route.proto

Package: envoy.api.v2.route

Types:

Source File: envoy/api/v2/route/route.proto

VirtualHost

The top level element in the routing configuration is a virtual host. Each virtual host has a logical name as well as a set of domains that get routed to it based on the incoming request’s host header. This allows a single listener to service multiple top level domain path trees. Once a virtual host is selected based on the domain, the routes are processed in order to see which upstream cluster to route to or whether to perform a redirect. [#comment:next free field: 17]

"name": string
"domains": []string
"routes": []envoy.api.v2.route.Route
"requireTls": .envoy.api.v2.route.VirtualHost.TlsRequirementType
"virtualClusters": []envoy.api.v2.route.VirtualCluster
"rateLimits": []envoy.api.v2.route.RateLimit
"requestHeadersToAdd": []envoy.api.v2.core.HeaderValueOption
"requestHeadersToRemove": []string
"responseHeadersToAdd": []envoy.api.v2.core.HeaderValueOption
"responseHeadersToRemove": []string
"cors": .envoy.api.v2.route.CorsPolicy
"perFilterConfig": map<string, .google.protobuf.Struct>
"typedPerFilterConfig": map<string, .google.protobuf.Any>
"includeRequestAttemptCount": bool
"retryPolicy": .envoy.api.v2.route.RetryPolicy
"hedgePolicy": .envoy.api.v2.route.HedgePolicy
Field Type Description Default
name string The logical name of the virtual host. This is used when emitting certain statistics but is not relevant for routing.
domains []string A list of domains (host/authority header) that will be matched to this virtual host. Wildcard hosts are supported in the suffix or prefix form. Domain search order: 1. Exact domain names: www.foo.com. 2. Suffix domain wildcards: *.foo.com or *-bar.foo.com. 3. Prefix domain wildcards: foo.* or foo-*. 4. Special wildcard * matching any domain. .. note:: The wildcard will not match the empty string. e.g. *-bar.foo.com will match baz-bar.foo.com but not -bar.foo.com. The longest wildcards match first. Only a single virtual host in the entire route configuration can match on *. A domain must be unique across all virtual hosts or the config will fail to load.
routes []envoy.api.v2.route.Route The list of routes that will be matched, in order, for incoming requests. The first route that matches will be used.
requireTls .envoy.api.v2.route.VirtualHost.TlsRequirementType Specifies the type of TLS enforcement the virtual host expects. If this option is not specified, there is no TLS requirement for the virtual host.
virtualClusters []envoy.api.v2.route.VirtualCluster A list of virtual clusters defined for this virtual host. Virtual clusters are used for additional statistics gathering.
rateLimits []envoy.api.v2.route.RateLimit Specifies a set of rate limit configurations that will be applied to the virtual host.
requestHeadersToAdd []envoy.api.v2.core.HeaderValueOption Specifies a list of HTTP headers that should be added to each request handled by this virtual host. Headers specified at this level are applied after headers from enclosed :ref:envoy_api_msg_route.Route and before headers from the enclosing :ref:envoy_api_msg_RouteConfiguration. For more information, including details on header value syntax, see the documentation on :ref:custom request headers <config_http_conn_man_headers_custom_request_headers>.
requestHeadersToRemove []string Specifies a list of HTTP headers that should be removed from each request handled by this virtual host.
responseHeadersToAdd []envoy.api.v2.core.HeaderValueOption Specifies a list of HTTP headers that should be added to each response handled by this virtual host. Headers specified at this level are applied after headers from enclosed :ref:envoy_api_msg_route.Route and before headers from the enclosing :ref:envoy_api_msg_RouteConfiguration. For more information, including details on header value syntax, see the documentation on :ref:custom request headers <config_http_conn_man_headers_custom_request_headers>.
responseHeadersToRemove []string Specifies a list of HTTP headers that should be removed from each response handled by this virtual host.
cors .envoy.api.v2.route.CorsPolicy Indicates that the virtual host has a CORS policy.
perFilterConfig map<string, .google.protobuf.Struct> The per_filter_config field can be used to provide virtual host-specific configurations for filters. The key should match the filter name, such as envoy.buffer for the HTTP buffer filter. Use of this field is filter specific; see the :ref:HTTP filter documentation <config_http_filters> for if and how it is utilized.
typedPerFilterConfig map<string, .google.protobuf.Any> The per_filter_config field can be used to provide virtual host-specific configurations for filters. The key should match the filter name, such as envoy.buffer for the HTTP buffer filter. Use of this field is filter specific; see the :ref:HTTP filter documentation <config_http_filters> for if and how it is utilized.
includeRequestAttemptCount bool Decides whether the :ref:x-envoy-attempt-count <config_http_filters_router_x-envoy-attempt-count> header should be included in the upstream request. Setting this option will cause it to override any existing header value, so in the case of two Envoys on the request path with this option enabled, the upstream will see the attempt count as perceived by the second Envoy. Defaults to false. This header is unaffected by the :ref:suppress_envoy_headers <envoy_api_field_config.filter.http.router.v2.Router.suppress_envoy_headers> flag.
retryPolicy .envoy.api.v2.route.RetryPolicy Indicates the retry policy for all routes in this virtual host. Note that setting a route level entry will take precedence over this config and it’ll be treated independently (e.g.: values are not inherited).
hedgePolicy .envoy.api.v2.route.HedgePolicy Indicates the hedge policy for all routes in this virtual host. Note that setting a route level entry will take precedence over this config and it’ll be treated independently (e.g.: values are not inherited).

TlsRequirementType

Name Description
NONE No TLS requirement for the virtual host.
EXTERNAL_ONLY External requests must use TLS. If a request is external and it is not using TLS, a 301 redirect will be sent telling the client to use HTTPS.
ALL All requests must use TLS. If a request is not using TLS, a 301 redirect will be sent telling the client to use HTTPS.

Route

A route is both a specification of how to match a request as well as an indication of what to do next (e.g., redirect, forward, rewrite, etc.).

.. attention::

Envoy supports routing on HTTP method via :ref:header matching <envoy_api_msg_route.HeaderMatcher>. [#comment:next free field: 15]

"name": string
"match": .envoy.api.v2.route.RouteMatch
"route": .envoy.api.v2.route.RouteAction
"redirect": .envoy.api.v2.route.RedirectAction
"directResponse": .envoy.api.v2.route.DirectResponseAction
"metadata": .envoy.api.v2.core.Metadata
"decorator": .envoy.api.v2.route.Decorator
"perFilterConfig": map<string, .google.protobuf.Struct>
"typedPerFilterConfig": map<string, .google.protobuf.Any>
"requestHeadersToAdd": []envoy.api.v2.core.HeaderValueOption
"requestHeadersToRemove": []string
"responseHeadersToAdd": []envoy.api.v2.core.HeaderValueOption
"responseHeadersToRemove": []string
"tracing": .envoy.api.v2.route.Tracing
Field Type Description Default
name string Name for the route.
match .envoy.api.v2.route.RouteMatch Route matching parameters.
route .envoy.api.v2.route.RouteAction Route request to some upstream cluster. Only one of route, or directResponse can be set.
redirect .envoy.api.v2.route.RedirectAction Return a redirect. Only one of redirect, or directResponse can be set.
directResponse .envoy.api.v2.route.DirectResponseAction Return an arbitrary HTTP response directly, without proxying. Only one of directResponse, or redirect can be set.
metadata .envoy.api.v2.core.Metadata The Metadata field can be used to provide additional information about the route. It can be used for configuration, stats, and logging. The metadata should go under the filter namespace that will need it. For instance, if the metadata is intended for the Router filter, the filter name should be specified as envoy.router.
decorator .envoy.api.v2.route.Decorator Decorator for the matched route.
perFilterConfig map<string, .google.protobuf.Struct> The per_filter_config field can be used to provide route-specific configurations for filters. The key should match the filter name, such as envoy.buffer for the HTTP buffer filter. Use of this field is filter specific; see the :ref:HTTP filter documentation <config_http_filters> for if and how it is utilized.
typedPerFilterConfig map<string, .google.protobuf.Any> The per_filter_config field can be used to provide route-specific configurations for filters. The key should match the filter name, such as envoy.buffer for the HTTP buffer filter. Use of this field is filter specific; see the :ref:HTTP filter documentation <config_http_filters> for if and how it is utilized.
requestHeadersToAdd []envoy.api.v2.core.HeaderValueOption Specifies a set of headers that will be added to requests matching this route. Headers specified at this level are applied before headers from the enclosing :ref:envoy_api_msg_route.VirtualHost and :ref:envoy_api_msg_RouteConfiguration. For more information, including details on header value syntax, see the documentation on :ref:custom request headers <config_http_conn_man_headers_custom_request_headers>.
requestHeadersToRemove []string Specifies a list of HTTP headers that should be removed from each request matching this route.
responseHeadersToAdd []envoy.api.v2.core.HeaderValueOption Specifies a set of headers that will be added to responses to requests matching this route. Headers specified at this level are applied before headers from the enclosing :ref:envoy_api_msg_route.VirtualHost and :ref:envoy_api_msg_RouteConfiguration. For more information, including details on header value syntax, see the documentation on :ref:custom request headers <config_http_conn_man_headers_custom_request_headers>.
responseHeadersToRemove []string Specifies a list of HTTP headers that should be removed from each response to requests matching this route.
tracing .envoy.api.v2.route.Tracing Presence of the object defines whether the connection manager’s tracing configuration is overridden by this route specific instance.

WeightedCluster

Compared to the :ref:cluster <envoy_api_field_route.RouteAction.cluster> field that specifies a single upstream cluster as the target of a request, the :ref:weighted_clusters <envoy_api_field_route.RouteAction.weighted_clusters> option allows for specification of multiple upstream clusters along with weights that indicate the percentage of traffic to be forwarded to each cluster. The router selects an upstream cluster based on the weights. [#comment:next free field: 11]

"clusters": []envoy.api.v2.route.WeightedCluster.ClusterWeight
"totalWeight": .google.protobuf.UInt32Value
"runtimeKeyPrefix": string
Field Type Description Default
clusters []envoy.api.v2.route.WeightedCluster.ClusterWeight Specifies one or more upstream clusters associated with the route.
totalWeight .google.protobuf.UInt32Value Specifies the total weight across all clusters. The sum of all cluster weights must equal this value, which must be greater than 0. Defaults to 100.
runtimeKeyPrefix string Specifies the runtime key prefix that should be used to construct the runtime keys associated with each cluster. When the runtime_key_prefix is specified, the router will look for weights associated with each upstream cluster under the key runtime_key_prefix + “.” + cluster[i].name where cluster[i] denotes an entry in the clusters array field. If the runtime key for the cluster does not exist, the value specified in the configuration file will be used as the default weight. See the :ref:runtime documentation <operations_runtime> for how key names map to the underlying implementation.

ClusterWeight

"name": string
"weight": .google.protobuf.UInt32Value
"metadataMatch": .envoy.api.v2.core.Metadata
"requestHeadersToAdd": []envoy.api.v2.core.HeaderValueOption
"requestHeadersToRemove": []string
"responseHeadersToAdd": []envoy.api.v2.core.HeaderValueOption
"responseHeadersToRemove": []string
"perFilterConfig": map<string, .google.protobuf.Struct>
"typedPerFilterConfig": map<string, .google.protobuf.Any>
Field Type Description Default
name string Name of the upstream cluster. The cluster must exist in the :ref:cluster manager configuration <config_cluster_manager>.
weight .google.protobuf.UInt32Value An integer between 0 and :ref:total_weight <envoy_api_field_route.WeightedCluster.total_weight>. When a request matches the route, the choice of an upstream cluster is determined by its weight. The sum of weights across all entries in the clusters array must add up to the total_weight, which defaults to 100.
metadataMatch .envoy.api.v2.core.Metadata Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints in the upstream cluster with metadata matching what is set in this field will be considered for load balancing. Note that this will be merged with what’s provided in :ref: RouteAction.MetadataMatch <envoy_api_field_route.RouteAction.metadata_match>, with values here taking precedence. The filter name should be specified as envoy.lb.
requestHeadersToAdd []envoy.api.v2.core.HeaderValueOption Specifies a list of headers to be added to requests when this cluster is selected through the enclosing :ref:envoy_api_msg_route.RouteAction. Headers specified at this level are applied before headers from the enclosing :ref:envoy_api_msg_route.Route, :ref:envoy_api_msg_route.VirtualHost, and :ref:envoy_api_msg_RouteConfiguration. For more information, including details on header value syntax, see the documentation on :ref:custom request headers <config_http_conn_man_headers_custom_request_headers>.
requestHeadersToRemove []string Specifies a list of HTTP headers that should be removed from each request when this cluster is selected through the enclosing :ref:envoy_api_msg_route.RouteAction.
responseHeadersToAdd []envoy.api.v2.core.HeaderValueOption Specifies a list of headers to be added to responses when this cluster is selected through the enclosing :ref:envoy_api_msg_route.RouteAction. Headers specified at this level are applied before headers from the enclosing :ref:envoy_api_msg_route.Route, :ref:envoy_api_msg_route.VirtualHost, and :ref:envoy_api_msg_RouteConfiguration. For more information, including details on header value syntax, see the documentation on :ref:custom request headers <config_http_conn_man_headers_custom_request_headers>.
responseHeadersToRemove []string Specifies a list of headers to be removed from responses when this cluster is selected through the enclosing :ref:envoy_api_msg_route.RouteAction.
perFilterConfig map<string, .google.protobuf.Struct> The per_filter_config field can be used to provide weighted cluster-specific configurations for filters. The key should match the filter name, such as envoy.buffer for the HTTP buffer filter. Use of this field is filter specific; see the :ref:HTTP filter documentation <config_http_filters> for if and how it is utilized.
typedPerFilterConfig map<string, .google.protobuf.Any> The per_filter_config field can be used to provide weighted cluster-specific configurations for filters. The key should match the filter name, such as envoy.buffer for the HTTP buffer filter. Use of this field is filter specific; see the :ref:HTTP filter documentation <config_http_filters> for if and how it is utilized.

RouteMatch

"prefix": string
"path": string
"regex": string
"caseSensitive": .google.protobuf.BoolValue
"runtimeFraction": .envoy.api.v2.core.RuntimeFractionalPercent
"headers": []envoy.api.v2.route.HeaderMatcher
"queryParameters": []envoy.api.v2.route.QueryParameterMatcher
"grpc": .envoy.api.v2.route.RouteMatch.GrpcRouteMatchOptions
Field Type Description Default
prefix string If specified, the route is a prefix rule meaning that the prefix must match the beginning of the :path header. Only one of prefix, or regex can be set.
path string If specified, the route is an exact path rule meaning that the path must exactly match the :path header once the query string is removed. Only one of path, or regex can be set.
regex string If specified, the route is a regular expression rule meaning that the regex must match the :path header once the query string is removed. The entire path (without the query string) must match the regex. The rule will not match if only a subsequence of the :path header matches the regex. The regex grammar is defined here <https://en.cppreference.com/w/cpp/regex/ecmascript>_. Examples: * The regex /b[io]t matches the path /bit * The regex /b[io]t matches the path /bot * The regex /b[io]t does not match the path /bite * The regex /b[io]t does not match the path /bit/bot. Only one of regex, or path can be set.
caseSensitive .google.protobuf.BoolValue Indicates that prefix/path matching should be case insensitive. The default is true.
runtimeFraction .envoy.api.v2.core.RuntimeFractionalPercent Indicates that the route should additionally match on a runtime key. Every time the route is considered for a match, it must also fall under the percentage of matches indicated by this field. For some fraction N/D, a random number in the range [0,D) is selected. If the number is <= the value of the numerator N, or if the key is not present, the default value, the router continues to evaluate the remaining match criteria. A runtime_fraction route configuration can be used to roll out route changes in a gradual manner without full code/config deploys. Refer to the :ref:traffic shifting <config_http_conn_man_route_table_traffic_splitting_shift> docs for additional documentation. .. note:: Parsing this field is implemented such that the runtime key’s data may be represented as a FractionalPercent proto represented as JSON/YAML and may also be represented as an integer with the assumption that the value is an integral percentage out of 100. For instance, a runtime key lookup returning the value “42” would parse as a FractionalPercent whose numerator is 42 and denominator is HUNDRED. This preserves legacy semantics.
headers []envoy.api.v2.route.HeaderMatcher Specifies a set of headers that the route should match on. The router will check the request’s headers against all the specified headers in the route config. A match will happen if all the headers in the route are present in the request with the same values (or based on presence if the value field is not in the config).
queryParameters []envoy.api.v2.route.QueryParameterMatcher Specifies a set of URL query parameters on which the route should match. The router will check the query string from the path header against all the specified query parameters. If the number of specified query parameters is nonzero, they all must match the path header’s query string for a match to occur.
grpc .envoy.api.v2.route.RouteMatch.GrpcRouteMatchOptions If specified, only gRPC requests will be matched. The router will check that the content-type header has a application/grpc or one of the various application/grpc+ values.

GrpcRouteMatchOptions

Field Type Description Default

CorsPolicy

[#comment:next free field: 11]

"allowOrigin": []string
"allowOriginRegex": []string
"allowMethods": string
"allowHeaders": string
"exposeHeaders": string
"maxAge": string
"allowCredentials": .google.protobuf.BoolValue
"enabled": .google.protobuf.BoolValue
"filterEnabled": .envoy.api.v2.core.RuntimeFractionalPercent
"shadowEnabled": .envoy.api.v2.core.RuntimeFractionalPercent
Field Type Description Default
allowOrigin []string Specifies the origins that will be allowed to do CORS requests. An origin is allowed if either allow_origin or allow_origin_regex match.
allowOriginRegex []string Specifies regex patterns that match allowed origins. An origin is allowed if either allow_origin or allow_origin_regex match.
allowMethods string Specifies the content for the access-control-allow-methods header.
allowHeaders string Specifies the content for the access-control-allow-headers header.
exposeHeaders string Specifies the content for the access-control-expose-headers header.
maxAge string Specifies the content for the access-control-max-age header.
allowCredentials .google.protobuf.BoolValue Specifies whether the resource allows credentials.
enabled .google.protobuf.BoolValue Specifies if CORS is enabled. Defaults to true. Only effective on route. .. attention:: This field is deprecated. Set the :ref:filter_enabled<envoy_api_field_route.CorsPolicy.filter_enabled> field instead. Only one of enabled or filterEnabled can be set.
filterEnabled .envoy.api.v2.core.RuntimeFractionalPercent Specifies if CORS is enabled. More information on how this can be controlled via runtime can be found :ref:here <cors-runtime>. .. note:: This field defaults to 100/:ref:HUNDRED <envoy_api_enum_type.FractionalPercent.DenominatorType>. Only one of filterEnabled or enabled can be set.
shadowEnabled .envoy.api.v2.core.RuntimeFractionalPercent Specifies if CORS policies are evaluated and tracked when filter is off but does not enforce any policies. More information on how this can be controlled via runtime can be found :ref:here <cors-runtime>. .. note:: This field defaults to 100/:ref:HUNDRED <envoy_api_enum_type.FractionalPercent.DenominatorType>.

