RequestHeaderModifier doesn't supports "Host" header

envoyproxy / gateway

Manages Envoy Proxy as a Standalone or Kubernetes-based Application Gateway

https://gateway.envoyproxy.io

Apache License 2.0

1.63k stars 352 forks source link

RequestHeaderModifier doesn't supports "Host" header #4325

Closed vverma01232 closed 1 month ago

vverma01232 commented 1 month ago

apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: example namespace: vaibhav spec: hostnames:

example.test.com parentRefs:
kind: Gateway namespace: envoy-gateway-system name: web-gateway rules:
backendRefs:
- kind: Service name: example-svc namespace: vaibhav port: 80 weight: 1 filters:
  - type: RequestHeaderModifier requestHeaderModifier: set:
    - name: Host value: test.vaibhav.example.com matches:
- path: type: PathPrefix value: / timeouts: request: 600s backendRequest: 600s
This is the HTTProute i am using and the service which i am referring needs this Header Host " test.vaibhav.example.com" in order to communicate the deployed app. But its not able to add this header and my svc sends 404, as the host didn't match up with any deployed app. I need to apply the HTTProute like this only.

Note: I tried directly by creating a ClusterIP svc and used it a reference the httproute, it works fine.

arkodg commented 1 month ago

@vverma01232 the Host header can be modified using https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1.HTTPURLRewriteFilter

closing this issue for now, please let us know if you hit any issues

vverma01232 commented 1 month ago

Thanks its working!

vverma01232 commented 1 month ago

Also i wanted to know i am using the External Auth with Security Policy, so is there any way to pass the custom header in the Security policy backend red service, because right now its just forwarding the Authorization header, and also how can i send the body to the Security Policy backend ref service?

arkodg commented 1 month ago

you can use headersToExtAuth to add headers that are part of the request https://gateway.envoyproxy.io/docs/api/extension_types/#extauth https://gateway.envoyproxy.io/docs/tasks/security/ext-auth/

to add headers that are not, you can use the earlyRequestHeaders feature https://gateway.envoyproxy.io/latest/tasks/traffic/http-request-headers/#early-header-modification https://github.com/envoyproxy/gateway/issues/4267#issuecomment-2373467387 this is only available in v0.0.0-latest

vverma01232 commented 1 month ago

What about the payload or my reqbody is there a way to send that as well?

arkodg commented 1 month ago

you can using ext proc https://gateway.envoyproxy.io/docs/tasks/extensibility/ext-proc/

vverma01232 commented 1 month ago

So there is not a way to send the req payload to the External Auth Security Policy right? Note : I only have to use the External Auth

arkodg commented 1 month ago

there isnt, the API doesnt allow for it for ext authz