Comments (11)
Are you saying that sidecar Envoy strips XFF? It seems that sidecar operates in the transparent mode, meaning the header is preserved https://lyft.github.io/envoy/docs/configuration/http_conn_man/headers.html#id9
from old_issues_repo.
from old_issues_repo.
from old_issues_repo.
The problem occurs on gke since google is setting the client ip in a X-Forwarded-For header which then needs to be passed down. For now I have an nginx container before istio that does ssl-termination and passes the XFF headers to istio, but the istio proxy is filtering them out before the request ends up in the server. I wasn't able to get istio go pick up the XFF headers on it's own. Maybe there's a config that needs to tweaked?
from old_issues_repo.
btw, is it an acceptable solution to set a container before istio, or are you meant to terminate inside istio? I'm running istio-auth
from old_issues_repo.
from old_issues_repo.
Yes I would like to have the XFF headers inside the application. How do you fix that?
from old_issues_repo.
from old_issues_repo.
Tested without any difference. The istio proxy seems to be working in "isolated mode" and will not trust any of the external XFF headers. Will you be able to flip the "use_remote_address" flag in an upcoming release?
from old_issues_repo.
@christopherL91 does 0.1.6 work for you now ?
from old_issues_repo.
closing assuming this is solved, please reopen if not
from old_issues_repo.
Related Issues (20)
- [BUG] Bookinfo tracing broken HOT 2
- BUG: Mirroring not working in Istio 0.8.0? HOT 2
- Istio 0.8.0 exposes Jaeger tracing page to the external world
- When multiple gateways are defined, only the first one is being used. HOT 5
- kubernetesenv adapter clusterDomain check HOT 1
- Istio sidecar-injector not ready after deploying istio release-0.8
- External services connectivity problem HOT 5
- How get client external ip to extrapolate geolocation HOT 2
- Deploying with rbac disabled causes pilot to never deploy HOT 1
- .0.8 latest can't pull the docker image HOT 21
- make tracing endpoint configuration straightforward HOT 2
- Traffic Management: ALL https requests work (even without a ServiceEntry) HOT 7
- High latency at scale HOT 1
- istio-pilot pod restart 60 times in nine days HOT 1
- Service Entry Not Working HOT 9
- Requests hang in fresh helm install on k8s v1.10.2-gke.3 HOT 5
- EgressRule not working for AMQP (RabbitMQ) HOT 4
- Unable to access the grafana dashboard. HOT 2
- Error: customresourcedefinitions.apiextensions.k8s.io "gateways.networking.istio.io" already exists HOT 1
- istio circuit breaker doesn't work HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from old_issues_repo.