-
Notifications
You must be signed in to change notification settings - Fork 4.7k
/
geoip.proto
90 lines (71 loc) · 4.63 KB
/
geoip.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
syntax = "proto3";
package envoy.extensions.filters.http.geoip.v3;
import "envoy/config/core/v3/extension.proto";
import "xds/annotations/v3/status.proto";
import "udpa/annotations/status.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.extensions.filters.http.geoip.v3";
option java_outer_classname = "GeoipProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/geoip/v3;geoipv3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
option (xds.annotations.v3.file_status).work_in_progress = true;
// [#protodoc-title: Geoip]
// Geoip :ref:`configuration overview <config_http_filters_geoip>`.
// [#extension: envoy.filters.http.geoip]
message Geoip {
// The set of geolocation headers to add to request. If any of the configured headers is present
// in the incoming request, it will be overridden by Geoip filter.
// [#next-free-field: 10]
message GeolocationHeadersToAdd {
// If set, the header will be used to populate the country ISO code associated with the IP address.
string country = 1
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
// If set, the header will be used to populate the city associated with the IP address.
string city = 2
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
// If set, the header will be used to populate the region ISO code associated with the IP address.
string region = 3
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
// If set, the header will be used to populate the ASN associated with the IP address.
string asn = 4
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
// If set, the IP address will be checked if it belongs to any type of anonymization network (e.g. VPN, public proxy etc)
// and header will be populated with the check result. Header value will be set to either "true" or "false" depending on the check result.
string is_anon = 5
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
// If set, the IP address will be checked if it belongs to a VPN and header will be populated with the check result.
// Header value will be set to either "true" or "false" depending on the check result.
string anon_vpn = 6
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
// If set, the IP address will be checked if it belongs to a hosting provider and header will be populated with the check result.
// Header value will be set to either "true" or "false" depending on the check result.
string anon_hosting = 7
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
// If set, the IP address will be checked if it belongs to a TOR exit node and header will be populated with the check result.
// Header value will be set to either "true" or "false" depending on the check result.
string anon_tor = 8
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
// If set, the IP address will be checked if it belongs to a public proxy and header will be populated with the check result.
// Header value will be set to either "true" or "false" depending on the check result.
string anon_proxy = 9
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
}
message XffConfig {
// The number of additional ingress proxy hops from the right side of the
// :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header to trust when
// determining the origin client's IP address. The default is zero if this option
// is not specified. See the documentation for
// :ref:`config_http_conn_man_headers_x-forwarded-for` for more information.
uint32 xff_num_trusted_hops = 1;
}
// If set, the :ref:`xff_num_trusted_hops <envoy_v3_api_field_extensions.filters.http.geoip.v3.Geoip.XffConfig.xff_num_trusted_hops>` field will be used to determine
// trusted client address from `x-forwarded-for` header.
// Otherwise, the immediate downstream connection source address will be used.
// [#next-free-field: 2]
XffConfig xff_config = 1;
// Configuration for geolocation headers to add to request.
GeolocationHeadersToAdd geo_headers_to_add = 2 [(validate.rules).message = {required: true}];
// Geolocation provider specific configuration.
config.core.v3.TypedExtensionConfig provider = 3 [(validate.rules).message = {required: true}];
}