Package io.envoyproxy.envoy.extensions.http.header_validators.envoy_default.v3

Enum HeaderValidatorConfig.UriPathNormalizationOptions.PathWithEscapedSlashesAction

java.lang.Object
java.lang.Enum<HeaderValidatorConfig.UriPathNormalizationOptions.PathWithEscapedSlashesAction>
io.envoyproxy.envoy.extensions.http.header_validators.envoy_default.v3.HeaderValidatorConfig.UriPathNormalizationOptions.PathWithEscapedSlashesAction
All Implemented Interfaces:
com.google.protobuf.Internal.EnumLite, com.google.protobuf.ProtocolMessageEnum, Serializable, Comparable<HeaderValidatorConfig.UriPathNormalizationOptions.PathWithEscapedSlashesAction>, java.lang.constant.Constable
Enclosing class:
HeaderValidatorConfig.UriPathNormalizationOptions
public static enum HeaderValidatorConfig.UriPathNormalizationOptions.PathWithEscapedSlashesAction extends Enum<HeaderValidatorConfig.UriPathNormalizationOptions.PathWithEscapedSlashesAction> implements com.google.protobuf.ProtocolMessageEnum
 Determines the action for requests that contain ``%2F``, ``%2f``, ``%5C`` or ``%5c`` sequences in the URI path.
 This operation occurs before URL normalization and the merge slashes transformations if they were enabled.

 Escaped slash sequences in URLs can be used for path confusion attacks, so proper handling
 is important for security.
Protobuf enum envoy.extensions.http.header_validators.envoy_default.v3.HeaderValidatorConfig.UriPathNormalizationOptions.PathWithEscapedSlashesAction

  • Enum Constant Details

    • IMPLEMENTATION_SPECIFIC_DEFAULT

      public static final HeaderValidatorConfig.UriPathNormalizationOptions.PathWithEscapedSlashesAction IMPLEMENTATION_SPECIFIC_DEFAULT
       Default behavior specific to implementation (i.e. Envoy) of this configuration option.
 Envoy, by default, takes the ``KEEP_UNCHANGED`` action.

 .. note::

   The implementation may change the default behavior at-will.
      IMPLEMENTATION_SPECIFIC_DEFAULT = 0;

    • KEEP_UNCHANGED

      public static final HeaderValidatorConfig.UriPathNormalizationOptions.PathWithEscapedSlashesAction KEEP_UNCHANGED
       Keep escaped slashes unchanged in the URI path.
 This preserves the original request path without any modifications to escaped sequences.
      KEEP_UNCHANGED = 1;

    • REJECT_REQUEST

      public static final HeaderValidatorConfig.UriPathNormalizationOptions.PathWithEscapedSlashesAction REJECT_REQUEST
       Reject client request with the 400 status. gRPC requests will be rejected with the ``INTERNAL`` (13) error code.
 The :ref:`httpN.downstream_rq_failed_path_normalization <config_http_conn_man_stats_per_codec>` counter is incremented for each rejected request.

 This is the safest option when security is a primary concern, as it prevents any potential
 path confusion attacks by rejecting requests with escaped slashes entirely.
      REJECT_REQUEST = 2;

    • UNESCAPE_AND_REDIRECT

      public static final HeaderValidatorConfig.UriPathNormalizationOptions.PathWithEscapedSlashesAction UNESCAPE_AND_REDIRECT
       Unescape ``%2F`` and ``%5C`` sequences and redirect the request to the new path if these sequences were present.
 The redirect occurs after path normalization and merge slashes transformations if they were configured.

 .. note::

   gRPC requests will be rejected with the ``INTERNAL`` (13) error code.
   This option minimizes possibility of path confusion exploits by forcing request with unescaped slashes to
   traverse all parties: downstream client, intermediate proxies, Envoy and upstream server.

 The :ref:`httpN.downstream_rq_redirected_with_normalized_path <config_http_conn_man_stats_per_codec>` counter is incremented for each
 redirected request.
      UNESCAPE_AND_REDIRECT = 3;

    • UNESCAPE_AND_FORWARD

      public static final HeaderValidatorConfig.UriPathNormalizationOptions.PathWithEscapedSlashesAction UNESCAPE_AND_FORWARD
       Unescape ``%2F`` and ``%5C`` sequences.

 .. attention::

   This option should not be enabled if intermediaries perform path based access control as
   it may lead to path confusion vulnerabilities.
      UNESCAPE_AND_FORWARD = 4;

    • UNRECOGNIZED

      public static final HeaderValidatorConfig.UriPathNormalizationOptions.PathWithEscapedSlashesAction UNRECOGNIZED

  • Field Details

    • IMPLEMENTATION_SPECIFIC_DEFAULT_VALUE

      public static final int IMPLEMENTATION_SPECIFIC_DEFAULT_VALUE
       Default behavior specific to implementation (i.e. Envoy) of this configuration option.
 Envoy, by default, takes the ``KEEP_UNCHANGED`` action.

 .. note::

   The implementation may change the default behavior at-will.
      IMPLEMENTATION_SPECIFIC_DEFAULT = 0;
      See Also:

    • KEEP_UNCHANGED_VALUE

      public static final int KEEP_UNCHANGED_VALUE
       Keep escaped slashes unchanged in the URI path.
 This preserves the original request path without any modifications to escaped sequences.
      KEEP_UNCHANGED = 1;
      See Also:

    • REJECT_REQUEST_VALUE

      public static final int REJECT_REQUEST_VALUE
       Reject client request with the 400 status. gRPC requests will be rejected with the ``INTERNAL`` (13) error code.
 The :ref:`httpN.downstream_rq_failed_path_normalization <config_http_conn_man_stats_per_codec>` counter is incremented for each rejected request.

 This is the safest option when security is a primary concern, as it prevents any potential
 path confusion attacks by rejecting requests with escaped slashes entirely.
      REJECT_REQUEST = 2;
      See Also:

    • UNESCAPE_AND_REDIRECT_VALUE

      public static final int UNESCAPE_AND_REDIRECT_VALUE
       Unescape ``%2F`` and ``%5C`` sequences and redirect the request to the new path if these sequences were present.
 The redirect occurs after path normalization and merge slashes transformations if they were configured.

 .. note::

   gRPC requests will be rejected with the ``INTERNAL`` (13) error code.
   This option minimizes possibility of path confusion exploits by forcing request with unescaped slashes to
   traverse all parties: downstream client, intermediate proxies, Envoy and upstream server.

 The :ref:`httpN.downstream_rq_redirected_with_normalized_path <config_http_conn_man_stats_per_codec>` counter is incremented for each
 redirected request.
      UNESCAPE_AND_REDIRECT = 3;
      See Also:

    • UNESCAPE_AND_FORWARD_VALUE

      public static final int UNESCAPE_AND_FORWARD_VALUE
       Unescape ``%2F`` and ``%5C`` sequences.

 .. attention::

   This option should not be enabled if intermediaries perform path based access control as
   it may lead to path confusion vulnerabilities.
      UNESCAPE_AND_FORWARD = 4;
      See Also:

  • Method Details

    • values

      public static HeaderValidatorConfig.UriPathNormalizationOptions.PathWithEscapedSlashesAction[] values()
      Returns an array containing the constants of this enum type, in the order they are declared.
      Returns:
      an array containing the constants of this enum type, in the order they are declared

    • valueOf

      public static HeaderValidatorConfig.UriPathNormalizationOptions.PathWithEscapedSlashesAction valueOf(String name)
      Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
      Parameters:
      name - the name of the enum constant to be returned.
      Returns:
      the enum constant with the specified name
      Throws:
      IllegalArgumentException - if this enum type has no constant with the specified name
      NullPointerException - if the argument is null

    • getNumber

      public final int getNumber()
      Specified by:
      getNumber in interface com.google.protobuf.Internal.EnumLite
      Specified by:
      getNumber in interface com.google.protobuf.ProtocolMessageEnum

    • valueOf

      @Deprecated public static HeaderValidatorConfig.UriPathNormalizationOptions.PathWithEscapedSlashesAction valueOf(int value)
      Deprecated.
      Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
      Parameters:
      value - the name of the enum constant to be returned.
      Returns:
      the enum constant with the specified name
      Throws:
      IllegalArgumentException - if this enum type has no constant with the specified name
      NullPointerException - if the argument is null

    • forNumber

      public static HeaderValidatorConfig.UriPathNormalizationOptions.PathWithEscapedSlashesAction forNumber(int value)
      Parameters:
      value - The numeric wire value of the corresponding enum entry.
      Returns:
      The enum associated with the given numeric wire value.

    • internalGetValueMap

      public static com.google.protobuf.Internal.EnumLiteMap<HeaderValidatorConfig.UriPathNormalizationOptions.PathWithEscapedSlashesAction> internalGetValueMap()

    • getValueDescriptor

      public final com.google.protobuf.Descriptors.EnumValueDescriptor getValueDescriptor()
      Specified by:
      getValueDescriptor in interface com.google.protobuf.ProtocolMessageEnum

    • getDescriptorForType

      public final com.google.protobuf.Descriptors.EnumDescriptor getDescriptorForType()
      Specified by:
      getDescriptorForType in interface com.google.protobuf.ProtocolMessageEnum

    • getDescriptor

      public static final com.google.protobuf.Descriptors.EnumDescriptor getDescriptor()

    • valueOf

      public static HeaderValidatorConfig.UriPathNormalizationOptions.PathWithEscapedSlashesAction valueOf(com.google.protobuf.Descriptors.EnumValueDescriptor desc)
      Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
      Parameters:
      desc - the name of the enum constant to be returned.
      Returns:
      the enum constant with the specified name
      Throws:
      IllegalArgumentException - if this enum type has no constant with the specified name
      NullPointerException - if the argument is null