Configurable setting of last trusted client IP address #2503
Assignees
Labels
enhancement
Feature requests. Not bugs or questions.
Comments
|
Sounds reasonable to me! |
Shikugawa
pushed a commit
to Shikugawa/envoy
that referenced
this issue
Mar 28, 2020
* basic TLS test Signed-off-by: Kuat Yessenov <[email protected]> * basic TLS test Signed-off-by: Kuat Yessenov <[email protected]> * fix a unit test Signed-off-by: Kuat Yessenov <[email protected]> * add mTLS certs Signed-off-by: Kuat Yessenov <[email protected]> * add principals Signed-off-by: Kuat Yessenov <[email protected]>
jpsim
pushed a commit
that referenced
this issue
Nov 28, 2022
Description: Update the implementation of `Java_io_envoyproxy_envoymobile_engine_AndroidJniLibrary_initialize` so that it takes a `class_loader` argument which was introduced in envoyproxy/envoy-mobile#2483. It turns out that this method is implemented in two separate places - `android_jni_interface.cc` and and `android_test_jni_interface.cc` files - and my previous PR updated only the former. This is needed to make `find_class` method work in tests as tests depend on the implementation from `android_test_jni_interface.cc` file. Risk Level: None, additive change for test targets only. Testing: None, a follow up tests that depend on `find_class` method are being worked on. Docs Changes: N/A Release Notes: N/A Signed-off-by: Rafal Augustyniak <[email protected]> Signed-off-by: JP Simard <[email protected]>
jpsim
pushed a commit
that referenced
this issue
Nov 29, 2022
Description: Update the implementation of `Java_io_envoyproxy_envoymobile_engine_AndroidJniLibrary_initialize` so that it takes a `class_loader` argument which was introduced in envoyproxy/envoy-mobile#2483. It turns out that this method is implemented in two separate places - `android_jni_interface.cc` and and `android_test_jni_interface.cc` files - and my previous PR updated only the former. This is needed to make `find_class` method work in tests as tests depend on the implementation from `android_test_jni_interface.cc` file. Risk Level: None, additive change for test targets only. Testing: None, a follow up tests that depend on `find_class` method are being worked on. Docs Changes: N/A Release Notes: N/A Signed-off-by: Rafal Augustyniak <[email protected]> Signed-off-by: JP Simard <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature Proposal:
Add a feature that allows Envoy to use the N th external IP address from the end of X-Forwarded-For as the trusted client IP address, where N defaults to 1 (for backward compatibility) but can be set in the Virtual Host configuration.
Motivation:
I have a use case where there may be two trusted proxies with non-RFC1918 addresses in front of Envoy. In that case, the trusted client IP address will be the second external IP address from the end of X-Forwarded-For.
I also anticipate an edge-proxy deployment scenario where nothing in the XFF is trusted.
Notes:
I'm willing to contribute an implementation of this feature.
The text was updated successfully, but these errors were encountered: