Skip to content
Switch branches/tags
Go to file
Cannot retrieve contributors at this time
syntax = "proto3";
option go_package = "";
import "google/protobuf/duration.proto";
import "google/protobuf/wrappers.proto";
import "extproto/ext.proto";
option (extproto.equal_all) = true;
option (extproto.hash_all) = true;
// Fine tune the settings for connections to an upstream
message ConnectionConfig {
// Maximum requests for a single upstream connection (unspecified or zero = no limit)
uint32 max_requests_per_connection = 1;
// The timeout for new network connections to hosts in the cluster
google.protobuf.Duration connect_timeout = 2;
// If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.
// see more info here:
message TcpKeepAlive{
// Maximum number of keepalive probes to send without response before deciding the connection is dead.
uint32 keepalive_probes = 1;
// The number of seconds a connection needs to be idle before keep-alive probes start being sent. This is rounded up to the second.
google.protobuf.Duration keepalive_time = 2;
// The number of seconds between keep-alive probes. This is rounded up to the second.
google.protobuf.Duration keepalive_interval = 3;
// Configure OS-level tcp keepalive checks
TcpKeepAlive tcp_keepalive = 3;
// Soft limit on size of the cluster’s connections read and write buffers. If unspecified, an implementation defined default is applied (1MiB).
// For more info, see the [envoy docs](
google.protobuf.UInt32Value per_connection_buffer_limit_bytes = 4;
message HttpProtocolOptions {
// The idle timeout for connections. The idle timeout is defined as the
// period in which there are no active requests. When the
// idle timeout is reached the connection will be closed. If the connection is an HTTP/2
// downstream connection a drain sequence will occur prior to closing the connection, see
// :ref:`drain_timeout
// <>`.
// Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive.
// If not specified, this defaults to 1 hour. To disable idle timeouts explicitly set this to 0.
// .. warning::
// Disabling this timeout has a highly likelihood of yielding connection leaks due to lost TCP
// FIN packets, etc.
google.protobuf.Duration idle_timeout = 1;
// Note: max_connection_duration is not included here because it is "not implemented for upstream connections," per Envoy's documentation.
// The maximum number of headers. If unconfigured, the default
// maximum number of request headers allowed is 100. Requests that exceed this limit will receive
// a 431 response for HTTP/1.x and cause a stream reset for HTTP/2.
uint32 max_headers_count = 2;
// Total duration to keep alive an HTTP request/response stream. If the time limit is reached the stream will be
// reset independent of any other timeouts. If not specified, this value is not set.
google.protobuf.Duration max_stream_duration = 3;
// Action to take when Envoy receives client request with header names containing underscore
// characters.
// Underscore character is allowed in header names by the RFC-7230 and this behavior is implemented
// as a security measure due to systems that treat '_' and '-' as interchangeable. Envoy by default allows client request headers with underscore
// characters.
enum HeadersWithUnderscoresAction {
// Allow headers with underscores. This is the default behavior.
ALLOW = 0;
// Reject client request. HTTP/1 requests are rejected with the 400 status. HTTP/2 requests
// end with the stream reset. The "httpN.requests_rejected_with_underscores_in_headers" counter
// is incremented for each rejected request.
// Drop the header with name containing underscores. The header is dropped before the filter chain is
// invoked and as such filters will not see dropped headers. The
// "httpN.dropped_headers_with_underscores" is incremented for each dropped header.
// Action to take when a client request with a header name containing underscore characters is received.
// If this setting is not specified, the value defaults to ALLOW.
// Note: upstream responses are not affected by this setting.
HeadersWithUnderscoresAction headers_with_underscores_action = 4;
// Additional options when handling HTTP requests upstream. These options will be applicable to
// both HTTP1 and HTTP2 requests.
HttpProtocolOptions common_http_protocol_options = 5;