Navigation :

hcm.proto

Package: `hcm.options.gloo.solo.io`

Types:

HttpConnectionManagerSettings
SetCurrentClientCertDetails
ForwardClientCertDetails
ServerHeaderTransformation
PathWithEscapedSlashesAction

Source File: github.com/solo-io/gloo/projects/gloo/api/v1/options/hcm/hcm.proto

HttpConnectionManagerSettings

Contains various settings for Envoy’s http connection manager. See here for more information: https://www.envoyproxy.io/docs/envoy/v1.9.0/configuration/http_conn_man/http_conn_man

"skipXffAppend": bool
"via": string
"xffNumTrustedHops": int
"useRemoteAddress": .google.protobuf.BoolValue
"generateRequestId": .google.protobuf.BoolValue
"proxy100Continue": bool
"streamIdleTimeout": .google.protobuf.Duration
"idleTimeout": .google.protobuf.Duration
"maxRequestHeadersKb": .google.protobuf.UInt32Value
"requestTimeout": .google.protobuf.Duration
"drainTimeout": .google.protobuf.Duration
"delayedCloseTimeout": .google.protobuf.Duration
"serverName": string
"acceptHttp10": bool
"defaultHostForHttp10": string
"properCaseHeaderKeyFormat": bool
"tracing": .tracing.options.gloo.solo.io.ListenerTracingSettings
"forwardClientCertDetails": .hcm.options.gloo.solo.io.HttpConnectionManagerSettings.ForwardClientCertDetails
"setCurrentClientCertDetails": .hcm.options.gloo.solo.io.HttpConnectionManagerSettings.SetCurrentClientCertDetails
"preserveExternalRequestId": bool
"upgrades": []protocol_upgrade.options.gloo.solo.io.ProtocolUpgradeConfig
"maxConnectionDuration": .google.protobuf.Duration
"maxStreamDuration": .google.protobuf.Duration
"serverHeaderTransformation": .hcm.options.gloo.solo.io.HttpConnectionManagerSettings.ServerHeaderTransformation
"pathWithEscapedSlashesAction": .hcm.options.gloo.solo.io.HttpConnectionManagerSettings.PathWithEscapedSlashesAction

Field	Type	Description
`skipXffAppend`	`bool`
`via`	`string`
`xffNumTrustedHops`	`int`
`useRemoteAddress`	.google.protobuf.BoolValue
`generateRequestId`	.google.protobuf.BoolValue
`proxy100Continue`	`bool`
`streamIdleTimeout`	.google.protobuf.Duration
`idleTimeout`	.google.protobuf.Duration
`maxRequestHeadersKb`	.google.protobuf.UInt32Value
`requestTimeout`	.google.protobuf.Duration
`drainTimeout`	.google.protobuf.Duration
`delayedCloseTimeout`	.google.protobuf.Duration
`serverName`	`string`
`acceptHttp10`	`bool`	For explanation of these settings see: https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/core/protocol.proto#envoy-api-msg-core-http1protocoloptions.
`defaultHostForHttp10`	`string`
`properCaseHeaderKeyFormat`	`bool`
`tracing`	.tracing.options.gloo.solo.io.ListenerTracingSettings
`forwardClientCertDetails`	.hcm.options.gloo.solo.io.HttpConnectionManagerSettings.ForwardClientCertDetails
`setCurrentClientCertDetails`	.hcm.options.gloo.solo.io.HttpConnectionManagerSettings.SetCurrentClientCertDetails
`preserveExternalRequestId`	`bool`
`upgrades`	[]protocol_upgrade.options.gloo.solo.io.ProtocolUpgradeConfig	HttpConnectionManager configuration for protocol upgrade requests. Note: WebSocket upgrades are enabled by default on the HTTP Connection Manager and must be explicitly disabled.
`maxConnectionDuration`	.google.protobuf.Duration	For an explanation of these settings see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#config-core-v3-httpprotocoloptions.
`maxStreamDuration`	.google.protobuf.Duration
`serverHeaderTransformation`	.hcm.options.gloo.solo.io.HttpConnectionManagerSettings.ServerHeaderTransformation	For an explanation of the settings see: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto.html#envoy-v3-api-enum-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-serverheadertransformation.
`pathWithEscapedSlashesAction`	.hcm.options.gloo.solo.io.HttpConnectionManagerSettings.PathWithEscapedSlashesAction	Action to take when request URL path contains escaped slash sequences (%2F, %2f, %5C and %5c). The default value can be overridden by the :ref:`http_connection_manager.path_with_escaped_slashes_action<config_http_conn_man_runtime_path_with_escaped_slashes_action>` runtime variable. The :ref:`http_connection_manager.path_with_escaped_slashes_action_sampling<config_http_conn_man_runtime_path_with_escaped_slashes_action_enabled>` runtime variable can be used to apply the action to a portion of all requests.

SetCurrentClientCertDetails

"subject": .google.protobuf.BoolValue
"cert": bool
"chain": bool
"dns": bool
"uri": bool

Field	Type	Description
`subject`	.google.protobuf.BoolValue
`cert`	`bool`
`chain`	`bool`
`dns`	`bool`
`uri`	`bool`

ForwardClientCertDetails

Name	Description
`SANITIZE`
`FORWARD_ONLY`
`APPEND_FORWARD`
`SANITIZE_SET`
`ALWAYS_FORWARD_ONLY`

ServerHeaderTransformation

Name	Description
`OVERWRITE`	(DEFAULT) Overwrite any Server header with the contents of server_name.
`APPEND_IF_ABSENT`	If no Server header is present, append Server server_name If a Server header is present, pass it through.
`PASS_THROUGH`	Pass through the value of the server header, and do not append a header if none is present.

PathWithEscapedSlashesAction

Determines the action for request that contain %2F, %2f, %5C or %5c sequences in the URI path. This operation occurs before URL normalization and the merge slashes transformations if they were enabled.

Name	Description
`IMPLEMENTATION_SPECIFIC_DEFAULT`	Default behavior specific to implementation (i.e. Envoy) of this configuration option. Envoy, by default, takes the KEEP_UNCHANGED action. NOTE: the implementation may change the default behavior at-will.
`KEEP_UNCHANGED`	Keep escaped slashes.
`REJECT_REQUEST`	Reject client request with the 400 status. gRPC requests will be rejected with the INTERNAL (13) error code. The “httpN.downstream_rq_failed_path_normalization” counter is incremented for each rejected request.
`UNESCAPE_AND_REDIRECT`	Unescape %2F and %5C sequences and redirect request to the new path if these sequences were present. Redirect occurs after path normalization and merge slashes transformations if they were configured. NOTE: gRPC requests will be rejected with the INTERNAL (13) error code. This option minimizes possibility of path confusion exploits by forcing request with unescaped slashes to traverse all parties: downstream client, intermediate proxies, Envoy and upstream server. The “httpN.downstream_rq_redirected_with_normalized_path” counter is incremented for each redirected request.
`UNESCAPE_AND_FORWARD`	Unescape %2F and %5C sequences. Note: this option should not be enabled if intermediaries perform path based access control as it may lead to path confusion vulnerabilities.