Inheaders

This filter sets up HTTP request headers on all incoming traffic for purposes of security and audits throughout the mesh. Set headers are outlined in the table below.

The inheaders filter is primarily intended to be used on Edge nodes or other request origination points in the mesh (such as egress listeners for east-west traffic). These points require header setup and normalization before propagating the requests to other Sidecars. Turning this filter on at other points may result in extra latency and unintended behavior, and is thus discouraged.

*Only for Use with SSL/TLS

The inheaders filter must only be configured on SSL enabled . If non-SSL listeners have this filter, it will always return errors as there are no SSL certificates to parse.

Header Key

Description

USER_DN

Certificate's DN value (if user_dn header exists in the incoming request, this filter will not alter the header value)

SSL_CLIENT_S_DN

Certificate's DN value

EXTERNAL_SYS_DN

Certificate's DN value (only if the incoming request has user_dn header set)

X-REAL-IP

The remote address of the incoming request

X-FORWARDED-FOR

The remote address of the incoming request (if the incoming request has x-forwarded-for set, the remote address gets appended - comma separated)

Filter Configuration Options

Name

Type

Default

Description

debug

Boolean

false

Turn on debug logging

Example

http_filters:
- name: gm.inheaders
  config: { debug: false }

PreviousImpersonation NextJWT Security

Last updated 4 years ago

Was this helpful?