RouteAction

[#comment:next free field: 30]

"cluster": string
"clusterHeader": string
"weightedClusters": .envoy.api.v2.route.WeightedCluster
"clusterNotFoundResponseCode": .envoy.api.v2.route.RouteAction.ClusterNotFoundResponseCode
"metadataMatch": .envoy.api.v2.core.Metadata
"prefixRewrite": string
"hostRewrite": string
"autoHostRewrite": .google.protobuf.BoolValue
"autoHostRewriteHeader": string
"timeout": .google.protobuf.Duration
"idleTimeout": .google.protobuf.Duration
"retryPolicy": .envoy.api.v2.route.RetryPolicy
"requestMirrorPolicy": .envoy.api.v2.route.RouteAction.RequestMirrorPolicy
"priority": .envoy.api.v2.core.RoutingPriority
"rateLimits": []envoy.api.v2.route.RateLimit
"includeVhRateLimits": .google.protobuf.BoolValue
"hashPolicy": []envoy.api.v2.route.RouteAction.HashPolicy
"cors": .envoy.api.v2.route.CorsPolicy
"maxGrpcTimeout": .google.protobuf.Duration
"grpcTimeoutOffset": .google.protobuf.Duration
"upgradeConfigs": []envoy.api.v2.route.RouteAction.UpgradeConfig
"internalRedirectAction": .envoy.api.v2.route.RouteAction.InternalRedirectAction
"hedgePolicy": .envoy.api.v2.route.HedgePolicy
Field Type Description Default
cluster string Indicates the upstream cluster to which the request should be routed to. Only one of cluster, or weightedClusters can be set.
clusterHeader string Envoy will determine the cluster to route to by reading the value of the HTTP header named by cluster_header from the request headers. If the header is not found or the referenced cluster does not exist, Envoy will return a 404 response. .. attention:: Internally, Envoy always uses the HTTP/2 :authority header to represent the HTTP/1 Host header. Thus, if attempting to match on Host, match on :authority instead. Only one of clusterHeader, or weightedClusters can be set.
weightedClusters .envoy.api.v2.route.WeightedCluster Multiple upstream clusters can be specified for a given route. The request is routed to one of the upstream clusters based on weights assigned to each cluster. See :ref:traffic splitting <config_http_conn_man_route_table_traffic_splitting_split> for additional documentation. Only one of weightedClusters, or clusterHeader can be set.
clusterNotFoundResponseCode .envoy.api.v2.route.RouteAction.ClusterNotFoundResponseCode The HTTP status code to use when configured cluster is not found. The default response code is 503 Service Unavailable.
metadataMatch .envoy.api.v2.core.Metadata Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints in the upstream cluster with metadata matching what’s set in this field will be considered for load balancing. If using :ref:weighted_clusters <envoy_api_field_route.RouteAction.weighted_clusters>, metadata will be merged, with values provided there taking precedence. The filter name should be specified as envoy.lb.
prefixRewrite string Indicates that during forwarding, the matched prefix (or path) should be swapped with this value. This option allows application URLs to be rooted at a different path from those exposed at the reverse proxy layer. The router filter will place the original path before rewrite into the :ref:x-envoy-original-path <config_http_filters_router_x-envoy-original-path> header. .. attention:: Pay careful attention to the use of trailing slashes in the :ref:route's match <envoy_api_field_route.Route.match> prefix value. Stripping a prefix from a path requires multiple Routes to handle all cases. For example, rewriting /prefix to / and /prefix/etc to /etc cannot be done in a single :ref:Route <envoy_api_msg_route.Route>, as shown by the below config entries: .. code-block:: yaml - match: prefix: “/prefix/” route: prefix_rewrite: “/” - match: prefix: “/prefix” route: prefix_rewrite: “/” Having above entries in the config, requests to /prefix will be stripped to /, while requests to /prefix/etc will be stripped to /etc.
hostRewrite string Indicates that during forwarding, the host header will be swapped with this value. Only one of hostRewrite, or autoHostRewriteHeader can be set.
autoHostRewrite .google.protobuf.BoolValue Indicates that during forwarding, the host header will be swapped with the hostname of the upstream host chosen by the cluster manager. This option is applicable only when the destination cluster for a route is of type strict_dns or logical_dns. Setting this to true with other cluster types has no effect. Only one of autoHostRewrite, or autoHostRewriteHeader can be set.
autoHostRewriteHeader string Indicates that during forwarding, the host header will be swapped with the content of given downstream or :ref:custom <config_http_conn_man_headers_custom_request_headers> header. If header value is empty, host header is left intact. .. attention:: Pay attention to the potential security implications of using this option. Provided header must come from trusted source. Only one of autoHostRewriteHeader, or autoHostRewrite can be set.
timeout .google.protobuf.Duration Specifies the upstream timeout for the route. If not specified, the default is 15s. This spans between the point at which the entire downstream request (i.e. end-of-stream) has been processed and when the upstream response has been completely processed. .. note:: This timeout includes all retries. See also :ref:config_http_filters_router_x-envoy-upstream-rq-timeout-ms, :ref:config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms, and the :ref:retry overview <arch_overview_http_routing_retry>.
idleTimeout .google.protobuf.Duration Specifies the idle timeout for the route. If not specified, there is no per-route idle timeout, although the connection manager wide :ref:stream_idle_timeout <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.stream_idle_timeout> will still apply. A value of 0 will completely disable the route’s idle timeout, even if a connection manager stream idle timeout is configured. The idle timeout is distinct to :ref:timeout <envoy_api_field_route.RouteAction.timeout>, which provides an upper bound on the upstream response time; :ref:idle_timeout <envoy_api_field_route.RouteAction.idle_timeout> instead bounds the amount of time the request’s stream may be idle. After header decoding, the idle timeout will apply on downstream and upstream request events. Each time an encode/decode event for headers or data is processed for the stream, the timer will be reset. If the timeout fires, the stream is terminated with a 408 Request Timeout error code if no upstream response header has been received, otherwise a stream reset occurs.
retryPolicy .envoy.api.v2.route.RetryPolicy Indicates that the route has a retry policy. Note that if this is set, it’ll take precedence over the virtual host level retry policy entirely (e.g.: policies are not merged, most internal one becomes the enforced policy).
requestMirrorPolicy .envoy.api.v2.route.RouteAction.RequestMirrorPolicy Indicates that the route has a request mirroring policy.
priority .envoy.api.v2.core.RoutingPriority Optionally specifies the :ref:routing priority <arch_overview_http_routing_priority>. [#comment:TODO(htuch): add (validate.rules).enum.defined_only = true once https://github.com/lyft/protoc-gen-validate/issues/42 is resolved.].
rateLimits []envoy.api.v2.route.RateLimit Specifies a set of rate limit configurations that could be applied to the route.
includeVhRateLimits .google.protobuf.BoolValue Specifies if the rate limit filter should include the virtual host rate limits. By default, if the route configured rate limits, the virtual host :ref:rate_limits <envoy_api_field_route.VirtualHost.rate_limits> are not applied to the request.
hashPolicy []envoy.api.v2.route.RouteAction.HashPolicy Specifies a list of hash policies to use for ring hash load balancing. Each hash policy is evaluated individually and the combined result is used to route the request. The method of combination is deterministic such that identical lists of hash policies will produce the same hash. Since a hash policy examines specific parts of a request, it can fail to produce a hash (i.e. if the hashed header is not present). If (and only if) all configured hash policies fail to generate a hash, no hash will be produced for the route. In this case, the behavior is the same as if no hash policies were specified (i.e. the ring hash load balancer will choose a random backend). If a hash policy has the “terminal” attribute set to true, and there is already a hash generated, the hash is returned immediately, ignoring the rest of the hash policy list.
cors .envoy.api.v2.route.CorsPolicy Indicates that the route has a CORS policy.
maxGrpcTimeout .google.protobuf.Duration If present, and the request is a gRPC request, use the grpc-timeout header <https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md>_, or its default value (infinity) instead of :ref:timeout <envoy_api_field_route.RouteAction.timeout>, but limit the applied timeout to the maximum value specified here. If configured as 0, the maximum allowed timeout for gRPC requests is infinity. If not configured at all, the grpc-timeout header is not used and gRPC requests time out like any other requests using :ref:timeout <envoy_api_field_route.RouteAction.timeout> or its default. This can be used to prevent unexpected upstream request timeouts due to potentially long time gaps between gRPC request and response in gRPC streaming mode.
grpcTimeoutOffset .google.protobuf.Duration If present, Envoy will adjust the timeout provided by the grpc-timeout header by subtracting the provided duration from the header. This is useful in allowing Envoy to set its global timeout to be less than that of the deadline imposed by the calling client, which makes it more likely that Envoy will handle the timeout instead of having the call canceled by the client. The offset will only be applied if the provided grpc_timeout is greater than the offset. This ensures that the offset will only ever decrease the timeout and never set it to 0 (meaning infinity).
upgradeConfigs []envoy.api.v2.route.RouteAction.UpgradeConfig
internalRedirectAction .envoy.api.v2.route.RouteAction.InternalRedirectAction
hedgePolicy .envoy.api.v2.route.HedgePolicy Indicates that the route has a hedge policy. Note that if this is set, it’ll take precedence over the virtual host level hedge policy entirely (e.g.: policies are not merged, most internal one becomes the enforced policy).

RequestMirrorPolicy

The router is capable of shadowing traffic from one cluster to another. The current implementation is “fire and forget,” meaning Envoy will not wait for the shadow cluster to respond before returning the response from the primary cluster. All normal statistics are collected for the shadow cluster making this feature useful for testing.

During shadowing, the host/authority header is altered such that -shadow is appended. This is useful for logging. For example, cluster1 becomes cluster1-shadow.

"cluster": string
"runtimeKey": string
"runtimeFraction": .envoy.api.v2.core.RuntimeFractionalPercent
Field Type Description Default
cluster string Specifies the cluster that requests will be mirrored to. The cluster must exist in the cluster manager configuration.
runtimeKey string If not specified, all requests to the target cluster will be mirrored. If specified, Envoy will lookup the runtime key to get the % of requests to mirror. Valid values are from 0 to 10000, allowing for increments of 0.01% of requests to be mirrored. If the runtime key is specified in the configuration but not present in runtime, 0 is the default and thus 0% of requests will be mirrored. .. attention:: This field is deprecated. Set the :ref:runtime_fraction <envoy_api_field_route.RouteAction.RequestMirrorPolicy.runtime_fraction> field instead.
runtimeFraction .envoy.api.v2.core.RuntimeFractionalPercent If both :ref:runtime_key <envoy_api_field_route.RouteAction.RequestMirrorPolicy.runtime_key> and this field are not specified, all requests to the target cluster will be mirrored. If specified, this field takes precedence over the runtime_key field and requests must also fall under the percentage of matches indicated by this field. For some fraction N/D, a random number in the range [0,D) is selected. If the number is <= the value of the numerator N, or if the key is not present, the default value, the request will be mirrored. .. note:: Parsing this field is implemented such that the runtime key’s data may be represented as a :ref:FractionalPercent <envoy_api_msg_type.FractionalPercent> proto represented as JSON/YAML and may also be represented as an integer with the assumption that the value is an integral percentage out of 100. For instance, a runtime key lookup returning the value “42” would parse as a FractionalPercent whose numerator is 42 and denominator is HUNDRED. This is behaviour is different to that of the deprecated runtime_key field, where the implicit denominator is 10000.

HashPolicy

Specifies the route’s hashing policy if the upstream cluster uses a hashing :ref:load balancer <arch_overview_load_balancing_types>.

"header": .envoy.api.v2.route.RouteAction.HashPolicy.Header
"cookie": .envoy.api.v2.route.RouteAction.HashPolicy.Cookie
"connectionProperties": .envoy.api.v2.route.RouteAction.HashPolicy.ConnectionProperties
"terminal": bool
Field Type Description Default
header .envoy.api.v2.route.RouteAction.HashPolicy.Header Header hash policy. Only one of header, or connectionProperties can be set.
cookie .envoy.api.v2.route.RouteAction.HashPolicy.Cookie Cookie hash policy. Only one of cookie, or connectionProperties can be set.
connectionProperties .envoy.api.v2.route.RouteAction.HashPolicy.ConnectionProperties Connection properties hash policy. Only one of connectionProperties, or cookie can be set.
terminal bool The flag that shortcircuits the hash computing. This field provides a ‘fallback’ style of configuration: “if a terminal policy doesn’t work, fallback to rest of the policy list”, it saves time when the terminal policy works. If true, and there is already a hash computed, ignore rest of the list of hash polices. For example, if the following hash methods are configured: ========= ======== specifier terminal ========= ======== Header A true Header B false Header C false ========= ======== The generateHash process ends if policy “header A” generates a hash, as it’s a terminal policy.

"headerName": string
Field Type Description Default
headerName string The name of the request header that will be used to obtain the hash key. If the request header is not present, no hash will be produced.

Envoy supports two types of cookie affinity:

  1. Passive. Envoy takes a cookie that’s present in the cookies header and hashes on its value.

  2. Generated. Envoy generates and sets a cookie with an expiration (TTL) on the first request from the client in its response to the client, based on the endpoint the request gets sent to. The client then presents this on the next and all subsequent requests. The hash of this is sufficient to ensure these requests get sent to the same endpoint. The cookie is generated by hashing the source and destination ports and addresses so that multiple independent HTTP2 streams on the same connection will independently receive the same cookie, even if they arrive at the Envoy simultaneously.

    "name": string
    "ttl": .google.protobuf.Duration
    "path": string
Field Type Description Default
name string The name of the cookie that will be used to obtain the hash key. If the cookie is not present and ttl below is not set, no hash will be produced.
ttl .google.protobuf.Duration If specified, a cookie with the TTL will be generated if the cookie is not present. If the TTL is present and zero, the generated cookie will be a session cookie.
path string The name of the path for the cookie. If no path is specified here, no path will be set for the cookie.

ConnectionProperties

"sourceIp": bool
Field Type Description Default
sourceIp bool Hash on source IP address.

UpgradeConfig

Allows enabling and disabling upgrades on a per-route basis. This overrides any enabled/disabled upgrade filter chain specified in the HttpConnectionManager :ref:upgrade_configs <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.upgrade_configs> but does not affect any custom filter chain specified there.

"upgradeType": string
"enabled": .google.protobuf.BoolValue
Field Type Description Default
upgradeType string The case-insensitive name of this upgrade, e.g. “websocket”. For each upgrade type present in upgrade_configs, requests with Upgrade: [upgrade_type] will be proxied upstream.
enabled .google.protobuf.BoolValue Determines if upgrades are available on this route. Defaults to true.

ClusterNotFoundResponseCode

Name Description
SERVICE_UNAVAILABLE HTTP status code - 503 Service Unavailable.
NOT_FOUND HTTP status code - 404 Not Found.

InternalRedirectAction

Configures :ref:internal redirect <arch_overview_internal_redirects> behavior.

Name Description
PASS_THROUGH_INTERNAL_REDIRECT
HANDLE_INTERNAL_REDIRECT

RetryPolicy

HTTP retry :ref:architecture overview <arch_overview_http_routing_retry>. [#comment:next free field: 9]

"retryOn": string
"numRetries": .google.protobuf.UInt32Value
"perTryTimeout": .google.protobuf.Duration
"retryPriority": .envoy.api.v2.route.RetryPolicy.RetryPriority
"retryHostPredicate": []envoy.api.v2.route.RetryPolicy.RetryHostPredicate
"hostSelectionRetryMaxAttempts": int
"retriableStatusCodes": []int
"retryBackOff": .envoy.api.v2.route.RetryPolicy.RetryBackOff
Field Type Description Default
retryOn string Specifies the conditions under which retry takes place. These are the same conditions documented for :ref:config_http_filters_router_x-envoy-retry-on and :ref:config_http_filters_router_x-envoy-retry-grpc-on.
numRetries .google.protobuf.UInt32Value Specifies the allowed number of retries. This parameter is optional and defaults to 1. These are the same conditions documented for :ref:config_http_filters_router_x-envoy-max-retries.
perTryTimeout .google.protobuf.Duration Specifies a non-zero upstream timeout per retry attempt. This parameter is optional. The same conditions documented for :ref:config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms apply. .. note:: If left unspecified, Envoy will use the global :ref:route timeout <envoy_api_field_route.RouteAction.timeout> for the request. Consequently, when using a :ref:5xx <config_http_filters_router_x-envoy-retry-on> based retry policy, a request that times out will not be retried as the total timeout budget would have been exhausted.
retryPriority .envoy.api.v2.route.RetryPolicy.RetryPriority Specifies an implementation of a RetryPriority which is used to determine the distribution of load across priorities used for retries. Refer to :ref:retry plugin configuration <arch_overview_http_retry_plugins> for more details.
retryHostPredicate []envoy.api.v2.route.RetryPolicy.RetryHostPredicate Specifies a collection of RetryHostPredicates that will be consulted when selecting a host for retries. If any of the predicates reject the host, host selection will be reattempted. Refer to :ref:retry plugin configuration <arch_overview_http_retry_plugins> for more details.
hostSelectionRetryMaxAttempts int The maximum number of times host selection will be reattempted before giving up, at which point the host that was last selected will be routed to. If unspecified, this will default to retrying once.
retriableStatusCodes []int HTTP status codes that should trigger a retry in addition to those specified by retry_on.
retryBackOff .envoy.api.v2.route.RetryPolicy.RetryBackOff Specifies parameters that control retry back off. This parameter is optional, in which case the default base interval is 25 milliseconds or, if set, the current value of the upstream.base_retry_backoff_ms runtime parameter. The default maximum interval is 10 times the base interval. The documentation for :ref:config_http_filters_router_x-envoy-max-retries describes Envoy’s back-off algorithm.

RetryPriority

"name": string
"config": .google.protobuf.Struct
"typedConfig": .google.protobuf.Any
Field Type Description Default
name string
config .google.protobuf.Struct Only one of config or typedConfig can be set.
typedConfig .google.protobuf.Any Only one of typedConfig or config can be set.

RetryHostPredicate

"name": string
"config": .google.protobuf.Struct
"typedConfig": .google.protobuf.Any
Field Type Description Default
name string
config .google.protobuf.Struct Only one of config or typedConfig can be set.
typedConfig .google.protobuf.Any Only one of typedConfig or config can be set.

RetryBackOff

"baseInterval": .google.protobuf.Duration
"maxInterval": .google.protobuf.Duration
Field Type Description Default
baseInterval .google.protobuf.Duration Specifies the base interval between retries. This parameter is required and must be greater than zero. Values less than 1 ms are rounded up to 1 ms. See :ref:config_http_filters_router_x-envoy-max-retries for a discussion of Envoy’s back-off algorithm.
maxInterval .google.protobuf.Duration Specifies the maximum interval between retries. This parameter is optional, but must be greater than or equal to the base_interval if set. The default is 10 times the base_interval. See :ref:config_http_filters_router_x-envoy-max-retries for a discussion of Envoy’s back-off algorithm.

HedgePolicy

HTTP request hedging :ref:architecture overview <arch_overview_http_routing_hedging>.

"initialRequests": .google.protobuf.UInt32Value
"additionalRequestChance": .envoy.type.FractionalPercent
"hedgeOnPerTryTimeout": bool
Field Type Description Default
initialRequests .google.protobuf.UInt32Value Specifies the number of initial requests that should be sent upstream. Must be at least 1. Defaults to 1. [#not-implemented-hide:].
additionalRequestChance .envoy.type.FractionalPercent Specifies a probability that an additional upstream request should be sent on top of what is specified by initial_requests. Defaults to 0. [#not-implemented-hide:].
hedgeOnPerTryTimeout bool Indicates that a hedged request should be sent when the per-try timeout is hit. This will only occur if the retry policy also indicates that a timed out request should be retried. Once a timed out request is retried due to per try timeout, the router filter will ensure that it is not retried again even if the returned response headers would otherwise be retried according the specified :ref:RetryPolicy <envoy_api_msg_route.RetryPolicy>. Defaults to false.

RedirectAction

"httpsRedirect": bool
"schemeRedirect": string
"hostRedirect": string
"portRedirect": int
"pathRedirect": string
"prefixRewrite": string
"responseCode": .envoy.api.v2.route.RedirectAction.RedirectResponseCode
"stripQuery": bool
Field Type Description Default
httpsRedirect bool The scheme portion of the URL will be swapped with “https”. Only one of httpsRedirect or schemeRedirect can be set.
schemeRedirect string The scheme portion of the URL will be swapped with this value. Only one of schemeRedirect or httpsRedirect can be set.
hostRedirect string The host portion of the URL will be swapped with this value.
portRedirect int The port value of the URL will be swapped with this value.
pathRedirect string The path portion of the URL will be swapped with this value. Only one of pathRedirect or prefixRewrite can be set.
prefixRewrite string Indicates that during redirection, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request. .. attention:: Pay attention to the use of trailing slashes as mentioned in :ref:RouteAction's prefix_rewrite <envoy_api_field_route.RouteAction.prefix_rewrite>. Only one of prefixRewrite or pathRedirect can be set.
responseCode .envoy.api.v2.route.RedirectAction.RedirectResponseCode The HTTP status code to use in the redirect response. The default response code is MOVED_PERMANENTLY (301).
stripQuery bool Indicates that during redirection, the query portion of the URL will be removed. Default value is false.

RedirectResponseCode

Name Description
MOVED_PERMANENTLY Moved Permanently HTTP Status Code - 301.
FOUND Found HTTP Status Code - 302.
SEE_OTHER See Other HTTP Status Code - 303.
TEMPORARY_REDIRECT Temporary Redirect HTTP Status Code - 307.
PERMANENT_REDIRECT Permanent Redirect HTTP Status Code - 308.

DirectResponseAction

"status": int
"body": .envoy.api.v2.core.DataSource
Field Type Description Default
status int Specifies the HTTP response status to be returned.
body .envoy.api.v2.core.DataSource Specifies the content of the response body. If this setting is omitted, no body is included in the generated response. .. note:: Headers can be specified using response_headers_to_add in the enclosing :ref:envoy_api_msg_route.Route, :ref:envoy_api_msg_RouteConfiguration or :ref:envoy_api_msg_route.VirtualHost.

Decorator

"operation": string
Field Type Description Default
operation string The operation name associated with the request matched to this route. If tracing is enabled, this information will be used as the span name reported for this request. .. note:: For ingress (inbound) requests, or egress (outbound) responses, this value may be overridden by the :ref:x-envoy-decorator-operation <config_http_filters_router_x-envoy-decorator-operation> header.

Tracing

"clientSampling": .envoy.type.FractionalPercent
"randomSampling": .envoy.type.FractionalPercent
"overallSampling": .envoy.type.FractionalPercent
Field Type Description Default
clientSampling .envoy.type.FractionalPercent Target percentage of requests managed by this HTTP connection manager that will be force traced if the :ref:x-client-trace-id <config_http_conn_man_headers_x-client-trace-id> header is set. This field is a direct analog for the runtime variable ‘tracing.client_sampling’ in the :ref:HTTP Connection Manager <config_http_conn_man_runtime>. Default: 100%.
randomSampling .envoy.type.FractionalPercent Target percentage of requests managed by this HTTP connection manager that will be randomly selected for trace generation, if not requested by the client or not forced. This field is a direct analog for the runtime variable ‘tracing.random_sampling’ in the :ref:HTTP Connection Manager <config_http_conn_man_runtime>. Default: 100%.
overallSampling .envoy.type.FractionalPercent Target percentage of requests managed by this HTTP connection manager that will be traced after all other sampling checks have been applied (client-directed, force tracing, random sampling). This field functions as an upper limit on the total configured sampling rate. For instance, setting client_sampling to 100% but overall_sampling to 1% will result in only 1% of client requests with the appropriate headers to be force traced. This field is a direct analog for the runtime variable ‘tracing.global_enabled’ in the :ref:HTTP Connection Manager <config_http_conn_man_runtime>. Default: 100%.

VirtualCluster

A virtual cluster is a way of specifying a regex matching rule against certain important endpoints such that statistics are generated explicitly for the matched requests. The reason this is useful is that when doing prefix/path matching Envoy does not always know what the application considers to be an endpoint. Thus, it’s impossible for Envoy to generically emit per endpoint statistics. However, often systems have highly critical endpoints that they wish to get “perfect” statistics on. Virtual cluster statistics are perfect in the sense that they are emitted on the downstream side such that they include network level failures.

Documentation for :ref:virtual cluster statistics <config_http_filters_router_stats>.

.. note::

Virtual clusters are a useful tool, but we do not recommend setting up a virtual cluster for every application endpoint. This is both not easily maintainable and as well the matching and statistics output are not free.

"pattern": string
"name": string
"method": .envoy.api.v2.core.RequestMethod
Field Type Description Default
pattern string Specifies a regex pattern to use for matching requests. The entire path of the request must match the regex. The regex grammar used is defined here <https://en.cppreference.com/w/cpp/regex/ecmascript>_. Examples: * The regex /rides/\d+ matches the path /rides/0 * The regex /rides/\d+ matches the path /rides/123 * The regex /rides/\d+ does not match the path /rides/123/456.
name string Specifies the name of the virtual cluster. The virtual cluster name as well as the virtual host name are used when emitting statistics. The statistics are emitted by the router filter and are documented :ref:here <config_http_filters_router_stats>.
method .envoy.api.v2.core.RequestMethod Optionally specifies the HTTP method to match on. For example GET, PUT, etc. [#comment:TODO(htuch): add (validate.rules).enum.defined_only = true once https://github.com/lyft/protoc-gen-validate/issues/42 is resolved.].

RateLimit

Global rate limiting :ref:architecture overview <arch_overview_rate_limit>.

"stage": .google.protobuf.UInt32Value
"disableKey": string
"actions": []envoy.api.v2.route.RateLimit.Action
Field Type Description Default
stage .google.protobuf.UInt32Value Refers to the stage set in the filter. The rate limit configuration only applies to filters with the same stage number. The default stage number is 0. .. note:: The filter supports a range of 0 - 10 inclusively for stage numbers.
disableKey string The key to be set in runtime to disable this rate limit configuration.
actions []envoy.api.v2.route.RateLimit.Action A list of actions that are to be applied for this rate limit configuration. Order matters as the actions are processed sequentially and the descriptor is composed by appending descriptor entries in that sequence. If an action cannot append a descriptor entry, no descriptor is generated for the configuration. See :ref:composing actions <config_http_filters_rate_limit_composing_actions> for additional documentation.

Action

"sourceCluster": .envoy.api.v2.route.RateLimit.Action.SourceCluster
"destinationCluster": .envoy.api.v2.route.RateLimit.Action.DestinationCluster
"requestHeaders": .envoy.api.v2.route.RateLimit.Action.RequestHeaders
"remoteAddress": .envoy.api.v2.route.RateLimit.Action.RemoteAddress
"genericKey": .envoy.api.v2.route.RateLimit.Action.GenericKey
"headerValueMatch": .envoy.api.v2.route.RateLimit.Action.HeaderValueMatch
Field Type Description Default
sourceCluster .envoy.api.v2.route.RateLimit.Action.SourceCluster Rate limit on source cluster. Only one of sourceCluster, destinationCluster, requestHeaders, remoteAddress, or headerValueMatch can be set.
destinationCluster .envoy.api.v2.route.RateLimit.Action.DestinationCluster Rate limit on destination cluster. Only one of destinationCluster, sourceCluster, requestHeaders, remoteAddress, or headerValueMatch can be set.
requestHeaders .envoy.api.v2.route.RateLimit.Action.RequestHeaders Rate limit on request headers. Only one of requestHeaders, sourceCluster, destinationCluster, remoteAddress, or headerValueMatch can be set.
remoteAddress .envoy.api.v2.route.RateLimit.Action.RemoteAddress Rate limit on remote address. Only one of remoteAddress, sourceCluster, destinationCluster, requestHeaders, or headerValueMatch can be set.
genericKey .envoy.api.v2.route.RateLimit.Action.GenericKey Rate limit on a generic key. Only one of genericKey, sourceCluster, destinationCluster, requestHeaders, or headerValueMatch can be set.
headerValueMatch .envoy.api.v2.route.RateLimit.Action.HeaderValueMatch Rate limit on the existence of request headers. Only one of headerValueMatch, sourceCluster, destinationCluster, requestHeaders, or genericKey can be set.

