Remove upstream headers in envoy proxy after external authentication The 2019 Stack Overflow Developer Survey Results Are In Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) The Ask Question Wizard is Live! Data science time! April 2019 and salary with experienceNGINX - Session management with NGINX as API GatewayDoes Envoy support TCP proxy?Minikube with Istio Service Unavailable (http status 503) Node.js connecting to EtcdUsing docker container as a proxyDoes Envoy support affinity based on custom HTTP header?How to add envoy proxy to a deploymentIstio Envoy Proxy forwarding client certificate infoIs there a way to configure Istio to route traffic to a POD which is in the terminating state?Circuit Breaker envoy proxyIstio OAuth2 with Keycloak
How to determine omitted units in a publication
Would an alien lifeform be able to achieve space travel if lacking in vision?
How do you keep chess fun when your opponent constantly beats you?
What aspect of planet earth must be changed to prevent the industrial revolution?
Is an up-to-date browser secure on an out-of-date OS?
How to politely respond to generic emails requesting a PhD/job in my lab? Without wasting too much time
What was the last x86 CPU that did not have the x87 floating-point unit built in?
Why are PDP-7-style microprogrammed instructions out of vogue?
Drawing vertical/oblique lines in Metrical tree (tikz-qtree, tipa)
Variable with quotation marks "$()"
Single author papers against my advisor's will?
One-dimensional Japanese puzzle
How to make Illustrator type tool selection automatically adapt with text length
Why can't wing-mounted spoilers be used to steepen approaches?
How did passengers keep warm on sail ships?
Why are Marketing Cloud timestamps not stored in the same timezone as Sales Cloud?
60's-70's movie: home appliances revolting against the owners
What can I do if neighbor is blocking my solar panels intentionally?
Circular reasoning in L'Hopital's rule
Word to describe a time interval
Can the Right Ascension and Argument of Perigee of a spacecraft's orbit keep varying by themselves with time?
How to support a colleague who finds meetings extremely tiring?
Am I ethically obligated to go into work on an off day if the reason is sudden?
TDS update packages don't remove unneeded items
Remove upstream headers in envoy proxy after external authentication
The 2019 Stack Overflow Developer Survey Results Are In
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
The Ask Question Wizard is Live!
Data science time! April 2019 and salary with experienceNGINX - Session management with NGINX as API GatewayDoes Envoy support TCP proxy?Minikube with Istio Service Unavailable (http status 503) Node.js connecting to EtcdUsing docker container as a proxyDoes Envoy support affinity based on custom HTTP header?How to add envoy proxy to a deploymentIstio Envoy Proxy forwarding client certificate infoIs there a way to configure Istio to route traffic to a POD which is in the terminating state?Circuit Breaker envoy proxyIstio OAuth2 with Keycloak
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
Are there any way to remove a header going upstream after the external authentication with the envoy proxy. We planned to migrate to envoy proxy for our internal api gateway, but this is a blocker now.
For eg: The external authentication service get the request and process the authentication header, in case the validation fails, it throws the 401. But if succeded, I want to prevent the auth headers going upstream.
As per the documentation Ext Auth
A successful check allows the authorization service adding or overriding headers from the original request before dispatching it to the upstream. This is done by configuring which headers in the authorization response should be sent to the upstream. See allowed_authorization_headers below.
There is no mention whether I can completely remove the header going upstream.
I have the option to override the headers, but that is causing header conflict at the upstream servers. So which is not a possible solution?
Anyone have any idea on this, how can I achieve this?
kubernetes reverse-proxy 
envoyproxy asked Mar 22 at 5:29
YsakYsak
7001335
add a comment |
Are there any way to remove a header going upstream after the external authentication with the envoy proxy. We planned to migrate to envoy proxy for our internal api gateway, but this is a blocker now.
For eg: The external authentication service get the request and process the authentication header, in case the validation fails, it throws the 401. But if succeded, I want to prevent the auth headers going upstream.
As per the documentation Ext Auth
A successful check allows the authorization service adding or overriding headers from the original request before dispatching it to the upstream. This is done by configuring which headers in the authorization response should be sent to the upstream. See allowed_authorization_headers below.
There is no mention whether I can completely remove the header going upstream.
I have the option to override the headers, but that is causing header conflict at the upstream servers. So which is not a possible solution?
Anyone have any idea on this, how can I achieve this?
kubernetes reverse-proxy envoyproxy asked Mar 22 at 5:29
YsakYsak
7001335
add a comment |
Are there any way to remove a header going upstream after the external authentication with the envoy proxy. We planned to migrate to envoy proxy for our internal api gateway, but this is a blocker now.
For eg: The external authentication service get the request and process the authentication header, in case the validation fails, it throws the 401. But if succeded, I want to prevent the auth headers going upstream.
As per the documentation Ext Auth
A successful check allows the authorization service adding or overriding headers from the original request before dispatching it to the upstream. This is done by configuring which headers in the authorization response should be sent to the upstream. See allowed_authorization_headers below.
There is no mention whether I can completely remove the header going upstream.
I have the option to override the headers, but that is causing header conflict at the upstream servers. So which is not a possible solution?
Anyone have any idea on this, how can I achieve this?
kubernetes reverse-proxy envoyproxy asked Mar 22 at 5:29
YsakYsak
7001335
Are there any way to remove a header going upstream after the external authentication with the envoy proxy. We planned to migrate to envoy proxy for our internal api gateway, but this is a blocker now.
For eg: The external authentication service get the request and process the authentication header, in case the validation fails, it throws the 401. But if succeded, I want to prevent the auth headers going upstream.
As per the documentation Ext Auth
A successful check allows the authorization service adding or overriding headers from the original request before dispatching it to the upstream. This is done by configuring which headers in the authorization response should be sent to the upstream. See allowed_authorization_headers below.
There is no mention whether I can completely remove the header going upstream.
I have the option to override the headers, but that is causing header conflict at the upstream servers. So which is not a possible solution?
Anyone have any idea on this, how can I achieve this?
kubernetes reverse-proxy envoyproxy kubernetes reverse-proxy envoyproxy asked Mar 22 at 5:29
YsakYsak
7001335
asked Mar 22 at 5:29
YsakYsak
7001335
asked Mar 22 at 5:29
YsakYsak
7001335
asked Mar 22 at 5:29
YsakYsak
7001335
asked Mar 22 at 5:29
YsakYsak
7001335
7001335
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55293406%2fremove-upstream-headers-in-envoy-proxy-after-external-authentication%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55293406%2fremove-upstream-headers-in-envoy-proxy-after-external-authentication%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
