diff --git a/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto b/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto index c78e69b2ae30..34b3dd32fcbf 100644 --- a/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto +++ b/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto @@ -483,16 +483,32 @@ message HttpConnectionManager { // Should paths be normalized according to RFC 3986 before any processing of // requests by HTTP filters or routing? This affects the upstream *:path* header // as well. For paths that fail this check, Envoy will respond with 400 to - // paths that are malformed. This defaults to false currently but will default - // true in the future. When not specified, this value may be overridden by the - // runtime variable + // paths that are malformed. This defaults to true. + // This by default affects the upstream *:path* header as well. + // When not specified, this value may be overridden by the runtime variable // :ref:`http_connection_manager.normalize_path`. + // The upstream path normalization can be specified independently, see + // :ref:`normalize_path_for_upstream `. // See `Normalization and Comparison ` // for details of normalization. // Note that Envoy does not perform // `case normalization ` google.protobuf.BoolValue normalize_path = 30; + // Should paths to upstream be normalized according to RFC 3986 after any processing of + // requests by HTTP filters or routing? This affects the upstream *:path* header + // For paths that fail this check, Envoy will respond with 400 to + // paths that are malformed. This defaults to the value of + // :ref:`normalize_path + // `. + // When not specified, this value may be overridden by the runtime variable + // :ref:`http_connection_manager.normalize_path_for_upstream`. + // See `Normalization and Comparison ` + // for details of normalization. + // Note that Envoy does not perform + // `case normalization ` + google.protobuf.BoolValue normalize_path_for_upstream = 39; + // Determines if adjacent slashes in the path are merged into one before any processing of // requests by HTTP filters or routing. This affects the upstream *:path* header as well. Without // setting this option, incoming requests with path `//dir///file` will not match against route diff --git a/api/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/api/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto index 4dd60a012a80..eb3b7d54537e 100644 --- a/api/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto +++ b/api/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto @@ -478,16 +478,33 @@ message HttpConnectionManager { // Should paths be normalized according to RFC 3986 before any processing of // requests by HTTP filters or routing? This affects the upstream *:path* header // as well. For paths that fail this check, Envoy will respond with 400 to - // paths that are malformed. This defaults to false currently but will default - // true in the future. When not specified, this value may be overridden by the - // runtime variable + // paths that are malformed. This defaults to true. + // This by default affects the upstream *:path* header as well. + // When not specified, this value may be overridden by the runtime variable // :ref:`http_connection_manager.normalize_path`. + // The upstream path normalization can be specified independently, see + // :ref:`normalize_path_for_upstream + // `. // See `Normalization and Comparison ` // for details of normalization. // Note that Envoy does not perform // `case normalization ` google.protobuf.BoolValue normalize_path = 30; + // Should paths to upstream be normalized according to RFC 3986 after any processing of + // requests by HTTP filters or routing? This affects the upstream *:path* header + // For paths that fail this check, Envoy will respond with 400 to + // paths that are malformed. This defaults to the value of + // :ref:`normalize_path + // `. + // When not specified, this value may be overridden by the runtime variable + // :ref:`http_connection_manager.normalize_path_for_upstream`. + // See `Normalization and Comparison ` + // for details of normalization. + // Note that Envoy does not perform + // `case normalization ` + google.protobuf.BoolValue normalize_path_for_upstream = 39; + // Determines if adjacent slashes in the path are merged into one before any processing of // requests by HTTP filters or routing. This affects the upstream *:path* header as well. Without // setting this option, incoming requests with path `//dir///file` will not match against route diff --git a/api/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto b/api/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto index 03a15d832732..4cefa56f05cf 100644 --- a/api/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto +++ b/api/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto @@ -478,16 +478,33 @@ message HttpConnectionManager { // Should paths be normalized according to RFC 3986 before any processing of // requests by HTTP filters or routing? This affects the upstream *:path* header // as well. For paths that fail this check, Envoy will respond with 400 to - // paths that are malformed. This defaults to false currently but will default - // true in the future. When not specified, this value may be overridden by the - // runtime variable + // paths that are malformed. This defaults to true. + // This by default affects the upstream *:path* header as well. + // When not specified, this value may be overridden by the runtime variable // :ref:`http_connection_manager.normalize_path`. + // The upstream path normalization can be specified independently, see + // :ref:`normalize_path_for_upstream + // `. // See `Normalization and Comparison ` // for details of normalization. // Note that Envoy does not perform // `case normalization ` google.protobuf.BoolValue normalize_path = 30; + // Should paths to upstream be normalized according to RFC 3986 after any processing of + // requests by HTTP filters or routing? This affects the upstream *:path* header + // For paths that fail this check, Envoy will respond with 400 to + // paths that are malformed. This defaults to the value of + // :ref:`normalize_path + // `. + // When not specified, this value may be overridden by the runtime variable + // :ref:`http_connection_manager.normalize_path_for_upstream`. + // See `Normalization and Comparison ` + // for details of normalization. + // Note that Envoy does not perform + // `case normalization ` + google.protobuf.BoolValue normalize_path_for_upstream = 39; + // Determines if adjacent slashes in the path are merged into one before any processing of // requests by HTTP filters or routing. This affects the upstream *:path* header as well. Without // setting this option, incoming requests with path `//dir///file` will not match against route diff --git a/docs/root/configuration/http/http_conn_man/runtime.rst b/docs/root/configuration/http/http_conn_man/runtime.rst index 2c104c806508..06e14f6691c1 100644 --- a/docs/root/configuration/http/http_conn_man/runtime.rst +++ b/docs/root/configuration/http/http_conn_man/runtime.rst @@ -8,8 +8,38 @@ The HTTP connection manager supports the following runtime settings: .. _config_http_conn_man_runtime_normalize_path: http_connection_manager.normalize_path - % of requests that will have path normalization applied if not already configured in + Requests will have normalization applied if not already configured in :ref:`normalize_path `. + + This setting can have the following values: + + +--------------+---------------------------+ + | Value | Expectation | + +==============+===========================+ + | 0, false | normalization not enabled | + +--------------+---------------------------+ + | 100, true | normalization enabled | + +--------------+---------------------------+ + + This is evaluated at configuration load time and will apply to all requests for a given + configuration. + +.. _config_http_conn_man_runtime_normalize_path_for_upstream: + +http_connection_manager.normalize_path_for_upstream + Requests to upstream will have normalization applied if not already configured in + :ref:`normalize_path `. + + This setting can have the following values: + + +--------------+------------------------------------+ + | Value | Expectation | + +==============+====================================+ + | 0, false | upstream normalization not enabled | + +--------------+------------------------------------+ + | 100, true | upstream normalization enabled | + +--------------+------------------------------------+ + This is evaluated at configuration load time and will apply to all requests for a given configuration. diff --git a/include/envoy/http/header_map.h b/include/envoy/http/header_map.h index 72257770d09e..960d6f8684dc 100644 --- a/include/envoy/http/header_map.h +++ b/include/envoy/http/header_map.h @@ -310,6 +310,7 @@ class HeaderEntry { HEADER_FUNC(OtSpanContext) \ HEADER_FUNC(Origin) \ HEADER_FUNC(Path) \ + HEADER_FUNC(OriginalPathForUpstream) \ HEADER_FUNC(Protocol) \ HEADER_FUNC(Referer) \ HEADER_FUNC(Scheme) \ diff --git a/source/common/http/headers.h b/source/common/http/headers.h index 10b87e3da092..e43383afd509 100644 --- a/source/common/http/headers.h +++ b/source/common/http/headers.h @@ -136,6 +136,7 @@ class HeaderValues { const LowerCaseString Origin{"origin"}; const LowerCaseString OtSpanContext{"x-ot-span-context"}; const LowerCaseString Path{":path"}; + const LowerCaseString OriginalPathForUpstream{absl::StrCat(prefix(), "-original_path_for_upstream")}; const LowerCaseString Protocol{":protocol"}; const LowerCaseString ProxyConnection{"proxy-connection"}; const LowerCaseString Referer{"referer"};