SourceCluster

The following descriptor entry is appended to the descriptor:

.. code-block:: cpp

(“source_cluster”, “”)

is derived from the :option:--service-cluster option.

Field Type Description Default

DestinationCluster

The following descriptor entry is appended to the descriptor:

.. code-block:: cpp

(“destination_cluster”, “”)

Once a request matches against a route table rule, a routed cluster is determined by one of the following :ref:route table configuration <envoy_api_msg_RouteConfiguration> settings:

Field Type Description Default

RequestHeaders

The following descriptor entry is appended when a header contains a key that matches the header_name:

.. code-block:: cpp

(””, “”)

"headerName": string
"descriptorKey": string
Field Type Description Default
headerName string The header name to be queried from the request headers. The header’s value is used to populate the value of the descriptor entry for the descriptor_key.
descriptorKey string The key to use in the descriptor entry.

RemoteAddress

The following descriptor entry is appended to the descriptor and is populated using the trusted address from :ref:x-forwarded-for <config_http_conn_man_headers_x-forwarded-for>:

.. code-block:: cpp

(“remote_address”, “”)

Field Type Description Default

GenericKey

The following descriptor entry is appended to the descriptor:

.. code-block:: cpp

(“generic_key”, “”)

"descriptorValue": string
Field Type Description Default
descriptorValue string The value to use in the descriptor entry.

HeaderValueMatch

The following descriptor entry is appended to the descriptor:

.. code-block:: cpp

(“header_match”, “”)

"descriptorValue": string
"expectMatch": .google.protobuf.BoolValue
"headers": []envoy.api.v2.route.HeaderMatcher
Field Type Description Default
descriptorValue string The value to use in the descriptor entry.
expectMatch .google.protobuf.BoolValue If set to true, the action will append a descriptor entry when the request matches the headers. If set to false, the action will append a descriptor entry when the request does not match the headers. The default value is true.
headers []envoy.api.v2.route.HeaderMatcher Specifies a set of headers that the rate limit action should match on. The action will check the request’s headers against all the specified headers in the config. A match will happen if all the headers in the config are present in the request with the same values (or based on presence if the value field is not in the config).

HeaderMatcher

.. attention::

Internally, Envoy always uses the HTTP/2 :authority header to represent the HTTP/1 Host header. Thus, if attempting to match on Host, match on :authority instead.

.. attention::

To route on HTTP method, use the special HTTP/2 :method header. This works for both HTTP/1 and HTTP/2 as Envoy normalizes headers. E.g.,

.. code-block:: json

{
  "name": ":method",
  "exact_match": "POST"
}

.. attention:: In the absence of any header match specifier, match will default to :ref:present_match <envoy_api_field_route.HeaderMatcher.present_match>. i.e, a request that has the :ref:name <envoy_api_field_route.HeaderMatcher.name> header will match, regardless of the header’s value.

"name": string
"exactMatch": string
"regexMatch": string
"rangeMatch": .envoy.type.Int64Range
"presentMatch": bool
"prefixMatch": string
"suffixMatch": string
"invertMatch": bool
Field Type Description Default
name string Specifies the name of the header in the request.
exactMatch string If specified, header match will be performed based on the value of the header. Only one of exactMatch, regexMatch, rangeMatch, presentMatch, or suffixMatch can be set.
regexMatch string If specified, this regex string is a regular expression rule which implies the entire request header value must match the regex. The rule will not match if only a subsequence of the request header value matches the regex. The regex grammar used in the value field is defined here <https://en.cppreference.com/w/cpp/regex/ecmascript>_. Examples: * The regex \d{3} matches the value 123 * The regex \d{3} does not match the value 1234 * The regex \d{3} does not match the value 123.456. Only one of regexMatch, exactMatch, rangeMatch, presentMatch, or suffixMatch can be set.
rangeMatch .envoy.type.Int64Range If specified, header match will be performed based on range. The rule will match if the request header value is within this range. The entire request header value must represent an integer in base 10 notation: consisting of an optional plus or minus sign followed by a sequence of digits. The rule will not match if the header value does not represent an integer. Match will fail for empty values, floating point numbers or if only a subsequence of the header value is an integer. Examples: * For range [-10,0), route will match for header value -1, but not for 0, “somestring”, 10.9, “-1somestring”. Only one of rangeMatch, exactMatch, regexMatch, presentMatch, or suffixMatch can be set.
presentMatch bool If specified, header match will be performed based on whether the header is in the request. Only one of presentMatch, exactMatch, regexMatch, rangeMatch, or suffixMatch can be set.
prefixMatch string If specified, header match will be performed based on the prefix of the header value. Note: empty prefix is not allowed, please use present_match instead. Examples: * The prefix abcd matches the value abcdxyz, but not for abcxyz. Only one of prefixMatch, exactMatch, regexMatch, rangeMatch, or suffixMatch can be set.
suffixMatch string If specified, header match will be performed based on the suffix of the header value. Note: empty suffix is not allowed, please use present_match instead. Examples: * The suffix abcd matches the value xyzabcd, but not for xyzbcd. Only one of suffixMatch, exactMatch, regexMatch, rangeMatch, or prefixMatch can be set.
invertMatch bool If specified, the match result will be inverted before checking. Defaults to false. Examples: * The regex \d{3} does not match the value 1234, so it will match when inverted. * The range [-10,0) will match the value -1, so it will not match when inverted.

QueryParameterMatcher

Query parameter matching treats the query string of a request’s :path header as an ampersand-separated list of keys and/or key=value elements.

"name": string
"value": string
"regex": .google.protobuf.BoolValue
Field Type Description Default
name string Specifies the name of a key that must be present in the requested path’s query string.
value string Specifies the value of the key. If the value is absent, a request that contains the key in its query string will match, whether the key appears with a value (e.g., “?debug=true”) or not (e.g., “?debug”).
regex .google.protobuf.BoolValue Specifies whether the query parameter value is a regular expression. Defaults to false. The entire query parameter value (i.e., the part to the right of the equals sign in “key=value”) must match the regex. E.g., the regex “\d+$” will match “123” but not “a123” or “123a”.