Package io.envoyproxy.envoy.extensions.http.original_ip_detection.xff.v3

Class XffConfig.Builder

java.lang.Object

com.google.protobuf.AbstractMessageLite.Builder

com.google.protobuf.AbstractMessage.Builder<BuilderT>

com.google.protobuf.GeneratedMessageV3.Builder<XffConfig.Builder>

io.envoyproxy.envoy.extensions.http.original_ip_detection.xff.v3.XffConfig.Builder

All Implemented Interfaces:

com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, XffConfigOrBuilder, Cloneable

Enclosing class:

XffConfig

public static final class XffConfig.Builder
extends com.google.protobuf.GeneratedMessageV3.Builder<XffConfig.Builder>
implements XffConfigOrBuilder

 This extension allows for the original downstream remote IP to be detected
 by reading the :ref:`config_http_conn_man_headers_x-forwarded-for` header.

 [#extension: envoy.http.original_ip_detection.xff]
 

Protobuf type envoy.extensions.http.original_ip_detection.xff.v3.XffConfig

Method Summary

Modifier and Type	Method	Description
XffConfig.Builder	addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
XffConfig	build()
XffConfig	buildPartial()
XffConfig.Builder	clear()
XffConfig.Builder	clearField(com.google.protobuf.Descriptors.FieldDescriptor field)
XffConfig.Builder	clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)
XffConfig.Builder	clearSkipXffAppend()	If set, Envoy will not append the remote address to the :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header. .. attention:: For proper proxy behaviour it is not recommended to set this option.
XffConfig.Builder	clearXffNumTrustedHops()	The number of additional ingress proxy hops from the right side of the :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header to trust when determining the origin client's IP address.
XffConfig.Builder	clearXffTrustedCidrs()	The `CIDR <https://tools.ietf.org/html/rfc4632>`_ ranges to trust when evaluating the remote IP address to determine the original client's IP address.
XffConfig.Builder	clone()
XffConfig	getDefaultInstanceForType()
static final com.google.protobuf.Descriptors.Descriptor	getDescriptor()
com.google.protobuf.Descriptors.Descriptor	getDescriptorForType()
com.google.protobuf.BoolValue	getSkipXffAppend()	If set, Envoy will not append the remote address to the :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header. .. attention:: For proper proxy behaviour it is not recommended to set this option.
com.google.protobuf.BoolValue.Builder	getSkipXffAppendBuilder()	If set, Envoy will not append the remote address to the :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header. .. attention:: For proper proxy behaviour it is not recommended to set this option.
com.google.protobuf.BoolValueOrBuilder	getSkipXffAppendOrBuilder()	If set, Envoy will not append the remote address to the :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header. .. attention:: For proper proxy behaviour it is not recommended to set this option.
int	getXffNumTrustedHops()	The number of additional ingress proxy hops from the right side of the :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header to trust when determining the origin client's IP address.
XffTrustedCidrs	getXffTrustedCidrs()	The `CIDR <https://tools.ietf.org/html/rfc4632>`_ ranges to trust when evaluating the remote IP address to determine the original client's IP address.
XffTrustedCidrs.Builder	getXffTrustedCidrsBuilder()	The `CIDR <https://tools.ietf.org/html/rfc4632>`_ ranges to trust when evaluating the remote IP address to determine the original client's IP address.
XffTrustedCidrsOrBuilder	getXffTrustedCidrsOrBuilder()	The `CIDR <https://tools.ietf.org/html/rfc4632>`_ ranges to trust when evaluating the remote IP address to determine the original client's IP address.
boolean	hasSkipXffAppend()	If set, Envoy will not append the remote address to the :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header. .. attention:: For proper proxy behaviour it is not recommended to set this option.
boolean	hasXffTrustedCidrs()	The `CIDR <https://tools.ietf.org/html/rfc4632>`_ ranges to trust when evaluating the remote IP address to determine the original client's IP address.
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable	internalGetFieldAccessorTable()
final boolean	isInitialized()
XffConfig.Builder	mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
XffConfig.Builder	mergeFrom(com.google.protobuf.Message other)
XffConfig.Builder	mergeFrom(XffConfig other)
XffConfig.Builder	mergeSkipXffAppend(com.google.protobuf.BoolValue value)	If set, Envoy will not append the remote address to the :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header. .. attention:: For proper proxy behaviour it is not recommended to set this option.
final XffConfig.Builder	mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
XffConfig.Builder	mergeXffTrustedCidrs(XffTrustedCidrs value)	The `CIDR <https://tools.ietf.org/html/rfc4632>`_ ranges to trust when evaluating the remote IP address to determine the original client's IP address.
XffConfig.Builder	setField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
XffConfig.Builder	setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, int index, Object value)
XffConfig.Builder	setSkipXffAppend(com.google.protobuf.BoolValue value)	If set, Envoy will not append the remote address to the :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header. .. attention:: For proper proxy behaviour it is not recommended to set this option.
XffConfig.Builder	setSkipXffAppend(com.google.protobuf.BoolValue.Builder builderForValue)	If set, Envoy will not append the remote address to the :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header. .. attention:: For proper proxy behaviour it is not recommended to set this option.
final XffConfig.Builder	setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
XffConfig.Builder	setXffNumTrustedHops(int value)	The number of additional ingress proxy hops from the right side of the :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header to trust when determining the origin client's IP address.
XffConfig.Builder	setXffTrustedCidrs(XffTrustedCidrs value)	The `CIDR <https://tools.ietf.org/html/rfc4632>`_ ranges to trust when evaluating the remote IP address to determine the original client's IP address.
XffConfig.Builder	setXffTrustedCidrs(XffTrustedCidrs.Builder builderForValue)	The `CIDR <https://tools.ietf.org/html/rfc4632>`_ ranges to trust when evaluating the remote IP address to determine the original client's IP address.

