.file_access_log
config:
path: "http_access.log"
format: "[%START_TIME%] direct=%DOWNSTREAM_DIRECT_REMOTE_ADDRESS% regular=%DOWNSTREAM_REMOTE_ADDRESS%\n"
route_config:
name: local_route
virtual_hosts:
- name: service
domains:
- "*"
routes:
- match:
prefix: "/"
direct_response:
status: 200
body:
inline_string: "All is well.\n"
http_filters:
- name: envoy.router
clusters:
admin:
access_log_path: "/dev/null"
address:
socket_address:
address: 0.0.0.0
port_value: 8081
node:
id: the_id
cluster: the_cluster
Logs:
[2020-03-11T02:24:02.644Z] direct=1.2.3.4:12345 regular=1.2.3.4:12345