出于安全原因考虑,Envoy 将根据请求是内部请求还是外部请求来 “清理” 各种传入的 HTTP 标头。 清理行为取决于标头,并可能会导致添加、删除或更改。最终,一个请求被认定为内部或是外部请求都是由 x-forwarded-for 标头决定(请仔细阅读链接部分,因为 Envoy 填充标头的动作是非常复杂的,并取决于 use_remote_address 设置)。
Envoy 可能会清理以下标头:
- x-envoy-decorator-operation
- x-envoy-downstream-service-cluster
- x-envoy-downstream-service-node
- x-envoy-expected-rq-timeout-ms
- x-envoy-external-address
- x-envoy-force-trace
- x-envoy-internal
- x-envoy-ip-tags
- x-envoy-max-retries
- x-envoy-retry-grpc-on
- x-envoy-retry-on
- x-envoy-upstream-alt-stat-name
- x-envoy-upstream-rq-per-try-timeout-ms
- x-envoy-upstream-rq-timeout-alt-response
- x-envoy-upstream-rq-timeout-ms
- x-forwarded-client-cert
- x-forwarded-for
- x-forwarded-proto
- x-request-id