Inheaders

This filter sets up HTTP request headers on all incoming traffic for purposes of security and audits throughout the mesh. Set headers are outlined in the table below.

The inheaders filter is primarily intended to be used on Edge nodes or other request origination points in the mesh (such as egress listeners for east-west traffic). These points require header setup and normalization before propagating the requests to other Sidecars. Turning this filter on at other points may result in extra latency and unintended behavior, and is thus discouraged.

*Only for Use with SSL/TLS

The inheaders filter must only be configured on SSL enabled listeners. If non-SSL listeners have this filter, it will always return errors as there are no SSL certificates to parse.

Header Key	Description
USER_DN	Certificate's DN value (if user_dn header exists in the incoming request, this filter will not alter the header value)
SSL_CLIENT_S_DN	Certificate's DN value
EXTERNAL_SYS_DN	Certificate's DN value (only if the incoming request has user_dn header set)
X-REAL-IP	The remote address of the incoming request
X-FORWARDED-FOR	The remote address of the incoming request (if the incoming request has x-forwarded-for set, the remote address gets appended - comma separated)

Filter Configuration Options

Name	Type	Default	Description
debug	Boolean	false	Turn on debug logging

Example

http_filters:
- name: gm.inheaders
  config: { debug: false }