Skip to content

Commit

Permalink
http: removing the default trusted address list
Browse files Browse the repository at this point in the history
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
  • Loading branch information
alyssawilk committed Oct 24, 2024
1 parent 356ab33 commit 6b71146
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 8 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -691,7 +691,7 @@ message HttpConnectionManager {
// information about internal/external addresses.
//
// .. warning::
// In the next release, no IP addresses will be considered trusted. If you have tooling such as probes
// As of Envoy 1.33.0 no IP addresses will be considered trusted. If you have tooling such as probes
// on your private network which need to be treated as trusted (e.g. changing arbitrary x-envoy headers)
// you will have to manually include those addresses or CIDR ranges like:
//
Expand Down
9 changes: 9 additions & 0 deletions changelogs/current.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,15 @@ behavior_changes:
- area: wasm
change: |
Remove previously deprecated xDS attributes from ``get_property``, use ``xds`` attributes instead.
- area: http
change: |
RFC1918 addresses are no longer considered to be internal addresses by default. This addresses a security
issue for Envoy's in multi-tenant mesh environments. Please explicit set
:ref:`internal_address_config
<envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.internal_address_config>`
to retain the prior behavior.
This change can be temporarily reverted by setting runtime guard
``envoy.reloadable_features.explicit_internal_address_config`` to ``false``.
minor_behavior_changes:
# *Changes that may cause incompatibilities for some users, but should not for most*
Expand Down
3 changes: 1 addition & 2 deletions source/common/runtime/runtime_features.cc
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ RUNTIME_GUARD(envoy_reloadable_features_edf_lb_locality_scheduler_init_fix);
RUNTIME_GUARD(envoy_reloadable_features_enable_compression_bomb_protection);
RUNTIME_GUARD(envoy_reloadable_features_enable_include_histograms);
RUNTIME_GUARD(envoy_reloadable_features_exclude_host_in_eds_status_draining);
RUNTIME_GUARD(envoy_reloadable_features_explicit_internal_address_config);
RUNTIME_GUARD(envoy_reloadable_features_ext_proc_timeout_error);
RUNTIME_GUARD(envoy_reloadable_features_extend_h3_accept_untrusted);
RUNTIME_GUARD(envoy_reloadable_features_filter_access_loggers_first);
Expand Down Expand Up @@ -146,8 +147,6 @@ FALSE_RUNTIME_GUARD(envoy_restart_features_xds_failover_support);
FALSE_RUNTIME_GUARD(envoy_reloadable_features_dns_cache_set_ip_version_to_remove);
// TODO(alyssawilk): evaluate and make this a config knob or remove.
FALSE_RUNTIME_GUARD(envoy_reloadable_features_reset_brokenness_on_nework_change);
// TODO(botengyao): this will be default true in the next release after this warning release.
FALSE_RUNTIME_GUARD(envoy_reloadable_features_explicit_internal_address_config);
// Adding runtime flag to use balsa_parser for http_inspector.
FALSE_RUNTIME_GUARD(envoy_reloadable_features_http_inspector_use_balsa_parser);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -708,10 +708,7 @@ TEST_F(HttpConnectionManagerConfigTest, UnixSocketInternalAddress) {
EXPECT_FALSE(config.internalAddressConfig().isInternalAddress(externalIpAddress));
}

TEST_F(HttpConnectionManagerConfigTest, FutureDefaultInternalAddress) {
TestScopedRuntime scoped_runtime;
scoped_runtime.mergeValues(
{{"envoy.reloadable_features.explicit_internal_address_config", "true"}});
TEST_F(HttpConnectionManagerConfigTest, DefaultInternalAddress) {
const std::string yaml_string = R"EOF(
stat_prefix: ingress_http
route_config:
Expand All @@ -730,7 +727,10 @@ TEST_F(HttpConnectionManagerConfigTest, FutureDefaultInternalAddress) {
EXPECT_FALSE(config.internalAddressConfig().isInternalAddress(default_ip_address));
}

TEST_F(HttpConnectionManagerConfigTest, DefaultInternalAddress) {
TEST_F(HttpConnectionManagerConfigTest, LegacyDefaultInternalAddress) {
TestScopedRuntime scoped_runtime;
scoped_runtime.mergeValues(
{{"envoy.reloadable_features.explicit_internal_address_config", "false"}});
const std::string yaml_string = R"EOF(
stat_prefix: ingress_http
route_config:
Expand Down

0 comments on commit 6b71146

Please sign in to comment.