Methods inherited from class com.google.protobuf.GeneratedMessageV3.Builder

getAllFields, getField, getFieldBuilder, getOneofFieldDescriptor, getParentForChildren, getRepeatedField, getRepeatedFieldBuilder, getRepeatedFieldCount, getUnknownFields, getUnknownFieldSetBuilder, hasField, hasOneof, internalGetMapField, internalGetMapFieldReflection, internalGetMutableMapField, internalGetMutableMapFieldReflection, isClean, markClean, mergeUnknownLengthDelimitedField, mergeUnknownVarintField, newBuilderForField, onBuilt, onChanged, parseUnknownField, setUnknownFieldSetBuilder, setUnknownFieldsProto3

Methods inherited from class com.google.protobuf.AbstractMessage.Builder

findInitializationErrors, getInitializationErrorString, internalMergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, newUninitializedMessageException, toString

Methods inherited from class com.google.protobuf.AbstractMessageLite.Builder

addAll, addAll, mergeDelimitedFrom, mergeDelimitedFrom, mergeFrom, newUninitializedMessageException

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface com.google.protobuf.Message.Builder

mergeDelimitedFrom, mergeDelimitedFrom

Methods inherited from interface com.google.protobuf.MessageLite.Builder

mergeFrom

Methods inherited from interface com.google.protobuf.MessageOrBuilder

findInitializationErrors, getAllFields, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

Method Details

getDescriptor

public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

internalGetFieldAccessorTable

protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()

Specified by:

internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3.Builder<XffConfig.Builder>

clear

public XffConfig.Builder clear()

Specified by:

clear in interface com.google.protobuf.Message.Builder

Specified by:

clear in interface com.google.protobuf.MessageLite.Builder

Overrides:

clear in class com.google.protobuf.GeneratedMessageV3.Builder<XffConfig.Builder>

getDescriptorForType

public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()

Specified by:

getDescriptorForType in interface com.google.protobuf.Message.Builder

Specified by:

getDescriptorForType in interface com.google.protobuf.MessageOrBuilder

Overrides:

getDescriptorForType in class com.google.protobuf.GeneratedMessageV3.Builder<XffConfig.Builder>

getDefaultInstanceForType

public XffConfig getDefaultInstanceForType()

Specified by:

getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder

Specified by:

getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

build

public XffConfig build()

Specified by:

build in interface com.google.protobuf.Message.Builder

Specified by:

build in interface com.google.protobuf.MessageLite.Builder

buildPartial

public XffConfig buildPartial()

Specified by:

buildPartial in interface com.google.protobuf.Message.Builder

Specified by:

buildPartial in interface com.google.protobuf.MessageLite.Builder

clone

public XffConfig.Builder clone()

