enable configuration of the number of trusted addresses in XFF

envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto

@@ -160,6 +160,15 @@ message HttpConnectionManager {
   // :ref:`config_http_conn_man_headers_x-envoy-external-address` for more information.
   google.protobuf.BoolValue use_remote_address = 14;
 
+  // [#not-implemented-hide:]
+  // The number of additional ingress proxy hops from the right side of the
+  // :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header to trust when
+  // determining the origin client's IP address. The default is zero if this option
+  // is not specified. See the documentation for
+  // :ref:`config_http_conn_man_headers_x-forwarded-for` for more information.
+  uint32 xff_num_trusted_hops = 19;
+
+  // of the client connection as the origin client address if *use_remote_address* is true
   // Whether the connection manager will generate the :ref:`x-request-id
   // <config_http_conn_man_headers_x-request-id>` header if it does not exist. This defaults to
   // true. Generating a random UUID4 is expensive so in high throughput scenarios where this feature