syntax = "proto3"; package envoy.config.common.mutation_rules.v3; import "envoy/type/matcher/v3/regex.proto"; import "google/protobuf/wrappers.proto"; import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.config.common.mutation_rules.v3"; option java_outer_classname = "MutationRulesProto"; option java_multiple_files = true; option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/common/mutation_rules/v3;mutation_rulesv3"; option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Header mutation rules] // The HeaderMutationRules structure specifies what headers may be // manipulated by a processing filter. This set of rules makes it // possible to control which modifications a filter may make. // // By default, an external processing server may add, modify, or remove // any header except for an "Envoy internal" header (which is typically // denoted by an x-envoy prefix) or specific headers that may affect // further filter processing: // // * ``host`` // * ``:authority`` // * ``:scheme`` // * ``:method`` // // Every attempt to add, change, append, or remove a header will be // tested against the rules here. Disallowed header mutations will be // ignored unless ``disallow_is_error`` is set to true. // // Attempts to remove headers are further constrained -- regardless of the // settings, system-defined headers (that start with ``:``) and the ``host`` // header may never be removed. // // In addition, a counter will be incremented whenever a mutation is // rejected. In the ext_proc filter, that counter is named // ``rejected_header_mutations``. // [#next-free-field: 8] message HeaderMutationRules { // By default, certain headers that could affect processing of subsequent // filters or request routing cannot be modified. These headers are // ``host``, ``:authority``, ``:scheme``, and ``:method``. Setting this parameter // to true allows these headers to be modified as well. google.protobuf.BoolValue allow_all_routing = 1; // If true, allow modification of envoy internal headers. By default, these // start with ``x-envoy`` but this may be overridden in the ``Bootstrap`` // configuration using the // :ref:`header_prefix ` // field. Default is false. google.protobuf.BoolValue allow_envoy = 2; // If true, prevent modification of any system header, defined as a header // that starts with a ``:`` character, regardless of any other settings. // A processing server may still override the ``:status`` of an HTTP response // using an ``ImmediateResponse`` message. Default is false. google.protobuf.BoolValue disallow_system = 3; // If true, prevent modifications of all header values, regardless of any // other settings. A processing server may still override the ``:status`` // of an HTTP response using an ``ImmediateResponse`` message. Default is false. google.protobuf.BoolValue disallow_all = 4; // If set, specifically allow any header that matches this regular // expression. This overrides all other settings except for // ``disallow_expression``. type.matcher.v3.RegexMatcher allow_expression = 5; // If set, specifically disallow any header that matches this regular // expression regardless of any other settings. type.matcher.v3.RegexMatcher disallow_expression = 6; // If true, and if the rules in this list cause a header mutation to be // disallowed, then the filter using this configuration will terminate the // request with a 500 error. In addition, regardless of the setting of this // parameter, any attempt to set, add, or modify a disallowed header will // cause the ``rejected_header_mutations`` counter to be incremented. // Default is false. google.protobuf.BoolValue disallow_is_error = 7; }