Specified by:

clone in interface com.google.protobuf.Message.Builder

Specified by:

clone in interface com.google.protobuf.MessageLite.Builder

Overrides:

clone in class com.google.protobuf.GeneratedMessageV3.Builder<XffConfig.Builder>

setField

public XffConfig.Builder setField(com.google.protobuf.Descriptors.FieldDescriptor field,
 Object value)

Specified by:

setField in interface com.google.protobuf.Message.Builder

Overrides:

setField in class com.google.protobuf.GeneratedMessageV3.Builder<XffConfig.Builder>

clearField

public XffConfig.Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field)

Specified by:

clearField in interface com.google.protobuf.Message.Builder

Overrides:

clearField in class com.google.protobuf.GeneratedMessageV3.Builder<XffConfig.Builder>

clearOneof

public XffConfig.Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)

Specified by:

clearOneof in interface com.google.protobuf.Message.Builder

Overrides:

clearOneof in class com.google.protobuf.GeneratedMessageV3.Builder<XffConfig.Builder>

setRepeatedField

public XffConfig.Builder setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field,
 int index,
 Object value)

Specified by:

setRepeatedField in interface com.google.protobuf.Message.Builder

Overrides:

setRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<XffConfig.Builder>

addRepeatedField

public XffConfig.Builder addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field,
 Object value)

Specified by:

addRepeatedField in interface com.google.protobuf.Message.Builder

Overrides:

addRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<XffConfig.Builder>

mergeFrom

public XffConfig.Builder mergeFrom(com.google.protobuf.Message other)

Specified by:

mergeFrom in interface com.google.protobuf.Message.Builder

Overrides:

mergeFrom in class com.google.protobuf.AbstractMessage.Builder<XffConfig.Builder>

mergeFrom

public XffConfig.Builder mergeFrom(XffConfig other)

isInitialized

public final boolean isInitialized()

Specified by:

isInitialized in interface com.google.protobuf.MessageLiteOrBuilder

Overrides:

isInitialized in class com.google.protobuf.GeneratedMessageV3.Builder<XffConfig.Builder>

mergeFrom

public XffConfig.Builder mergeFrom(com.google.protobuf.CodedInputStream input,
 com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                            throws IOException

Specified by:

mergeFrom in interface com.google.protobuf.Message.Builder

Specified by:

mergeFrom in interface com.google.protobuf.MessageLite.Builder

Overrides:

mergeFrom in class com.google.protobuf.AbstractMessage.Builder<XffConfig.Builder>

Throws:

IOException

getXffNumTrustedHops

public int getXffNumTrustedHops()

 The number of additional ingress proxy hops from the right side of the
 :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header to trust when
 determining the origin client's IP address. The default is zero if this option
 is not specified. See the documentation for
 :ref:`config_http_conn_man_headers_x-forwarded-for` for more information.

 Only one of ``xff_num_trusted_hops`` and ``xff_trusted_cidrs`` can be set.
 

uint32 xff_num_trusted_hops = 1;

Specified by:

getXffNumTrustedHops in interface XffConfigOrBuilder

Returns:

The xffNumTrustedHops.

setXffNumTrustedHops

public XffConfig.Builder setXffNumTrustedHops(int value)

 The number of additional ingress proxy hops from the right side of the
 :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header to trust when
 determining the origin client's IP address. The default is zero if this option
 is not specified. See the documentation for
 :ref:`config_http_conn_man_headers_x-forwarded-for` for more information.

 Only one of ``xff_num_trusted_hops`` and ``xff_trusted_cidrs`` can be set.
 

uint32 xff_num_trusted_hops = 1;

Parameters:

value - The xffNumTrustedHops to set.

Returns:

This builder for chaining.

clearXffNumTrustedHops

public XffConfig.Builder clearXffNumTrustedHops()

 The number of additional ingress proxy hops from the right side of the
 :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header to trust when
 determining the origin client's IP address. The default is zero if this option
 is not specified. See the documentation for
 :ref:`config_http_conn_man_headers_x-forwarded-for` for more information.

 Only one of ``xff_num_trusted_hops`` and ``xff_trusted_cidrs`` can be set.
 

uint32 xff_num_trusted_hops = 1;

Returns:

This builder for chaining.

hasXffTrustedCidrs

public boolean hasXffTrustedCidrs()

 The `CIDR <https://tools.ietf.org/html/rfc4632>`_ ranges to trust when
 evaluating the remote IP address to determine the original client's IP address.
 This is used instead of
 :ref:`use_remote_address <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`.
 When the remote IP address matches a trusted CIDR and the
 :ref:`config_http_conn_man_headers_x-forwarded-for` header was sent, each entry
 in the ``x-forwarded-for`` header is evaluated from right to left and the first
 non-trusted address is used as the original client address. If all
 addresses in ``x-forwarded-for`` are within the trusted list, the first (leftmost)
 entry is used.

 .. warning::

   Starting with Envoy v1.33.0, private IP address ranges are **not** automatically skipped
   when determining the original client address. We'll return the first address that is not
   in the ``xff_trusted_cidrs`` list, even if it is a private IP address.

   If you want to skip private IP addresses, explicitly add them to the ``xff_trusted_cidrs``
   list. For example:

   .. code-block:: yaml

     xff_trusted_cidrs:
       cidrs:
         - address_prefix: "10.0.0.0"
           prefix_len: 8
         - address_prefix: "172.16.0.0"
           prefix_len: 12
         - address_prefix: "192.168.0.0"
           prefix_len: 16
         - address_prefix: "127.0.0.0"
           prefix_len: 8
         - address_prefix: "fc00::"
           prefix_len: 7
         - address_prefix: "::1"
           prefix_len: 128

   See :ref:`internal_address_config
   <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.internal_address_config>`
   for more information about the v1.33.0 behavior change.

 This is typically used when requests are proxied by a
 `CDN <https://en.wikipedia.org/wiki/Content_delivery_network>`_.

 Only one of ``xff_num_trusted_hops`` and ``xff_trusted_cidrs`` can be set.
 

.envoy.extensions.http.original_ip_detection.xff.v3.XffTrustedCidrs xff_trusted_cidrs = 2;

Specified by:

hasXffTrustedCidrs in interface XffConfigOrBuilder

Returns:

Whether the xffTrustedCidrs field is set.

getXffTrustedCidrs

public XffTrustedCidrs getXffTrustedCidrs()

 The `CIDR <https://tools.ietf.org/html/rfc4632>`_ ranges to trust when
 evaluating the remote IP address to determine the original client's IP address.
 This is used instead of
 :ref:`use_remote_address <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`.
 When the remote IP address matches a trusted CIDR and the
 :ref:`config_http_conn_man_headers_x-forwarded-for` header was sent, each entry
 in the ``x-forwarded-for`` header is evaluated from right to left and the first
 non-trusted address is used as the original client address. If all
 addresses in ``x-forwarded-for`` are within the trusted list, the first (leftmost)
 entry is used.

 .. warning::

   Starting with Envoy v1.33.0, private IP address ranges are **not** automatically skipped
   when determining the original client address. We'll return the first address that is not
   in the ``xff_trusted_cidrs`` list, even if it is a private IP address.

   If you want to skip private IP addresses, explicitly add them to the ``xff_trusted_cidrs``
   list. For example:

   .. code-block:: yaml

     xff_trusted_cidrs:
       cidrs:
         - address_prefix: "10.0.0.0"
           prefix_len: 8
         - address_prefix: "172.16.0.0"
           prefix_len: 12
         - address_prefix: "192.168.0.0"
           prefix_len: 16
         - address_prefix: "127.0.0.0"
           prefix_len: 8
         - address_prefix: "fc00::"
           prefix_len: 7
         - address_prefix: "::1"
           prefix_len: 128

   See :ref:`internal_address_config
   <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.internal_address_config>`
   for more information about the v1.33.0 behavior change.

 This is typically used when requests are proxied by a
 `CDN <https://en.wikipedia.org/wiki/Content_delivery_network>`_.

 Only one of ``xff_num_trusted_hops`` and ``xff_trusted_cidrs`` can be set.
 

.envoy.extensions.http.original_ip_detection.xff.v3.XffTrustedCidrs xff_trusted_cidrs = 2;

Specified by:

getXffTrustedCidrs in interface XffConfigOrBuilder

Returns:

The xffTrustedCidrs.

setXffTrustedCidrs

public XffConfig.Builder setXffTrustedCidrs(XffTrustedCidrs value)

 The `CIDR <https://tools.ietf.org/html/rfc4632>`_ ranges to trust when
 evaluating the remote IP address to determine the original client's IP address.
 This is used instead of
 :ref:`use_remote_address <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`.
 When the remote IP address matches a trusted CIDR and the
 :ref:`config_http_conn_man_headers_x-forwarded-for` header was sent, each entry
 in the ``x-forwarded-for`` header is evaluated from right to left and the first
 non-trusted address is used as the original client address. If all
 addresses in ``x-forwarded-for`` are within the trusted list, the first (leftmost)
 entry is used.

 .. warning::

   Starting with Envoy v1.33.0, private IP address ranges are **not** automatically skipped
   when determining the original client address. We'll return the first address that is not
   in the ``xff_trusted_cidrs`` list, even if it is a private IP address.

   If you want to skip private IP addresses, explicitly add them to the ``xff_trusted_cidrs``
   list. For example:

   .. code-block:: yaml

     xff_trusted_cidrs:
       cidrs:
         - address_prefix: "10.0.0.0"
           prefix_len: 8
         - address_prefix: "172.16.0.0"
           prefix_len: 12
         - address_prefix: "192.168.0.0"
           prefix_len: 16
         - address_prefix: "127.0.0.0"
           prefix_len: 8
         - address_prefix: "fc00::"
           prefix_len: 7
         - address_prefix: "::1"
           prefix_len: 128

   See :ref:`internal_address_config
   <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.internal_address_config>`
   for more information about the v1.33.0 behavior change.

 This is typically used when requests are proxied by a
 `CDN <https://en.wikipedia.org/wiki/Content_delivery_network>`_.

 Only one of ``xff_num_trusted_hops`` and ``xff_trusted_cidrs`` can be set.
 

.envoy.extensions.http.original_ip_detection.xff.v3.XffTrustedCidrs xff_trusted_cidrs = 2;

setXffTrustedCidrs

public XffConfig.Builder setXffTrustedCidrs(XffTrustedCidrs.Builder builderForValue)

 The `CIDR <https://tools.ietf.org/html/rfc4632>`_ ranges to trust when
 evaluating the remote IP address to determine the original client's IP address.
 This is used instead of
 :ref:`use_remote_address <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`.
 When the remote IP address matches a trusted CIDR and the
 :ref:`config_http_conn_man_headers_x-forwarded-for` header was sent, each entry
 in the ``x-forwarded-for`` header is evaluated from right to left and the first
 non-trusted address is used as the original client address. If all
 addresses in ``x-forwarded-for`` are within the trusted list, the first (leftmost)
 entry is used.

 .. warning::

   Starting with Envoy v1.33.0, private IP address ranges are **not** automatically skipped
   when determining the original client address. We'll return the first address that is not
   in the ``xff_trusted_cidrs`` list, even if it is a private IP address.

   If you want to skip private IP addresses, explicitly add them to the ``xff_trusted_cidrs``
   list. For example:

   .. code-block:: yaml

     xff_trusted_cidrs:
       cidrs:
         - address_prefix: "10.0.0.0"
           prefix_len: 8
         - address_prefix: "172.16.0.0"
           prefix_len: 12
         - address_prefix: "192.168.0.0"
           prefix_len: 16
         - address_prefix: "127.0.0.0"
           prefix_len: 8
         - address_prefix: "fc00::"
           prefix_len: 7
         - address_prefix: "::1"
           prefix_len: 128

   See :ref:`internal_address_config
   <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.internal_address_config>`
   for more information about the v1.33.0 behavior change.

 This is typically used when requests are proxied by a
 `CDN <https://en.wikipedia.org/wiki/Content_delivery_network>`_.

 Only one of ``xff_num_trusted_hops`` and ``xff_trusted_cidrs`` can be set.
 

.envoy.extensions.http.original_ip_detection.xff.v3.XffTrustedCidrs xff_trusted_cidrs = 2;

mergeXffTrustedCidrs

public XffConfig.Builder mergeXffTrustedCidrs(XffTrustedCidrs value)

 The `CIDR <https://tools.ietf.org/html/rfc4632>`_ ranges to trust when
 evaluating the remote IP address to determine the original client's IP address.
 This is used instead of
 :ref:`use_remote_address <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`.
 When the remote IP address matches a trusted CIDR and the
 :ref:`config_http_conn_man_headers_x-forwarded-for` header was sent, each entry
 in the ``x-forwarded-for`` header is evaluated from right to left and the first
 non-trusted address is used as the original client address. If all
 addresses in ``x-forwarded-for`` are within the trusted list, the first (leftmost)
 entry is used.

 .. warning::

   Starting with Envoy v1.33.0, private IP address ranges are **not** automatically skipped
   when determining the original client address. We'll return the first address that is not
   in the ``xff_trusted_cidrs`` list, even if it is a private IP address.

   If you want to skip private IP addresses, explicitly add them to the ``xff_trusted_cidrs``
   list. For example:

   .. code-block:: yaml

     xff_trusted_cidrs:
       cidrs:
         - address_prefix: "10.0.0.0"
           prefix_len: 8
         - address_prefix: "172.16.0.0"
           prefix_len: 12
         - address_prefix: "192.168.0.0"
           prefix_len: 16
         - address_prefix: "127.0.0.0"
           prefix_len: 8
         - address_prefix: "fc00::"
           prefix_len: 7
         - address_prefix: "::1"
           prefix_len: 128

   See :ref:`internal_address_config
   <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.internal_address_config>`
   for more information about the v1.33.0 behavior change.

 This is typically used when requests are proxied by a
 `CDN <https://en.wikipedia.org/wiki/Content_delivery_network>`_.

 Only one of ``xff_num_trusted_hops`` and ``xff_trusted_cidrs`` can be set.
 

.envoy.extensions.http.original_ip_detection.xff.v3.XffTrustedCidrs xff_trusted_cidrs = 2;

clearXffTrustedCidrs

public XffConfig.Builder clearXffTrustedCidrs()

 The `CIDR <https://tools.ietf.org/html/rfc4632>`_ ranges to trust when
 evaluating the remote IP address to determine the original client's IP address.
 This is used instead of
 :ref:`use_remote_address <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`.
 When the remote IP address matches a trusted CIDR and the
 :ref:`config_http_conn_man_headers_x-forwarded-for` header was sent, each entry
 in the ``x-forwarded-for`` header is evaluated from right to left and the first
 non-trusted address is used as the original client address. If all
 addresses in ``x-forwarded-for`` are within the trusted list, the first (leftmost)
 entry is used.

 .. warning::

   Starting with Envoy v1.33.0, private IP address ranges are **not** automatically skipped
   when determining the original client address. We'll return the first address that is not
   in the ``xff_trusted_cidrs`` list, even if it is a private IP address.

   If you want to skip private IP addresses, explicitly add them to the ``xff_trusted_cidrs``
   list. For example:

   .. code-block:: yaml

     xff_trusted_cidrs:
       cidrs:
         - address_prefix: "10.0.0.0"
           prefix_len: 8
         - address_prefix: "172.16.0.0"
           prefix_len: 12
         - address_prefix: "192.168.0.0"
           prefix_len: 16
         - address_prefix: "127.0.0.0"
           prefix_len: 8
         - address_prefix: "fc00::"
           prefix_len: 7
         - address_prefix: "::1"
           prefix_len: 128

   See :ref:`internal_address_config
   <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.internal_address_config>`
   for more information about the v1.33.0 behavior change.

 This is typically used when requests are proxied by a
 `CDN <https://en.wikipedia.org/wiki/Content_delivery_network>`_.

 Only one of ``xff_num_trusted_hops`` and ``xff_trusted_cidrs`` can be set.
 

.envoy.extensions.http.original_ip_detection.xff.v3.XffTrustedCidrs xff_trusted_cidrs = 2;

getXffTrustedCidrsBuilder

public XffTrustedCidrs.Builder getXffTrustedCidrsBuilder()

 The `CIDR <https://tools.ietf.org/html/rfc4632>`_ ranges to trust when
 evaluating the remote IP address to determine the original client's IP address.
 This is used instead of
 :ref:`use_remote_address <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`.
 When the remote IP address matches a trusted CIDR and the
 :ref:`config_http_conn_man_headers_x-forwarded-for` header was sent, each entry
 in the ``x-forwarded-for`` header is evaluated from right to left and the first
 non-trusted address is used as the original client address. If all
 addresses in ``x-forwarded-for`` are within the trusted list, the first (leftmost)
 entry is used.

 .. warning::

   Starting with Envoy v1.33.0, private IP address ranges are **not** automatically skipped
   when determining the original client address. We'll return the first address that is not
   in the ``xff_trusted_cidrs`` list, even if it is a private IP address.

   If you want to skip private IP addresses, explicitly add them to the ``xff_trusted_cidrs``
   list. For example:

   .. code-block:: yaml

     xff_trusted_cidrs:
       cidrs:
         - address_prefix: "10.0.0.0"
           prefix_len: 8
         - address_prefix: "172.16.0.0"
           prefix_len: 12
         - address_prefix: "192.168.0.0"
           prefix_len: 16
         - address_prefix: "127.0.0.0"
           prefix_len: 8
         - address_prefix: "fc00::"
           prefix_len: 7
         - address_prefix: "::1"
           prefix_len: 128

   See :ref:`internal_address_config
   <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.internal_address_config>`
   for more information about the v1.33.0 behavior change.

 This is typically used when requests are proxied by a
 `CDN <https://en.wikipedia.org/wiki/Content_delivery_network>`_.

 Only one of ``xff_num_trusted_hops`` and ``xff_trusted_cidrs`` can be set.
 

.envoy.extensions.http.original_ip_detection.xff.v3.XffTrustedCidrs xff_trusted_cidrs = 2;

getXffTrustedCidrsOrBuilder

public XffTrustedCidrsOrBuilder getXffTrustedCidrsOrBuilder()

 The `CIDR <https://tools.ietf.org/html/rfc4632>`_ ranges to trust when
 evaluating the remote IP address to determine the original client's IP address.
 This is used instead of
 :ref:`use_remote_address <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`.
 When the remote IP address matches a trusted CIDR and the
 :ref:`config_http_conn_man_headers_x-forwarded-for` header was sent, each entry
 in the ``x-forwarded-for`` header is evaluated from right to left and the first
 non-trusted address is used as the original client address. If all
 addresses in ``x-forwarded-for`` are within the trusted list, the first (leftmost)
 entry is used.

 .. warning::

   Starting with Envoy v1.33.0, private IP address ranges are **not** automatically skipped
   when determining the original client address. We'll return the first address that is not
   in the ``xff_trusted_cidrs`` list, even if it is a private IP address.

   If you want to skip private IP addresses, explicitly add them to the ``xff_trusted_cidrs``
   list. For example:

   .. code-block:: yaml

     xff_trusted_cidrs:
       cidrs:
         - address_prefix: "10.0.0.0"
           prefix_len: 8
         - address_prefix: "172.16.0.0"
           prefix_len: 12
         - address_prefix: "192.168.0.0"
           prefix_len: 16
         - address_prefix: "127.0.0.0"
           prefix_len: 8
         - address_prefix: "fc00::"
           prefix_len: 7
         - address_prefix: "::1"
           prefix_len: 128

   See :ref:`internal_address_config
   <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.internal_address_config>`
   for more information about the v1.33.0 behavior change.

 This is typically used when requests are proxied by a
 `CDN <https://en.wikipedia.org/wiki/Content_delivery_network>`_.

 Only one of ``xff_num_trusted_hops`` and ``xff_trusted_cidrs`` can be set.
 

.envoy.extensions.http.original_ip_detection.xff.v3.XffTrustedCidrs xff_trusted_cidrs = 2;

Specified by:

getXffTrustedCidrsOrBuilder in interface XffConfigOrBuilder

hasSkipXffAppend

public boolean hasSkipXffAppend()

 If set, Envoy will not append the remote address to the
 :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header.

 .. attention::

   For proper proxy behaviour it is not recommended to set this option.
   For backwards compatibility, if this option is unset it defaults to true.

 This only applies when :ref:`use_remote_address
 <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`
 is false, otherwise :ref:`skip_xff_append
 <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.skip_xff_append>`
 applies.
 

.google.protobuf.BoolValue skip_xff_append = 3;

Specified by:

hasSkipXffAppend in interface XffConfigOrBuilder

Returns:

Whether the skipXffAppend field is set.

getSkipXffAppend

public com.google.protobuf.BoolValue getSkipXffAppend()

 If set, Envoy will not append the remote address to the
 :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header.

 .. attention::

   For proper proxy behaviour it is not recommended to set this option.
   For backwards compatibility, if this option is unset it defaults to true.

 This only applies when :ref:`use_remote_address
 <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`
 is false, otherwise :ref:`skip_xff_append
 <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.skip_xff_append>`
 applies.
 

.google.protobuf.BoolValue skip_xff_append = 3;

Specified by:

getSkipXffAppend in interface XffConfigOrBuilder

Returns:

The skipXffAppend.

setSkipXffAppend

public XffConfig.Builder setSkipXffAppend(com.google.protobuf.BoolValue value)

 If set, Envoy will not append the remote address to the
 :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header.

 .. attention::

   For proper proxy behaviour it is not recommended to set this option.
   For backwards compatibility, if this option is unset it defaults to true.

 This only applies when :ref:`use_remote_address
 <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`
 is false, otherwise :ref:`skip_xff_append
 <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.skip_xff_append>`
 applies.
 

.google.protobuf.BoolValue skip_xff_append = 3;

setSkipXffAppend

public XffConfig.Builder setSkipXffAppend(com.google.protobuf.BoolValue.Builder builderForValue)

 If set, Envoy will not append the remote address to the
 :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header.

 .. attention::

   For proper proxy behaviour it is not recommended to set this option.
   For backwards compatibility, if this option is unset it defaults to true.

 This only applies when :ref:`use_remote_address
 <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`
 is false, otherwise :ref:`skip_xff_append
 <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.skip_xff_append>`
 applies.
 

.google.protobuf.BoolValue skip_xff_append = 3;

mergeSkipXffAppend

public XffConfig.Builder mergeSkipXffAppend(com.google.protobuf.BoolValue value)

 If set, Envoy will not append the remote address to the
 :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header.

 .. attention::

   For proper proxy behaviour it is not recommended to set this option.
   For backwards compatibility, if this option is unset it defaults to true.

 This only applies when :ref:`use_remote_address
 <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`
 is false, otherwise :ref:`skip_xff_append
 <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.skip_xff_append>`
 applies.
 

.google.protobuf.BoolValue skip_xff_append = 3;

clearSkipXffAppend

public XffConfig.Builder clearSkipXffAppend()

 If set, Envoy will not append the remote address to the
 :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header.

 .. attention::

   For proper proxy behaviour it is not recommended to set this option.
   For backwards compatibility, if this option is unset it defaults to true.

 This only applies when :ref:`use_remote_address
 <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`
 is false, otherwise :ref:`skip_xff_append
 <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.skip_xff_append>`
 applies.
 

.google.protobuf.BoolValue skip_xff_append = 3;

getSkipXffAppendBuilder

public com.google.protobuf.BoolValue.Builder getSkipXffAppendBuilder()

 If set, Envoy will not append the remote address to the
 :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header.

 .. attention::

   For proper proxy behaviour it is not recommended to set this option.
   For backwards compatibility, if this option is unset it defaults to true.

 This only applies when :ref:`use_remote_address
 <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`
 is false, otherwise :ref:`skip_xff_append
 <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.skip_xff_append>`
 applies.
 

.google.protobuf.BoolValue skip_xff_append = 3;

getSkipXffAppendOrBuilder

public com.google.protobuf.BoolValueOrBuilder getSkipXffAppendOrBuilder()

 If set, Envoy will not append the remote address to the
 :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header.

 .. attention::

   For proper proxy behaviour it is not recommended to set this option.
   For backwards compatibility, if this option is unset it defaults to true.

 This only applies when :ref:`use_remote_address
 <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`
 is false, otherwise :ref:`skip_xff_append
 <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.skip_xff_append>`
 applies.
 

.google.protobuf.BoolValue skip_xff_append = 3;

Specified by:

getSkipXffAppendOrBuilder in interface XffConfigOrBuilder

setUnknownFields

public final XffConfig.Builder setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)

Specified by:

setUnknownFields in interface com.google.protobuf.Message.Builder

Overrides:

setUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<XffConfig.Builder>

mergeUnknownFields

public final XffConfig.Builder mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)

Specified by:

mergeUnknownFields in interface com.google.protobuf.Message.Builder

Overrides:

mergeUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<XffConfig.Builder>