Skip to content

Configurable setting of last trusted client IP address #2503

New issue
New issue
Closed
Closed
Configurable setting of last trusted client IP address#2503
Assignees
brian-pane
Labels
enhancementFeature requests. Not bugs or questions.
@brian-pane

Description

@brian-pane
brian-pane
opened on Feb 1, 2018

Feature Proposal:

Add a feature that allows Envoy to use the N th external IP address from the end of X-Forwarded-For as the trusted client IP address, where N defaults to 1 (for backward compatibility) but can be set in the Virtual Host configuration.

Motivation:

I have a use case where there may be two trusted proxies with non-RFC1918 addresses in front of Envoy. In that case, the trusted client IP address will be the second external IP address from the end of X-Forwarded-For.

I also anticipate an edge-proxy deployment scenario where nothing in the XFF is trusted.

Notes:

I'm willing to contribute an implementation of this feature.

Metadata

Metadata

Assignees

Labels

enhancementFeature requests. Not bugs or questions.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions