package envoy.config.route.v3

Get desktop application:
View/edit binary Protocol Buffers messages

Configuration for a cluster specifier plugin.

Used in: RouteAction, RouteConfiguration

optional core.v3.TypedExtensionConfig extension = 1
The name of the plugin and its opaque configuration.
bool is_optional = 2
If is_optional is not set or is set to false and the plugin defined by this message is not a supported type, the containing resource is NACKed. If is_optional is set to true, the resource would not be NACKed for this reason. In this case, routes referencing this plugin's name would not be treated as an illegal configuration, but would result in a failure if the route is selected.

Cors policy configuration. .. attention:: This message has been deprecated. Please use :ref:`CorsPolicy in filter extension <envoy_v3_api_msg_extensions.filters.http.cors.v3.CorsPolicy>` as as alternative. [#next-free-field: 14]

Used in: RouteAction, VirtualHost

repeated type.matcher.v3.StringMatcher allow_origin_string_match = 11
Specifies string patterns that match allowed origins. An origin is allowed if any of the string matchers match.
string allow_methods = 2
Specifies the content for the ``access-control-allow-methods`` header.
string allow_headers = 3
Specifies the content for the ``access-control-allow-headers`` header.
string expose_headers = 4
Specifies the content for the ``access-control-expose-headers`` header.
string max_age = 5
Specifies the content for the ``access-control-max-age`` header.
optional google.protobuf.BoolValue allow_credentials = 6
Specifies whether the resource allows credentials.
oneof enabled_specifier
- core.v3.RuntimeFractionalPercent filter_enabled = 9
  Specifies the % of requests for which the CORS filter is enabled. If neither ``enabled``, ``filter_enabled``, nor ``shadow_enabled`` are specified, the CORS filter will be enabled for 100% of the requests. If :ref:`runtime_key <envoy_v3_api_field_config.core.v3.RuntimeFractionalPercent.runtime_key>` is specified, Envoy will lookup the runtime key to get the percentage of requests to filter.
optional core.v3.RuntimeFractionalPercent shadow_enabled = 10
Specifies the % of requests for which the CORS policies will be evaluated and tracked, but not enforced. This field is intended to be used when ``filter_enabled`` and ``enabled`` are off. One of those fields have to explicitly disable the filter in order for this setting to take effect. If :ref:`runtime_key <envoy_v3_api_field_config.core.v3.RuntimeFractionalPercent.runtime_key>` is specified, Envoy will lookup the runtime key to get the percentage of requests for which it will evaluate and track the request's ``Origin`` to determine if it's valid but will not enforce any policies.
optional google.protobuf.BoolValue allow_private_network_access = 12
Specify whether allow requests whose target server's IP address is more private than that from which the request initiator was fetched. More details refer to https://developer.chrome.com/blog/private-network-access-preflight.
optional google.protobuf.BoolValue forward_not_matching_preflights = 13
Specifies if preflight requests not matching the configured allowed origin should be forwarded to the upstream. Default is true.

Used in: Route

string operation = 1
The operation name associated with the request matched to this route. If tracing is enabled, this information will be used as the span name reported for this request. .. note:: For ingress (inbound) requests, or egress (outbound) responses, this value may be overridden by the :ref:`x-envoy-decorator-operation <config_http_filters_router_x-envoy-decorator-operation>` header.
optional google.protobuf.BoolValue propagate = 2
Whether the decorated details should be propagated to the other party. The default is true.

Used in: Route

uint32 status = 1
Specifies the HTTP response status to be returned.
optional core.v3.DataSource body = 2
Specifies the content of the response body. If this setting is omitted, no body is included in the generated response. .. note:: Headers can be specified using ``response_headers_to_add`` in the enclosing :ref:`envoy_v3_api_msg_config.route.v3.Route`, :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration` or :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost`.

A filter-defined action type.

Used in: Route

optional google.protobuf.Any action = 1

A simple wrapper for an HTTP filter config. This is intended to be used as a wrapper for the map value in :ref:`VirtualHost.typed_per_filter_config<envoy_v3_api_field_config.route.v3.VirtualHost.typed_per_filter_config>`, :ref:`Route.typed_per_filter_config<envoy_v3_api_field_config.route.v3.Route.typed_per_filter_config>`, or :ref:`WeightedCluster.ClusterWeight.typed_per_filter_config<envoy_v3_api_field_config.route.v3.WeightedCluster.ClusterWeight.typed_per_filter_config>` to add additional flags to the filter.

optional google.protobuf.Any config = 1
The filter config.
bool is_optional = 2
If true, the filter is optional, meaning that if the client does not support the specified filter, it may ignore the map entry rather than rejecting the config.
bool disabled = 3
If true, the filter is disabled in the route or virtual host and the ``config`` field is ignored. See :ref:`route based filter chain <arch_overview_http_filters_route_based_filter_chain>` for more details. .. note:: This field will take effect when the request arrive and filter chain is created for the request. If initial route is selected for the request and a filter is disabled in the initial route, then the filter will not be added to the filter chain. And if the request is mutated later and re-match to another route, the disabled filter by the initial route will not be added back to the filter chain because the filter chain is already created and it is too late to change the chain. This field only make sense for the downstream HTTP filters for now.

.. attention:: Internally, Envoy always uses the HTTP/2 ``:authority`` header to represent the HTTP/1 ``Host`` header. Thus, if attempting to match on ``Host``, match on ``:authority`` instead. .. attention:: To route on HTTP method, use the special HTTP/2 ``:method`` header. This works for both HTTP/1 and HTTP/2 as Envoy normalizes headers. E.g., .. code-block:: json { "name": ":method", "string_match": { "exact": "POST" } } .. attention:: In the absence of any header match specifier, match will default to :ref:`present_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.present_match>`. i.e, a request that has the :ref:`name <envoy_v3_api_field_config.route.v3.HeaderMatcher.name>` header will match, regardless of the header's value. [#next-major-version: HeaderMatcher should be refactored to use StringMatcher.] [#next-free-field: 15]

Used in: accesslog.v3.HeaderFilter, common.matcher.v3.HttpHeadersMatch, rbac.v3.Permission, rbac.v3.Principal, RateLimit.Action.HeaderValueMatch, RetryPolicy, RouteMatch, VirtualCluster, tap.v3.HttpHeadersMatch, extensions.filters.http.fault.v3.HTTPFault, extensions.filters.http.health_check.v3.HealthCheck, extensions.filters.http.oauth2.v3.OAuth2Config, extensions.filters.network.dubbo_proxy.v3.RouteMatch, extensions.filters.network.thrift_proxy.v3.RouteMatch

string name = 1
Specifies the name of the header in the request.
oneof header_match_specifier
Specifies how the header match will be performed to route the request.
- string exact_match = 4
  If specified, header match will be performed based on the value of the header. This field is deprecated. Please use :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>`.
- type.matcher.v3.RegexMatcher safe_regex_match = 11
  If specified, this regex string is a regular expression rule which implies the entire request header value must match the regex. The rule will not match if only a subsequence of the request header value matches the regex. This field is deprecated. Please use :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>`.
- type.v3.Int64Range range_match = 6
  If specified, header match will be performed based on range. The rule will match if the request header value is within this range. The entire request header value must represent an integer in base 10 notation: consisting of an optional plus or minus sign followed by a sequence of digits. The rule will not match if the header value does not represent an integer. Match will fail for empty values, floating point numbers or if only a subsequence of the header value is an integer. Examples: * For range [-10,0), route will match for header value -1, but not for 0, ``somestring``, 10.9, ``-1somestring``
- bool present_match = 7
  If specified as true, header match will be performed based on whether the header is in the request. If specified as false, header match will be performed based on whether the header is absent.
- string prefix_match = 9
  If specified, header match will be performed based on the prefix of the header value. Note: empty prefix is not allowed, please use present_match instead. This field is deprecated. Please use :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>`. Examples: * The prefix ``abcd`` matches the value ``abcdxyz``, but not for ``abcxyz``.
- string suffix_match = 10
  If specified, header match will be performed based on the suffix of the header value. Note: empty suffix is not allowed, please use present_match instead. This field is deprecated. Please use :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>`. Examples: * The suffix ``abcd`` matches the value ``xyzabcd``, but not for ``xyzbcd``.
- string contains_match = 12
  If specified, header match will be performed based on whether the header value contains the given value or not. Note: empty contains match is not allowed, please use present_match instead. This field is deprecated. Please use :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>`. Examples: * The value ``abcd`` matches the value ``xyzabcdpqr``, but not for ``xyzbcdpqr``.
- type.matcher.v3.StringMatcher string_match = 13
  If specified, header match will be performed based on the string match of the header value.
bool invert_match = 8
If specified, the match result will be inverted before checking. Defaults to false. Examples: * The regex ``\d{3}`` does not match the value ``1234``, so it will match when inverted. * The range [-10,0) will match the value -1, so it will not match when inverted.
bool treat_missing_header_as_empty = 14
If specified, for any header match rule, if the header match rule specified header does not exist, this header value will be treated as empty. Defaults to false. Examples: * The header match rule specified header "header1" to range match of [0, 10], :ref:`invert_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.invert_match>` is set to true and :ref:`treat_missing_header_as_empty <envoy_v3_api_field_config.route.v3.HeaderMatcher.treat_missing_header_as_empty>` is set to true; The "header1" header is not present. The match rule will treat the "header1" as an empty header. The empty header does not match the range, so it will match when inverted. * The header match rule specified header "header2" to range match of [0, 10], :ref:`invert_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.invert_match>` is set to true and :ref:`treat_missing_header_as_empty <envoy_v3_api_field_config.route.v3.HeaderMatcher.treat_missing_header_as_empty>` is set to false; The "header2" header is not present and the header matcher rule for "header2" will be ignored so it will not match. * The header match rule specified header "header3" to a string regex match ``^$`` which means an empty string, and :ref:`treat_missing_header_as_empty <envoy_v3_api_field_config.route.v3.HeaderMatcher.treat_missing_header_as_empty>` is set to true; The "header3" header is not present. The match rule will treat the "header3" header as an empty header so it will match. * The header match rule specified header "header4" to a string regex match ``^$`` which means an empty string, and :ref:`treat_missing_header_as_empty <envoy_v3_api_field_config.route.v3.HeaderMatcher.treat_missing_header_as_empty>` is set to false; The "header4" header is not present. The match rule for "header4" will be ignored so it will not match.

HTTP request hedging :ref:`architecture overview <arch_overview_http_routing_hedging>`.

Used in: RouteAction, VirtualHost

optional google.protobuf.UInt32Value initial_requests = 1
Specifies the number of initial requests that should be sent upstream. Must be at least 1. Defaults to 1. [#not-implemented-hide:]
optional type.v3.FractionalPercent additional_request_chance = 2
Specifies a probability that an additional upstream request should be sent on top of what is specified by initial_requests. Defaults to 0. [#not-implemented-hide:]
bool hedge_on_per_try_timeout = 3
Indicates that a hedged request should be sent when the per-try timeout is hit. This means that a retry will be issued without resetting the original request, leaving multiple upstream requests in flight. The first request to complete successfully will be the one returned to the caller. * At any time, a successful response (i.e. not triggering any of the retry-on conditions) would be returned to the client. * Before per-try timeout, an error response (per retry-on conditions) would be retried immediately or returned ot the client if there are no more retries left. * After per-try timeout, an error response would be discarded, as a retry in the form of a hedged request is already in progress. Note: For this to have effect, you must have a :ref:`RetryPolicy <envoy_v3_api_msg_config.route.v3.RetryPolicy>` that retries at least one error code and specifies a maximum number of retries. Defaults to false.

HTTP Internal Redirect :ref:`architecture overview <arch_overview_internal_redirects>`. [#next-free-field: 6]

Used in: RouteAction

optional google.protobuf.UInt32Value max_internal_redirects = 1
An internal redirect is not handled, unless the number of previous internal redirects that a downstream request has encountered is lower than this value. In the case where a downstream request is bounced among multiple routes by internal redirect, the first route that hits this threshold, or does not set :ref:`internal_redirect_policy <envoy_v3_api_field_config.route.v3.RouteAction.internal_redirect_policy>` will pass the redirect back to downstream. If not specified, at most one redirect will be followed.
repeated uint32 redirect_response_codes = 2
Defines what upstream response codes are allowed to trigger internal redirect. If unspecified, only 302 will be treated as internal redirect. Only 301, 302, 303, 307 and 308 are valid values. Any other codes will be ignored.
repeated core.v3.TypedExtensionConfig predicates = 3
Specifies a list of predicates that are queried when an upstream response is deemed to trigger an internal redirect by all other criteria. Any predicate in the list can reject the redirect, causing the response to be proxied to downstream. [#extension-category: envoy.internal_redirect_predicates]
bool allow_cross_scheme_redirect = 4
Allow internal redirect to follow a target URI with a different scheme than the value of x-forwarded-proto. The default is false.
repeated string response_headers_to_copy = 5
Specifies a list of headers, by name, to copy from the internal redirect into the subsequent request. If a header is specified here but not present in the redirect, it will be cleared in the subsequent request.

[#not-implemented-hide:]

Used in: Route

(message has no fields)

Query parameter matching treats the query string of a request's :path header as an ampersand-separated list of keys and/or key=value elements. [#next-free-field: 7]

Used in: RateLimit.Action.QueryParameterValueMatch, RouteMatch, extensions.filters.http.cache.v3.CacheConfig.KeyCreatorParams

string name = 1
Specifies the name of a key that must be present in the requested ``path``'s query string.
oneof query_parameter_match_specifier
- type.matcher.v3.StringMatcher string_match = 5
  Specifies whether a query parameter value should match against a string.
- bool present_match = 6
  Specifies whether a query parameter should be present.

Global rate limiting :ref:`architecture overview <arch_overview_global_rate_limit>`. Also applies to Local rate limiting :ref:`using descriptors <config_http_filters_local_rate_limit_descriptors>`. [#next-free-field: 7]

Used in: RouteAction, VirtualHost, extensions.filters.http.local_ratelimit.v3.LocalRateLimit, extensions.filters.http.ratelimit.v3.RateLimitPerRoute, extensions.filters.network.thrift_proxy.v3.RouteAction

optional google.protobuf.UInt32Value stage = 1
Refers to the stage set in the filter. The rate limit configuration only applies to filters with the same stage number. The default stage number is 0. .. note:: The filter supports a range of 0 - 10 inclusively for stage numbers. .. note:: This is not supported if the rate limit action is configured in the ``typed_per_filter_config`` like :ref:`VirtualHost.typed_per_filter_config<envoy_v3_api_field_config.route.v3.VirtualHost.typed_per_filter_config>` or :ref:`Route.typed_per_filter_config<envoy_v3_api_field_config.route.v3.Route.typed_per_filter_config>`, etc.
string disable_key = 2
The key to be set in runtime to disable this rate limit configuration. .. note:: This is not supported if the rate limit action is configured in the ``typed_per_filter_config`` like :ref:`VirtualHost.typed_per_filter_config<envoy_v3_api_field_config.route.v3.VirtualHost.typed_per_filter_config>` or :ref:`Route.typed_per_filter_config<envoy_v3_api_field_config.route.v3.Route.typed_per_filter_config>`, etc.
repeated RateLimit.Action actions = 3
A list of actions that are to be applied for this rate limit configuration. Order matters as the actions are processed sequentially and the descriptor is composed by appending descriptor entries in that sequence. If an action cannot append a descriptor entry, no descriptor is generated for the configuration. See :ref:`composing actions <config_http_filters_rate_limit_composing_actions>` for additional documentation.
optional RateLimit.Override limit = 4
An optional limit override to be appended to the descriptor produced by this rate limit configuration. If the override value is invalid or cannot be resolved from metadata, no override is provided. See :ref:`rate limit override <config_http_filters_rate_limit_rate_limit_override>` for more information. .. note:: This is not supported if the rate limit action is configured in the ``typed_per_filter_config`` like :ref:`VirtualHost.typed_per_filter_config<envoy_v3_api_field_config.route.v3.VirtualHost.typed_per_filter_config>` or :ref:`Route.typed_per_filter_config<envoy_v3_api_field_config.route.v3.Route.typed_per_filter_config>`, etc.
optional RateLimit.HitsAddend hits_addend = 5
An optional hits addend to be appended to the descriptor produced by this rate limit configuration. .. note:: This is only supported if the rate limit action is configured in the ``typed_per_filter_config`` like :ref:`VirtualHost.typed_per_filter_config<envoy_v3_api_field_config.route.v3.VirtualHost.typed_per_filter_config>` or :ref:`Route.typed_per_filter_config<envoy_v3_api_field_config.route.v3.Route.typed_per_filter_config>`, etc.
bool apply_on_stream_done = 6
If true, the rate limit request will be applied when the stream completes. The default value is false. This is useful when the rate limit budget needs to reflect the response context that is not available on the request path. For example, let's say the upstream service calculates the usage statistics and returns them in the response body and we want to utilize these numbers to apply the rate limit action for the subsequent requests. Combined with another filter that can set the desired addend based on the response (e.g. Lua filter), this can be used to subtract the usage statistics from the rate limit budget. A rate limit applied on the stream completion is "fire-and-forget" by nature, and rate limit is not enforced by this config. In other words, the current request won't be blocked when this is true, but the budget will be updated for the subsequent requests based on the action with this field set to true. Users should ensure that the rate limit is enforced by the actions applied on the request path, i.e. the ones with this field set to false. Currently, this is only supported by the HTTP global rate filter.

[#next-free-field: 13]

Used in: RateLimit

oneof action_specifier
- Action.SourceCluster source_cluster = 1
  Rate limit on source cluster.
- Action.DestinationCluster destination_cluster = 2
  Rate limit on destination cluster.
- Action.RequestHeaders request_headers = 3
  Rate limit on request headers.
- Action.QueryParameters query_parameters = 12
  Rate limit on query parameters.
- Action.RemoteAddress remote_address = 4
  Rate limit on remote address.
- Action.GenericKey generic_key = 5
  Rate limit on a generic key.
- Action.HeaderValueMatch header_value_match = 6
  Rate limit on the existence of request headers.
- Action.DynamicMetaData dynamic_metadata = 7
  Rate limit on dynamic metadata. .. attention:: This field has been deprecated in favor of the :ref:`metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.metadata>` field
- Action.MetaData metadata = 8
  Rate limit on metadata.
- core.v3.TypedExtensionConfig extension = 9
  Rate limit descriptor extension. See the rate limit descriptor extensions documentation. :ref:`HTTP matching input functions <arch_overview_matching_api>` are permitted as descriptor extensions. The input functions are only looked up if there is no rate limit descriptor extension matching the type URL. [#extension-category: envoy.rate_limit_descriptors]
- Action.MaskedRemoteAddress masked_remote_address = 10
  Rate limit on masked remote address.
- Action.QueryParameterValueMatch query_parameter_value_match = 11
  Rate limit on the existence of query parameters.

The following descriptor entry is appended to the descriptor: .. code-block:: cpp ("destination_cluster", "<routed target cluster>") Once a request matches against a route table rule, a routed cluster is determined by one of the following :ref:`route table configuration <envoy_v3_api_msg_config.route.v3.RouteConfiguration>` settings: * :ref:`cluster <envoy_v3_api_field_config.route.v3.RouteAction.cluster>` indicates the upstream cluster to route to. * :ref:`weighted_clusters <envoy_v3_api_field_config.route.v3.RouteAction.weighted_clusters>` chooses a cluster randomly from a set of clusters with attributed weight. * :ref:`cluster_header <envoy_v3_api_field_config.route.v3.RouteAction.cluster_header>` indicates which header in the request contains the target cluster.

Used in: Action

(message has no fields)

The following descriptor entry is appended when the :ref:`dynamic metadata <well_known_dynamic_metadata>` contains a key value: .. code-block:: cpp ("<descriptor_key>", "<value_queried_from_dynamic_metadata>") .. attention:: This action has been deprecated in favor of the :ref:`metadata <envoy_v3_api_msg_config.route.v3.RateLimit.Action.MetaData>` action

Used in: Action

string descriptor_key = 1
The key to use in the descriptor entry.
optional type.metadata.v3.MetadataKey metadata_key = 2
Metadata struct that defines the key and path to retrieve the string value. A match will only happen if the value in the dynamic metadata is of type string.
string default_value = 3
An optional value to use if ``metadata_key`` is empty. If not set and no value is present under the metadata_key then no descriptor is generated.

The following descriptor entry is appended to the descriptor: .. code-block:: cpp ("generic_key", "<descriptor_value>")

Used in: Action

string descriptor_value = 1
The value to use in the descriptor entry.
string descriptor_key = 2
An optional key to use in the descriptor entry. If not set it defaults to 'generic_key' as the descriptor key.

The following descriptor entry is appended to the descriptor: .. code-block:: cpp ("header_match", "<descriptor_value>")

Used in: Action

string descriptor_key = 4
The key to use in the descriptor entry. Defaults to ``header_match``.
string descriptor_value = 1
The value to use in the descriptor entry.
optional google.protobuf.BoolValue expect_match = 2
If set to true, the action will append a descriptor entry when the request matches the headers. If set to false, the action will append a descriptor entry when the request does not match the headers. The default value is true.
repeated HeaderMatcher headers = 3
Specifies a set of headers that the rate limit action should match on. The action will check the request’s headers against all the specified headers in the config. A match will happen if all the headers in the config are present in the request with the same values (or based on presence if the value field is not in the config).

The following descriptor entry is appended to the descriptor and is populated using the masked address from :ref:`x-forwarded-for <config_http_conn_man_headers_x-forwarded-for>`: .. code-block:: cpp ("masked_remote_address", "<masked address from x-forwarded-for>")

Used in: Action

optional google.protobuf.UInt32Value v4_prefix_mask_len = 1
Length of prefix mask len for IPv4 (e.g. 0, 32). Defaults to 32 when unset. For example, trusted address from x-forwarded-for is ``192.168.1.1``, the descriptor entry is ("masked_remote_address", "192.168.1.1/32"); if mask len is 24, the descriptor entry is ("masked_remote_address", "192.168.1.0/24").
optional google.protobuf.UInt32Value v6_prefix_mask_len = 2
Length of prefix mask len for IPv6 (e.g. 0, 128). Defaults to 128 when unset. For example, trusted address from x-forwarded-for is ``2001:abcd:ef01:2345:6789:abcd:ef01:234``, the descriptor entry is ("masked_remote_address", "2001:abcd:ef01:2345:6789:abcd:ef01:234/128"); if mask len is 64, the descriptor entry is ("masked_remote_address", "2001:abcd:ef01:2345::/64").

The following descriptor entry is appended when the metadata contains a key value: .. code-block:: cpp ("<descriptor_key>", "<value_queried_from_metadata>") [#next-free-field: 6]

Used in: Action

string descriptor_key = 1
The key to use in the descriptor entry.
optional type.metadata.v3.MetadataKey metadata_key = 2
Metadata struct that defines the key and path to retrieve the string value. A match will only happen if the value in the metadata is of type string.
string default_value = 3
An optional value to use if ``metadata_key`` is empty. If not set and no value is present under the metadata_key then ``skip_if_absent`` is followed to skip calling the rate limiting service or skip the descriptor.
MetaData.Source source = 4
Source of metadata
bool skip_if_absent = 5
Controls the behavior when the specified ``metadata_key`` is empty and ``default_value`` is not set. If set to ``false`` (default): * Envoy does **NOT** call the rate limiting service for this descriptor. * Useful if the metadata is optional and you prefer to skip rate limiting when it's absent. If set to ``true``: * Envoy calls the rate limiting service but omits this descriptor if the ``metadata_key`` is empty and ``default_value`` is missing. * Useful if you want Envoy to enforce rate limiting even when the metadata is not present.

Used in: MetaData

DYNAMIC = 0
Query :ref:`dynamic metadata <well_known_dynamic_metadata>`
ROUTE_ENTRY = 1
Query :ref:`route entry metadata <envoy_v3_api_field_config.route.v3.Route.metadata>`

The following descriptor entry is appended to the descriptor: .. code-block:: cpp ("query_match", "<descriptor_value>")

Used in: Action

string descriptor_key = 4
The key to use in the descriptor entry. Defaults to ``query_match``.
string descriptor_value = 1
The value to use in the descriptor entry.
optional google.protobuf.BoolValue expect_match = 2
If set to true, the action will append a descriptor entry when the request matches the headers. If set to false, the action will append a descriptor entry when the request does not match the headers. The default value is true.
repeated QueryParameterMatcher query_parameters = 3
Specifies a set of query parameters that the rate limit action should match on. The action will check the request’s query parameters against all the specified query parameters in the config. A match will happen if all the query parameters in the config are present in the request with the same values (or based on presence if the value field is not in the config).

The following descriptor entry is appended when a query parameter contains a key that matches the ``query_parameter_name``: .. code-block:: cpp ("<descriptor_key>", "<query_parameter_value_queried_from_query_parameter>")

Used in: Action

string query_parameter_name = 1
The name of the query parameter to use for rate limiting. Value of this query parameter is used to populate the value of the descriptor entry for the descriptor_key.
string descriptor_key = 2
The key to use when creating the rate limit descriptor entry. his descriptor key will be used to identify the rate limit rule in the rate limiting service.
bool skip_if_absent = 3
Controls the behavior when the specified query parameter is not present in the request. If set to ``false`` (default): * Envoy does **NOT** call the rate limiting service for this descriptor. * Useful if the query parameter is optional and you prefer to skip rate limiting when it's absent. If set to ``true``: * Envoy calls the rate limiting service but omits this descriptor if the query parameter is missing. * Useful if you want Envoy to enforce rate limiting even when the query parameter is not present.

The following descriptor entry is appended to the descriptor and is populated using the trusted address from :ref:`x-forwarded-for <config_http_conn_man_headers_x-forwarded-for>`: .. code-block:: cpp ("remote_address", "<trusted address from x-forwarded-for>")

Used in: Action

(message has no fields)

The following descriptor entry is appended when a header contains a key that matches the ``header_name``: .. code-block:: cpp ("<descriptor_key>", "<header_value_queried_from_header>")

Used in: Action

string header_name = 1
The header name to be queried from the request headers. The header’s value is used to populate the value of the descriptor entry for the descriptor_key.
string descriptor_key = 2
The key to use in the descriptor entry.
bool skip_if_absent = 3
Controls the behavior when the specified header is not present in the request. If set to ``false`` (default): * Envoy does **NOT** call the rate limiting service for this descriptor. * Useful if the header is optional and you prefer to skip rate limiting when it's absent. If set to ``true``: * Envoy calls the rate limiting service but omits this descriptor if the header is missing. * Useful if you want Envoy to enforce rate limiting even when the header is not present.

The following descriptor entry is appended to the descriptor: .. code-block:: cpp ("source_cluster", "<local service cluster>") <local service cluster> is derived from the :option:`--service-cluster` option.

Used in: Action

(message has no fields)

Used in: RateLimit

optional google.protobuf.UInt64Value number = 1
Fixed number of hits to add to the rate limit descriptor. One of the ``number`` or ``format`` fields should be set but not both.
string format = 2
Substitution format string to extract the number of hits to add to the rate limit descriptor. The same :ref:`format specifier <config_access_log_format>` as used for :ref:`HTTP access logging <config_access_log>` applies here. .. note:: The format string must contains only single valid substitution field. If the format string not meets the requirement, the configuration will be rejected. The substitution field should generates a non-negative number or string representation of a non-negative number. The value of the non-negative number should be less than or equal to 1000000000 like the ``number`` field. If the output of the substitution field not meet the requirement, this will be treated as an error and the current descriptor will be ignored. For example, the ``%BYTES_RECEIVED%`` format string will be replaced with the number of bytes received in the request. One of the ``number`` or ``format`` fields should be set but not both.

Used in: RateLimit

oneof override_specifier
- Override.DynamicMetadata dynamic_metadata = 1
  Limit override from dynamic metadata.

Fetches the override from the dynamic metadata.

Used in: Override

optional type.metadata.v3.MetadataKey metadata_key = 1
Metadata struct that defines the key and path to retrieve the struct value. The value must be a struct containing an integer "requests_per_unit" property and a "unit" property with a value parseable to :ref:`RateLimitUnit enum <envoy_v3_api_enum_type.v3.RateLimitUnit>`

[#next-free-field: 10]

Used in: Route, extensions.http.custom_response.redirect_policy.v3.RedirectPolicy

oneof scheme_rewrite_specifier
When the scheme redirection take place, the following rules apply: 1. If the source URI scheme is ``http`` and the port is explicitly set to ``:80``, the port will be removed after the redirection 2. If the source URI scheme is ``https`` and the port is explicitly set to ``:443``, the port will be removed after the redirection
- bool https_redirect = 4
  The scheme portion of the URL will be swapped with "https".
- string scheme_redirect = 7
  The scheme portion of the URL will be swapped with this value.
string host_redirect = 1
The host portion of the URL will be swapped with this value.
uint32 port_redirect = 8
The port value of the URL will be swapped with this value.
oneof path_rewrite_specifier
- string path_redirect = 2
  The path portion of the URL will be swapped with this value. Please note that query string in path_redirect will override the request's query string and will not be stripped. For example, let's say we have the following routes: - match: { path: "/old-path-1" } redirect: { path_redirect: "/new-path-1" } - match: { path: "/old-path-2" } redirect: { path_redirect: "/new-path-2", strip-query: "true" } - match: { path: "/old-path-3" } redirect: { path_redirect: "/new-path-3?foo=1", strip_query: "true" } 1. if request uri is "/old-path-1?bar=1", users will be redirected to "/new-path-1?bar=1" 2. if request uri is "/old-path-2?bar=1", users will be redirected to "/new-path-2" 3. if request uri is "/old-path-3?bar=1", users will be redirected to "/new-path-3?foo=1"
- string prefix_rewrite = 5
  Indicates that during redirection, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request. .. attention:: Pay attention to the use of trailing slashes as mentioned in :ref:`RouteAction's prefix_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.prefix_rewrite>`.
- type.matcher.v3.RegexMatchAndSubstitute regex_rewrite = 9
  Indicates that during redirect, portions of the path that match the pattern should be rewritten, even allowing the substitution of capture groups from the pattern into the new path as specified by the rewrite substitution string. This is useful to allow application paths to be rewritten in a way that is aware of segments with variable content like identifiers. Examples using Google's `RE2 <https://github.com/google/re2>`_ engine: * The path pattern ``^/service/([^/]+)(/.*)$`` paired with a substitution string of ``\2/instance/\1`` would transform ``/service/foo/v1/api`` into ``/v1/api/instance/foo``. * The pattern ``one`` paired with a substitution string of ``two`` would transform ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/two/zzz``. * The pattern ``^(.*?)one(.*)$`` paired with a substitution string of ``\1two\2`` would replace only the first occurrence of ``one``, transforming path ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/one/zzz``. * The pattern ``(?i)/xxx/`` paired with a substitution string of ``/yyy/`` would do a case-insensitive match and transform path ``/aaa/XxX/bbb`` to ``/aaa/yyy/bbb``.
RedirectAction.RedirectResponseCode response_code = 3
The HTTP status code to use in the redirect response. The default response code is MOVED_PERMANENTLY (301).
bool strip_query = 6
Indicates that during redirection, the query portion of the URL will be removed. Default value is false.

Used in: RedirectAction

MOVED_PERMANENTLY = 0
Moved Permanently HTTP Status Code - 301.
FOUND = 1
Found HTTP Status Code - 302.
SEE_OTHER = 2
See Other HTTP Status Code - 303.
TEMPORARY_REDIRECT = 3
Temporary Redirect HTTP Status Code - 307.
PERMANENT_REDIRECT = 4
Permanent Redirect HTTP Status Code - 308.

HTTP retry :ref:`architecture overview <arch_overview_http_routing_retry>`. [#next-free-field: 14]

Used in: RouteAction, VirtualHost

string retry_on = 1
Specifies the conditions under which retry takes place. These are the same conditions documented for :ref:`config_http_filters_router_x-envoy-retry-on` and :ref:`config_http_filters_router_x-envoy-retry-grpc-on`.
optional google.protobuf.UInt32Value num_retries = 2
Specifies the allowed number of retries. This parameter is optional and defaults to 1. These are the same conditions documented for :ref:`config_http_filters_router_x-envoy-max-retries`.
optional google.protobuf.Duration per_try_timeout = 3
Specifies a non-zero upstream timeout per retry attempt (including the initial attempt). This parameter is optional. The same conditions documented for :ref:`config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms` apply. .. note:: If left unspecified, Envoy will use the global :ref:`route timeout <envoy_v3_api_field_config.route.v3.RouteAction.timeout>` for the request. Consequently, when using a :ref:`5xx <config_http_filters_router_x-envoy-retry-on>` based retry policy, a request that times out will not be retried as the total timeout budget would have been exhausted.
optional google.protobuf.Duration per_try_idle_timeout = 13
Specifies an upstream idle timeout per retry attempt (including the initial attempt). This parameter is optional and if absent there is no per try idle timeout. The semantics of the per try idle timeout are similar to the :ref:`route idle timeout <envoy_v3_api_field_config.route.v3.RouteAction.timeout>` and :ref:`stream idle timeout <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.stream_idle_timeout>` both enforced by the HTTP connection manager. The difference is that this idle timeout is enforced by the router for each individual attempt and thus after all previous filters have run, as opposed to *before* all previous filters run for the other idle timeouts. This timeout is useful in cases in which total request timeout is bounded by a number of retries and a :ref:`per_try_timeout <envoy_v3_api_field_config.route.v3.RetryPolicy.per_try_timeout>`, but there is a desire to ensure each try is making incremental progress. Note also that similar to :ref:`per_try_timeout <envoy_v3_api_field_config.route.v3.RetryPolicy.per_try_timeout>`, this idle timeout does not start until after both the entire request has been received by the router *and* a connection pool connection has been obtained. Unlike :ref:`per_try_timeout <envoy_v3_api_field_config.route.v3.RetryPolicy.per_try_timeout>`, the idle timer continues once the response starts streaming back to the downstream client. This ensures that response data continues to make progress without using one of the HTTP connection manager idle timeouts.
optional RetryPolicy.RetryPriority retry_priority = 4
Specifies an implementation of a RetryPriority which is used to determine the distribution of load across priorities used for retries. Refer to :ref:`retry plugin configuration <arch_overview_http_retry_plugins>` for more details.
repeated RetryPolicy.RetryHostPredicate retry_host_predicate = 5
Specifies a collection of RetryHostPredicates that will be consulted when selecting a host for retries. If any of the predicates reject the host, host selection will be reattempted. Refer to :ref:`retry plugin configuration <arch_overview_http_retry_plugins>` for more details.
repeated core.v3.TypedExtensionConfig retry_options_predicates = 12
Retry options predicates that will be applied prior to retrying a request. These predicates allow customizing request behavior between retries. [#comment: add [#extension-category: envoy.retry_options_predicates] when there are built-in extensions]
int64 host_selection_retry_max_attempts = 6
The maximum number of times host selection will be reattempted before giving up, at which point the host that was last selected will be routed to. If unspecified, this will default to retrying once.
repeated uint32 retriable_status_codes = 7
HTTP status codes that should trigger a retry in addition to those specified by retry_on.
optional RetryPolicy.RetryBackOff retry_back_off = 8
Specifies parameters that control exponential retry back off. This parameter is optional, in which case the default base interval is 25 milliseconds or, if set, the current value of the ``upstream.base_retry_backoff_ms`` runtime parameter. The default maximum interval is 10 times the base interval. The documentation for :ref:`config_http_filters_router_x-envoy-max-retries` describes Envoy's back-off algorithm.
optional RetryPolicy.RateLimitedRetryBackOff rate_limited_retry_back_off = 11
Specifies parameters that control a retry back-off strategy that is used when the request is rate limited by the upstream server. The server may return a response header like ``Retry-After`` or ``X-RateLimit-Reset`` to provide feedback to the client on how long to wait before retrying. If configured, this back-off strategy will be used instead of the default exponential back off strategy (configured using ``retry_back_off``) whenever a response includes the matching headers.
repeated HeaderMatcher retriable_headers = 9
HTTP response headers that trigger a retry if present in the response. A retry will be triggered if any of the header matches match the upstream response headers. The field is only consulted if 'retriable-headers' retry policy is active.
repeated HeaderMatcher retriable_request_headers = 10
HTTP headers which must be present in the request for retries to be attempted.

A retry back-off strategy that applies when the upstream server rate limits the request. Given this configuration: .. code-block:: yaml rate_limited_retry_back_off: reset_headers: - name: Retry-After format: SECONDS - name: X-RateLimit-Reset format: UNIX_TIMESTAMP max_interval: "300s" The following algorithm will apply: 1. If the response contains the header ``Retry-After`` its value must be on the form ``120`` (an integer that represents the number of seconds to wait before retrying). If so, this value is used as the back-off interval. 2. Otherwise, if the response contains the header ``X-RateLimit-Reset`` its value must be on the form ``1595320702`` (an integer that represents the point in time at which to retry, as a Unix timestamp in seconds). If so, the current time is subtracted from this value and the result is used as the back-off interval. 3. Otherwise, Envoy will use the default :ref:`exponential back-off <envoy_v3_api_field_config.route.v3.RetryPolicy.retry_back_off>` strategy. No matter which format is used, if the resulting back-off interval exceeds ``max_interval`` it is discarded and the next header in ``reset_headers`` is tried. If a request timeout is configured for the route it will further limit how long the request will be allowed to run. To prevent many clients retrying at the same point in time jitter is added to the back-off interval, so the resulting interval is decided by taking: ``random(interval, interval * 1.5)``. .. attention:: Configuring ``rate_limited_retry_back_off`` will not by itself cause a request to be retried. You will still need to configure the right retry policy to match the responses from the upstream server.

Used in: RetryPolicy

repeated ResetHeader reset_headers = 1
Specifies the reset headers (like ``Retry-After`` or ``X-RateLimit-Reset``) to match against the response. Headers are tried in order, and matched case insensitive. The first header to be parsed successfully is used. If no headers match the default exponential back-off is used instead.
optional google.protobuf.Duration max_interval = 2
Specifies the maximum back off interval that Envoy will allow. If a reset header contains an interval longer than this then it will be discarded and the next header will be tried. Defaults to 300 seconds.

Used in: RateLimitedRetryBackOff

string name = 1
The name of the reset header. .. note:: If the header appears multiple times only the first value is used.
ResetHeaderFormat format = 2
The format of the reset header.

Used in: ResetHeader

SECONDS = 0
UNIX_TIMESTAMP = 1

Used in: RetryPolicy

optional google.protobuf.Duration base_interval = 1
Specifies the base interval between retries. This parameter is required and must be greater than zero. Values less than 1 ms are rounded up to 1 ms. See :ref:`config_http_filters_router_x-envoy-max-retries` for a discussion of Envoy's back-off algorithm.
optional google.protobuf.Duration max_interval = 2
Specifies the maximum interval between retries. This parameter is optional, but must be greater than or equal to the ``base_interval`` if set. The default is 10 times the ``base_interval``. See :ref:`config_http_filters_router_x-envoy-max-retries` for a discussion of Envoy's back-off algorithm.

Used in: RetryPolicy

string name = 1
oneof config_type
[#extension-category: envoy.retry_host_predicates]
- google.protobuf.Any typed_config = 3

Used in: RetryPolicy

string name = 1
oneof config_type
[#extension-category: envoy.retry_priorities]
- google.protobuf.Any typed_config = 3

A route is both a specification of how to match a request as well as an indication of what to do next (e.g., redirect, forward, rewrite, etc.). .. attention:: Envoy supports routing on HTTP method via :ref:`header matching <envoy_v3_api_msg_config.route.v3.HeaderMatcher>`. [#next-free-field: 20]

Used in: RouteList, VirtualHost

string name = 14
Name for the route.
optional RouteMatch match = 1
Route matching parameters.
oneof action
- RouteAction route = 2
  Route request to some upstream cluster.
- RedirectAction redirect = 3
  Return a redirect.
- DirectResponseAction direct_response = 7
  Return an arbitrary HTTP response directly, without proxying.
- FilterAction filter_action = 17
  [#not-implemented-hide:] A filter-defined action (e.g., it could dynamically generate the RouteAction). [#comment: TODO(samflattery): Remove cleanup in route_fuzz_test.cc when implemented]
- NonForwardingAction non_forwarding_action = 18
  [#not-implemented-hide:] An action used when the route will generate a response directly, without forwarding to an upstream host. This will be used in non-proxy xDS clients like the gRPC server. It could also be used in the future in Envoy for a filter that directly generates responses for requests.
optional core.v3.Metadata metadata = 4
The Metadata field can be used to provide additional information about the route. It can be used for configuration, stats, and logging. The metadata should go under the filter namespace that will need it. For instance, if the metadata is intended for the Router filter, the filter name should be specified as ``envoy.filters.http.router``.
optional Decorator decorator = 5
Decorator for the matched route.
map<string, google.protobuf.Any> typed_per_filter_config = 13
This field can be used to provide route specific per filter config. The key should match the :ref:`filter config name <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpFilter.name>`. See :ref:`Http filter route specific config <arch_overview_http_filters_per_filter_config>` for details. [#comment: An entry's value may be wrapped in a :ref:`FilterConfig<envoy_v3_api_msg_config.route.v3.FilterConfig>` message to specify additional options.]
repeated core.v3.HeaderValueOption request_headers_to_add = 9
Specifies a set of headers that will be added to requests matching this route. Headers specified at this level are applied before headers from the enclosing :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost` and :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including details on header value syntax, see the documentation on :ref:`custom request headers <config_http_conn_man_headers_custom_request_headers>`.
repeated string request_headers_to_remove = 12
Specifies a list of HTTP headers that should be removed from each request matching this route.
repeated core.v3.HeaderValueOption response_headers_to_add = 10
Specifies a set of headers that will be added to responses to requests matching this route. Headers specified at this level are applied before headers from the enclosing :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost` and :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including details on header value syntax, see the documentation on :ref:`custom request headers <config_http_conn_man_headers_custom_request_headers>`.
repeated string response_headers_to_remove = 11
Specifies a list of HTTP headers that should be removed from each response to requests matching this route.
optional Tracing tracing = 15
Presence of the object defines whether the connection manager's tracing configuration is overridden by this route specific instance.
optional google.protobuf.UInt32Value per_request_buffer_limit_bytes = 16
The maximum bytes which will be buffered for retries and shadowing. If set, the bytes actually buffered will be the minimum value of this and the listener per_connection_buffer_limit_bytes.
string stat_prefix = 19
The human readable prefix to use when emitting statistics for this endpoint. The statistics are rooted at vhost.<virtual host name>.route.<stat_prefix>. This should be set for highly critical endpoints that one wishes to get “per-route” statistics on. If not set, endpoint statistics are not generated. The emitted statistics are the same as those documented for :ref:`virtual clusters <config_http_filters_router_vcluster_stats>`. .. warning:: We do not recommend setting up a stat prefix for every application endpoint. This is both not easily maintainable and statistics use a non-trivial amount of memory(approximately 1KiB per route).

[#next-free-field: 42]

Used in: Route

oneof cluster_specifier
- string cluster = 1
  Indicates the upstream cluster to which the request should be routed to.
- string cluster_header = 2
  Envoy will determine the cluster to route to by reading the value of the HTTP header named by cluster_header from the request headers. If the header is not found or the referenced cluster does not exist, Envoy will return a 404 response. .. attention:: Internally, Envoy always uses the HTTP/2 ``:authority`` header to represent the HTTP/1 ``Host`` header. Thus, if attempting to match on ``Host``, match on ``:authority`` instead. .. note:: If the header appears multiple times only the first value is used.
- WeightedCluster weighted_clusters = 3
  Multiple upstream clusters can be specified for a given route. The request is routed to one of the upstream clusters based on weights assigned to each cluster. See :ref:`traffic splitting <config_http_conn_man_route_table_traffic_splitting_split>` for additional documentation.
- string cluster_specifier_plugin = 37
  Name of the cluster specifier plugin to use to determine the cluster for requests on this route. The cluster specifier plugin name must be defined in the associated :ref:`cluster specifier plugins <envoy_v3_api_field_config.route.v3.RouteConfiguration.cluster_specifier_plugins>` in the :ref:`name <envoy_v3_api_field_config.core.v3.TypedExtensionConfig.name>` field.
- ClusterSpecifierPlugin inline_cluster_specifier_plugin = 39
  Custom cluster specifier plugin configuration to use to determine the cluster for requests on this route.
RouteAction.ClusterNotFoundResponseCode cluster_not_found_response_code = 20
The HTTP status code to use when configured cluster is not found. The default response code is 503 Service Unavailable.
optional core.v3.Metadata metadata_match = 4
Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints in the upstream cluster with metadata matching what's set in this field will be considered for load balancing. If using :ref:`weighted_clusters <envoy_v3_api_field_config.route.v3.RouteAction.weighted_clusters>`, metadata will be merged, with values provided there taking precedence. The filter name should be specified as ``envoy.lb``.
string prefix_rewrite = 5
Indicates that during forwarding, the matched prefix (or path) should be swapped with this value. This option allows application URLs to be rooted at a different path from those exposed at the reverse proxy layer. The router filter will place the original path before rewrite into the :ref:`x-envoy-original-path <config_http_filters_router_x-envoy-original-path>` header. Only one of :ref:`regex_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.regex_rewrite>` :ref:`path_rewrite_policy <envoy_v3_api_field_config.route.v3.RouteAction.path_rewrite_policy>`, or :ref:`prefix_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.prefix_rewrite>` may be specified. .. attention:: Pay careful attention to the use of trailing slashes in the :ref:`route's match <envoy_v3_api_field_config.route.v3.Route.match>` prefix value. Stripping a prefix from a path requires multiple Routes to handle all cases. For example, rewriting ``/prefix`` to ``/`` and ``/prefix/etc`` to ``/etc`` cannot be done in a single :ref:`Route <envoy_v3_api_msg_config.route.v3.Route>`, as shown by the below config entries: .. code-block:: yaml - match: prefix: "/prefix/" route: prefix_rewrite: "/" - match: prefix: "/prefix" route: prefix_rewrite: "/" Having above entries in the config, requests to ``/prefix`` will be stripped to ``/``, while requests to ``/prefix/etc`` will be stripped to ``/etc``.
optional type.matcher.v3.RegexMatchAndSubstitute regex_rewrite = 32
Indicates that during forwarding, portions of the path that match the pattern should be rewritten, even allowing the substitution of capture groups from the pattern into the new path as specified by the rewrite substitution string. This is useful to allow application paths to be rewritten in a way that is aware of segments with variable content like identifiers. The router filter will place the original path as it was before the rewrite into the :ref:`x-envoy-original-path <config_http_filters_router_x-envoy-original-path>` header. Only one of :ref:`regex_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.regex_rewrite>`, :ref:`prefix_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.prefix_rewrite>`, or :ref:`path_rewrite_policy <envoy_v3_api_field_config.route.v3.RouteAction.path_rewrite_policy>`] may be specified. Examples using Google's `RE2 <https://github.com/google/re2>`_ engine: * The path pattern ``^/service/([^/]+)(/.*)$`` paired with a substitution string of ``\2/instance/\1`` would transform ``/service/foo/v1/api`` into ``/v1/api/instance/foo``. * The pattern ``one`` paired with a substitution string of ``two`` would transform ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/two/zzz``. * The pattern ``^(.*?)one(.*)$`` paired with a substitution string of ``\1two\2`` would replace only the first occurrence of ``one``, transforming path ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/one/zzz``. * The pattern ``(?i)/xxx/`` paired with a substitution string of ``/yyy/`` would do a case-insensitive match and transform path ``/aaa/XxX/bbb`` to ``/aaa/yyy/bbb``.
optional core.v3.TypedExtensionConfig path_rewrite_policy = 41
[#extension-category: envoy.path.rewrite]
oneof host_rewrite_specifier
- string host_rewrite_literal = 6
  Indicates that during forwarding, the host header will be swapped with this value. Using this option will append the :ref:`config_http_conn_man_headers_x-forwarded-host` header if :ref:`append_x_forwarded_host <envoy_v3_api_field_config.route.v3.RouteAction.append_x_forwarded_host>` is set.
- google.protobuf.BoolValue auto_host_rewrite = 7
  Indicates that during forwarding, the host header will be swapped with the hostname of the upstream host chosen by the cluster manager. This option is applicable only when the destination cluster for a route is of type ``strict_dns`` or ``logical_dns``, or when :ref:`hostname <envoy_v3_api_field_config.endpoint.v3.Endpoint.hostname>` field is not empty. Setting this to true with other cluster types has no effect. Using this option will append the :ref:`config_http_conn_man_headers_x-forwarded-host` header if :ref:`append_x_forwarded_host <envoy_v3_api_field_config.route.v3.RouteAction.append_x_forwarded_host>` is set.
- string host_rewrite_header = 29
  Indicates that during forwarding, the host header will be swapped with the content of given downstream or :ref:`custom <config_http_conn_man_headers_custom_request_headers>` header. If header value is empty, host header is left intact. Using this option will append the :ref:`config_http_conn_man_headers_x-forwarded-host` header if :ref:`append_x_forwarded_host <envoy_v3_api_field_config.route.v3.RouteAction.append_x_forwarded_host>` is set. .. attention:: Pay attention to the potential security implications of using this option. Provided header must come from trusted source. .. note:: If the header appears multiple times only the first value is used.
- type.matcher.v3.RegexMatchAndSubstitute host_rewrite_path_regex = 35
  Indicates that during forwarding, the host header will be swapped with the result of the regex substitution executed on path value with query and fragment removed. This is useful for transitioning variable content between path segment and subdomain. Using this option will append the :ref:`config_http_conn_man_headers_x-forwarded-host` header if :ref:`append_x_forwarded_host <envoy_v3_api_field_config.route.v3.RouteAction.append_x_forwarded_host>` is set. For example with the following config: .. code-block:: yaml host_rewrite_path_regex: pattern: google_re2: {} regex: "^/(.+)/.+$" substitution: \1 Would rewrite the host header to ``envoyproxy.io`` given the path ``/envoyproxy.io/some/path``.
bool append_x_forwarded_host = 38
If set, then a host rewrite action (one of :ref:`host_rewrite_literal <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_literal>`, :ref:`auto_host_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.auto_host_rewrite>`, :ref:`host_rewrite_header <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_header>`, or :ref:`host_rewrite_path_regex <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_path_regex>`) causes the original value of the host header, if any, to be appended to the :ref:`config_http_conn_man_headers_x-forwarded-host` HTTP header if it is different to the last value appended.
optional google.protobuf.Duration timeout = 8
Specifies the upstream timeout for the route. If not specified, the default is 15s. This spans between the point at which the entire downstream request (i.e. end-of-stream) has been processed and when the upstream response has been completely processed. A value of 0 will disable the route's timeout. .. note:: This timeout includes all retries. See also :ref:`config_http_filters_router_x-envoy-upstream-rq-timeout-ms`, :ref:`config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms`, and the :ref:`retry overview <arch_overview_http_routing_retry>`.
optional google.protobuf.Duration idle_timeout = 24
Specifies the idle timeout for the route. If not specified, there is no per-route idle timeout, although the connection manager wide :ref:`stream_idle_timeout <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.stream_idle_timeout>` will still apply. A value of 0 will completely disable the route's idle timeout, even if a connection manager stream idle timeout is configured. The idle timeout is distinct to :ref:`timeout <envoy_v3_api_field_config.route.v3.RouteAction.timeout>`, which provides an upper bound on the upstream response time; :ref:`idle_timeout <envoy_v3_api_field_config.route.v3.RouteAction.idle_timeout>` instead bounds the amount of time the request's stream may be idle. After header decoding, the idle timeout will apply on downstream and upstream request events. Each time an encode/decode event for headers or data is processed for the stream, the timer will be reset. If the timeout fires, the stream is terminated with a 408 Request Timeout error code if no upstream response header has been received, otherwise a stream reset occurs. If the :ref:`overload action <config_overload_manager_overload_actions>` "envoy.overload_actions.reduce_timeouts" is configured, this timeout is scaled according to the value for :ref:`HTTP_DOWNSTREAM_STREAM_IDLE <envoy_v3_api_enum_value_config.overload.v3.ScaleTimersOverloadActionConfig.TimerType.HTTP_DOWNSTREAM_STREAM_IDLE>`.
optional core.v3.TypedExtensionConfig early_data_policy = 40
Specifies how to send request over TLS early data. If absent, allows `safe HTTP requests <https://www.rfc-editor.org/rfc/rfc7231#section-4.2.1>`_ to be sent on early data. [#extension-category: envoy.route.early_data_policy]
optional RetryPolicy retry_policy = 9
Indicates that the route has a retry policy. Note that if this is set, it'll take precedence over the virtual host level retry policy entirely (e.g.: policies are not merged, most internal one becomes the enforced policy).
optional google.protobuf.Any retry_policy_typed_config = 33
[#not-implemented-hide:] Specifies the configuration for retry policy extension. Note that if this is set, it'll take precedence over the virtual host level retry policy entirely (e.g.: policies are not merged, most internal one becomes the enforced policy). :ref:`Retry policy <envoy_v3_api_field_config.route.v3.VirtualHost.retry_policy>` should not be set if this field is used.
repeated RouteAction.RequestMirrorPolicy request_mirror_policies = 30
Specify a set of route request mirroring policies. It takes precedence over the virtual host and route config mirror policy entirely. That is, policies are not merged, the most specific non-empty one becomes the mirror policies.
core.v3.RoutingPriority priority = 11
Optionally specifies the :ref:`routing priority <arch_overview_http_routing_priority>`.
repeated RateLimit rate_limits = 13
Specifies a set of rate limit configurations that could be applied to the route.
optional google.protobuf.BoolValue include_vh_rate_limits = 14
Specifies if the rate limit filter should include the virtual host rate limits. By default, if the route configured rate limits, the virtual host :ref:`rate_limits <envoy_v3_api_field_config.route.v3.VirtualHost.rate_limits>` are not applied to the request. This field is deprecated. Please use :ref:`vh_rate_limits <envoy_v3_api_field_extensions.filters.http.ratelimit.v3.RateLimitPerRoute.vh_rate_limits>`
repeated RouteAction.HashPolicy hash_policy = 15
Specifies a list of hash policies to use for ring hash load balancing. Each hash policy is evaluated individually and the combined result is used to route the request. The method of combination is deterministic such that identical lists of hash policies will produce the same hash. Since a hash policy examines specific parts of a request, it can fail to produce a hash (i.e. if the hashed header is not present). If (and only if) all configured hash policies fail to generate a hash, no hash will be produced for the route. In this case, the behavior is the same as if no hash policies were specified (i.e. the ring hash load balancer will choose a random backend). If a hash policy has the "terminal" attribute set to true, and there is already a hash generated, the hash is returned immediately, ignoring the rest of the hash policy list.
optional CorsPolicy cors = 17
Indicates that the route has a CORS policy. This field is ignored if related cors policy is found in the :ref:`Route.typed_per_filter_config<envoy_v3_api_field_config.route.v3.Route.typed_per_filter_config>` or :ref:`WeightedCluster.ClusterWeight.typed_per_filter_config<envoy_v3_api_field_config.route.v3.WeightedCluster.ClusterWeight.typed_per_filter_config>`. .. attention:: This option has been deprecated. Please use :ref:`Route.typed_per_filter_config<envoy_v3_api_field_config.route.v3.Route.typed_per_filter_config>` or :ref:`WeightedCluster.ClusterWeight.typed_per_filter_config<envoy_v3_api_field_config.route.v3.WeightedCluster.ClusterWeight.typed_per_filter_config>` to configure the CORS HTTP filter.
optional google.protobuf.Duration max_grpc_timeout = 23
Deprecated by :ref:`grpc_timeout_header_max <envoy_v3_api_field_config.route.v3.RouteAction.MaxStreamDuration.grpc_timeout_header_max>` If present, and the request is a gRPC request, use the `grpc-timeout header <https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md>`_, or its default value (infinity) instead of :ref:`timeout <envoy_v3_api_field_config.route.v3.RouteAction.timeout>`, but limit the applied timeout to the maximum value specified here. If configured as 0, the maximum allowed timeout for gRPC requests is infinity. If not configured at all, the ``grpc-timeout`` header is not used and gRPC requests time out like any other requests using :ref:`timeout <envoy_v3_api_field_config.route.v3.RouteAction.timeout>` or its default. This can be used to prevent unexpected upstream request timeouts due to potentially long time gaps between gRPC request and response in gRPC streaming mode. .. note:: If a timeout is specified using :ref:`config_http_filters_router_x-envoy-upstream-rq-timeout-ms`, it takes precedence over `grpc-timeout header <https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md>`_, when both are present. See also :ref:`config_http_filters_router_x-envoy-upstream-rq-timeout-ms`, :ref:`config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms`, and the :ref:`retry overview <arch_overview_http_routing_retry>`.
optional google.protobuf.Duration grpc_timeout_offset = 28
Deprecated by :ref:`grpc_timeout_header_offset <envoy_v3_api_field_config.route.v3.RouteAction.MaxStreamDuration.grpc_timeout_header_offset>`. If present, Envoy will adjust the timeout provided by the ``grpc-timeout`` header by subtracting the provided duration from the header. This is useful in allowing Envoy to set its global timeout to be less than that of the deadline imposed by the calling client, which makes it more likely that Envoy will handle the timeout instead of having the call canceled by the client. The offset will only be applied if the provided grpc_timeout is greater than the offset. This ensures that the offset will only ever decrease the timeout and never set it to 0 (meaning infinity).
repeated RouteAction.UpgradeConfig upgrade_configs = 25
optional InternalRedirectPolicy internal_redirect_policy = 34
If present, Envoy will try to follow an upstream redirect response instead of proxying the response back to the downstream. An upstream redirect response is defined by :ref:`redirect_response_codes <envoy_v3_api_field_config.route.v3.InternalRedirectPolicy.redirect_response_codes>`.
RouteAction.InternalRedirectAction internal_redirect_action = 26
optional google.protobuf.UInt32Value max_internal_redirects = 31
An internal redirect is handled, iff the number of previous internal redirects that a downstream request has encountered is lower than this value, and :ref:`internal_redirect_action <envoy_v3_api_field_config.route.v3.RouteAction.internal_redirect_action>` is set to :ref:`HANDLE_INTERNAL_REDIRECT <envoy_v3_api_enum_value_config.route.v3.RouteAction.InternalRedirectAction.HANDLE_INTERNAL_REDIRECT>` In the case where a downstream request is bounced among multiple routes by internal redirect, the first route that hits this threshold, or has :ref:`internal_redirect_action <envoy_v3_api_field_config.route.v3.RouteAction.internal_redirect_action>` set to :ref:`PASS_THROUGH_INTERNAL_REDIRECT <envoy_v3_api_enum_value_config.route.v3.RouteAction.InternalRedirectAction.PASS_THROUGH_INTERNAL_REDIRECT>` will pass the redirect back to downstream. If not specified, at most one redirect will be followed.
optional HedgePolicy hedge_policy = 27
Indicates that the route has a hedge policy. Note that if this is set, it'll take precedence over the virtual host level hedge policy entirely (e.g.: policies are not merged, most internal one becomes the enforced policy).
optional RouteAction.MaxStreamDuration max_stream_duration = 36
Specifies the maximum stream duration for this route.

Used in: RouteAction

SERVICE_UNAVAILABLE = 0
HTTP status code - 503 Service Unavailable.
NOT_FOUND = 1
HTTP status code - 404 Not Found.
INTERNAL_SERVER_ERROR = 2
HTTP status code - 500 Internal Server Error.

Specifies the route's hashing policy if the upstream cluster uses a hashing :ref:`load balancer <arch_overview_load_balancing_types>`. [#next-free-field: 7]

Used in: RouteAction

oneof policy_specifier
- HashPolicy.Header header = 1
  Header hash policy.
- HashPolicy.Cookie cookie = 2
  Cookie hash policy.
- HashPolicy.ConnectionProperties connection_properties = 3
  Connection properties hash policy.
- HashPolicy.QueryParameter query_parameter = 5
  Query parameter hash policy.
- HashPolicy.FilterState filter_state = 6
  Filter state hash policy.
bool terminal = 4
The flag that short-circuits the hash computing. This field provides a 'fallback' style of configuration: "if a terminal policy doesn't work, fallback to rest of the policy list", it saves time when the terminal policy works. If true, and there is already a hash computed, ignore rest of the list of hash polices. For example, if the following hash methods are configured: ========= ======== specifier terminal ========= ======== Header A true Header B false Header C false ========= ======== The generateHash process ends if policy "header A" generates a hash, as it's a terminal policy.

Used in: HashPolicy

bool source_ip = 1
Hash on source IP address.

Envoy supports two types of cookie affinity: 1. Passive. Envoy takes a cookie that's present in the cookies header and hashes on its value. 2. Generated. Envoy generates and sets a cookie with an expiration (TTL) on the first request from the client in its response to the client, based on the endpoint the request gets sent to. The client then presents this on the next and all subsequent requests. The hash of this is sufficient to ensure these requests get sent to the same endpoint. The cookie is generated by hashing the source and destination ports and addresses so that multiple independent HTTP2 streams on the same connection will independently receive the same cookie, even if they arrive at the Envoy simultaneously.

Used in: HashPolicy

string name = 1
The name of the cookie that will be used to obtain the hash key. If the cookie is not present and ttl below is not set, no hash will be produced.
optional google.protobuf.Duration ttl = 2
If specified, a cookie with the TTL will be generated if the cookie is not present. If the TTL is present and zero, the generated cookie will be a session cookie.
string path = 3
The name of the path for the cookie. If no path is specified here, no path will be set for the cookie.
repeated CookieAttribute attributes = 4
Additional attributes for the cookie. They will be used when generating a new cookie.

CookieAttribute defines an API for adding additional attributes for a HTTP cookie.

Used in: Cookie

string name = 1
The name of the cookie attribute.
string value = 2
The optional value of the cookie attribute.

Used in: HashPolicy

string key = 1
The name of the Object in the per-request filterState, which is an Envoy::Hashable object. If there is no data associated with the key, or the stored object is not Envoy::Hashable, no hash will be produced.

Used in: HashPolicy

string header_name = 1
The name of the request header that will be used to obtain the hash key. If the request header is not present, no hash will be produced.
optional type.matcher.v3.RegexMatchAndSubstitute regex_rewrite = 2
If specified, the request header value will be rewritten and used to produce the hash key.

Used in: HashPolicy

string name = 1
The name of the URL query parameter that will be used to obtain the hash key. If the parameter is not present, no hash will be produced. Query parameter names are case-sensitive. If query parameters are repeated, only the first value will be considered.

Configures :ref:`internal redirect <arch_overview_internal_redirects>` behavior. [#next-major-version: remove this definition - it's defined in the InternalRedirectPolicy message.]

Used in: RouteAction

PASS_THROUGH_INTERNAL_REDIRECT = 0
HANDLE_INTERNAL_REDIRECT = 1

Used in: RouteAction

optional google.protobuf.Duration max_stream_duration = 1
Specifies the maximum duration allowed for streams on the route. If not specified, the value from the :ref:`max_stream_duration <envoy_v3_api_field_config.core.v3.HttpProtocolOptions.max_stream_duration>` field in :ref:`HttpConnectionManager.common_http_protocol_options <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.common_http_protocol_options>` is used. If this field is set explicitly to zero, any HttpConnectionManager max_stream_duration timeout will be disabled for this route.
optional google.protobuf.Duration grpc_timeout_header_max = 2
If present, and the request contains a `grpc-timeout header <https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md>`_, use that value as the ``max_stream_duration``, but limit the applied timeout to the maximum value specified here. If set to 0, the ``grpc-timeout`` header is used without modification.
optional google.protobuf.Duration grpc_timeout_header_offset = 3
If present, Envoy will adjust the timeout provided by the ``grpc-timeout`` header by subtracting the provided duration from the header. This is useful for allowing Envoy to set its global timeout to be less than that of the deadline imposed by the calling client, which makes it more likely that Envoy will handle the timeout instead of having the call canceled by the client. If, after applying the offset, the resulting timeout is zero or negative, the stream will timeout immediately.

The router is capable of shadowing traffic from one cluster to another. The current implementation is "fire and forget," meaning Envoy will not wait for the shadow cluster to respond before returning the response from the primary cluster. All normal statistics are collected for the shadow cluster making this feature useful for testing. During shadowing, the host/authority header is altered such that ``-shadow`` is appended. This is useful for logging. For example, ``cluster1`` becomes ``cluster1-shadow``. This behavior can be disabled by setting ``disable_shadow_host_suffix_append`` to ``true``. .. note:: Shadowing will not be triggered if the primary cluster does not exist. .. note:: Shadowing doesn't support Http CONNECT and upgrades. [#next-free-field: 7]

Used in: RouteAction, RouteConfiguration, VirtualHost

string cluster = 1
Only one of ``cluster`` and ``cluster_header`` can be specified. [#next-major-version: Need to add back the validation rule: (validate.rules).string = {min_len: 1}] Specifies the cluster that requests will be mirrored to. The cluster must exist in the cluster manager configuration.
string cluster_header = 5
Only one of ``cluster`` and ``cluster_header`` can be specified. Envoy will determine the cluster to route to by reading the value of the HTTP header named by cluster_header from the request headers. Only the first value in header is used, and no shadow request will happen if the value is not found in headers. Envoy will not wait for the shadow cluster to respond before returning the response from the primary cluster. .. attention:: Internally, Envoy always uses the HTTP/2 ``:authority`` header to represent the HTTP/1 ``Host`` header. Thus, if attempting to match on ``Host``, match on ``:authority`` instead. .. note:: If the header appears multiple times only the first value is used.
optional core.v3.RuntimeFractionalPercent runtime_fraction = 3
If not specified, all requests to the target cluster will be mirrored. If specified, this field takes precedence over the ``runtime_key`` field and requests must also fall under the percentage of matches indicated by this field. For some fraction N/D, a random number in the range [0,D) is selected. If the number is <= the value of the numerator N, or if the key is not present, the default value, the request will be mirrored.
optional google.protobuf.BoolValue trace_sampled = 4
Specifies whether the trace span for the shadow request should be sampled. If this field is not explicitly set, the shadow request will inherit the sampling decision of its parent span. This ensures consistency with the trace sampling policy of the original request and prevents oversampling, especially in scenarios where runtime sampling is disabled.
bool disable_shadow_host_suffix_append = 6
Disables appending the ``-shadow`` suffix to the shadowed ``Host`` header. Defaults to ``false``.

Allows enabling and disabling upgrades on a per-route basis. This overrides any enabled/disabled upgrade filter chain specified in the HttpConnectionManager :ref:`upgrade_configs <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.upgrade_configs>` but does not affect any custom filter chain specified there.

Used in: RouteAction

string upgrade_type = 1
The case-insensitive name of this upgrade, e.g. "websocket". For each upgrade type present in upgrade_configs, requests with Upgrade: [upgrade_type] will be proxied upstream.
optional google.protobuf.BoolValue enabled = 2
Determines if upgrades are available on this route. Defaults to true.
optional UpgradeConfig.ConnectConfig connect_config = 3
Configuration for sending data upstream as a raw data payload. This is used for CONNECT requests, when forwarding CONNECT payload as raw TCP. Note that CONNECT support is currently considered alpha in Envoy. [#comment: TODO(htuch): Replace the above comment with an alpha tag.]

Configuration for sending data upstream as a raw data payload. This is used for CONNECT or POST requests, when forwarding request payload as raw TCP.

Used in: UpgradeConfig

optional core.v3.ProxyProtocolConfig proxy_protocol_config = 1
If present, the proxy protocol header will be prepended to the CONNECT payload sent upstream.
bool allow_post = 2
If set, the route will also allow forwarding POST payload as raw TCP.

[#next-free-field: 18]

Used in: ScopedRouteConfiguration, extensions.filters.network.http_connection_manager.v3.HttpConnectionManager

string name = 1
The name of the route configuration. For example, it might match :ref:`route_config_name <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.Rds.route_config_name>` in :ref:`envoy_v3_api_msg_extensions.filters.network.http_connection_manager.v3.Rds`.
repeated VirtualHost virtual_hosts = 2
An array of virtual hosts that make up the route table.
optional Vhds vhds = 9
An array of virtual hosts will be dynamically loaded via the VHDS API. Both ``virtual_hosts`` and ``vhds`` fields will be used when present. ``virtual_hosts`` can be used for a base routing table or for infrequently changing virtual hosts. ``vhds`` is used for on-demand discovery of virtual hosts. The contents of these two fields will be merged to generate a routing table for a given RouteConfiguration, with ``vhds`` derived configuration taking precedence.
repeated string internal_only_headers = 3
Optionally specifies a list of HTTP headers that the connection manager will consider to be internal only. If they are found on external requests they will be cleaned prior to filter invocation. See :ref:`config_http_conn_man_headers_x-envoy-internal` for more information.
repeated core.v3.HeaderValueOption response_headers_to_add = 4
Specifies a list of HTTP headers that should be added to each response that the connection manager encodes. Headers specified at this level are applied after headers from any enclosed :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost` or :ref:`envoy_v3_api_msg_config.route.v3.RouteAction`. For more information, including details on header value syntax, see the documentation on :ref:`custom request headers <config_http_conn_man_headers_custom_request_headers>`.
repeated string response_headers_to_remove = 5
Specifies a list of HTTP headers that should be removed from each response that the connection manager encodes.
repeated core.v3.HeaderValueOption request_headers_to_add = 6
Specifies a list of HTTP headers that should be added to each request routed by the HTTP connection manager. Headers specified at this level are applied after headers from any enclosed :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost` or :ref:`envoy_v3_api_msg_config.route.v3.RouteAction`. For more information, including details on header value syntax, see the documentation on :ref:`custom request headers <config_http_conn_man_headers_custom_request_headers>`.
repeated string request_headers_to_remove = 8
Specifies a list of HTTP headers that should be removed from each request routed by the HTTP connection manager.
bool most_specific_header_mutations_wins = 10
Headers mutations at all levels are evaluated, if specified. By default, the order is from most specific (i.e. route entry level) to least specific (i.e. route configuration level). Later header mutations may override earlier mutations. This order can be reversed by setting this field to true. In other words, most specific level mutation is evaluated last.
optional google.protobuf.BoolValue validate_clusters = 7
An optional boolean that specifies whether the clusters that the route table refers to will be validated by the cluster manager. If set to true and a route refers to a non-existent cluster, the route table will not load. If set to false and a route refers to a non-existent cluster, the route table will load and the router filter will return a 404 if the route is selected at runtime. This setting defaults to true if the route table is statically defined via the :ref:`route_config <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.route_config>` option. This setting default to false if the route table is loaded dynamically via the :ref:`rds <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.rds>` option. Users may wish to override the default behavior in certain cases (for example when using CDS with a static route table).
optional google.protobuf.UInt32Value max_direct_response_body_size_bytes = 11
The maximum bytes of the response :ref:`direct response body <envoy_v3_api_field_config.route.v3.DirectResponseAction.body>` size. If not specified the default is 4096. .. warning:: Envoy currently holds the content of :ref:`direct response body <envoy_v3_api_field_config.route.v3.DirectResponseAction.body>` in memory. Be careful setting this to be larger than the default 4KB, since the allocated memory for direct response body is not subject to data plane buffering controls.
repeated ClusterSpecifierPlugin cluster_specifier_plugins = 12
A list of plugins and their configurations which may be used by a :ref:`cluster specifier plugin name <envoy_v3_api_field_config.route.v3.RouteAction.cluster_specifier_plugin>` within the route. All ``extension.name`` fields in this list must be unique.
repeated RouteAction.RequestMirrorPolicy request_mirror_policies = 13
Specify a set of default request mirroring policies which apply to all routes under its virtual hosts. Note that policies are not merged, the most specific non-empty one becomes the mirror policies.
bool ignore_port_in_host_matching = 14
By default, port in :authority header (if any) is used in host matching. With this option enabled, Envoy will ignore the port number in the :authority header (if any) when picking VirtualHost. NOTE: this option will not strip the port number (if any) contained in route config :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost`.domains field.
bool ignore_path_parameters_in_path_matching = 15
Ignore path-parameters in path-matching. Before RFC3986, URI were like(RFC1808): <scheme>://<net_loc>/<path>;<params>?<query>#<fragment> Envoy by default takes ":path" as "<path>;<params>". For users who want to only match path on the "<path>" portion, this option should be true.
map<string, google.protobuf.Any> typed_per_filter_config = 16
This field can be used to provide RouteConfiguration level per filter config. The key should match the :ref:`filter config name <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpFilter.name>`. See :ref:`Http filter route specific config <arch_overview_http_filters_per_filter_config>` for details. [#comment: An entry's value may be wrapped in a :ref:`FilterConfig<envoy_v3_api_msg_config.route.v3.FilterConfig>` message to specify additional options.]
optional core.v3.Metadata metadata = 17
The metadata field can be used to provide additional information about the route configuration. It can be used for configuration, stats, and logging. The metadata should go under the filter namespace that will need it. For instance, if the metadata is intended for the Router filter, the filter name should be specified as ``envoy.filters.http.router``.

This can be used in route matcher :ref:`VirtualHost.matcher <envoy_v3_api_field_config.route.v3.VirtualHost.matcher>`. When the matcher matches, routes will be matched and run.

repeated Route routes = 1
The list of routes that will be matched and run, in order. The first route that matches will be used.

[#next-free-field: 17]

Used in: Route, extensions.filters.http.jwt_authn.v3.RequirementRule

oneof path_specifier
- string prefix = 1
  If specified, the route is a prefix rule meaning that the prefix must match the beginning of the ``:path`` header.
- string path = 2
  If specified, the route is an exact path rule meaning that the path must exactly match the ``:path`` header once the query string is removed.
- type.matcher.v3.RegexMatcher safe_regex = 10
  If specified, the route is a regular expression rule meaning that the regex must match the ``:path`` header once the query string is removed. The entire path (without the query string) must match the regex. The rule will not match if only a subsequence of the ``:path`` header matches the regex. [#next-major-version: In the v3 API we should redo how path specification works such that we utilize StringMatcher, and additionally have consistent options around whether we strip query strings, do a case sensitive match, etc. In the interim it will be too disruptive to deprecate the existing options. We should even consider whether we want to do away with path_specifier entirely and just rely on a set of header matchers which can already match on :path, etc. The issue with that is it is unclear how to generically deal with query string stripping. This needs more thought.]
- RouteMatch.ConnectMatcher connect_matcher = 12
  If this is used as the matcher, the matcher will only match CONNECT or CONNECT-UDP requests. Note that this will not match other Extended CONNECT requests (WebSocket and the like) as they are normalized in Envoy as HTTP/1.1 style upgrades. This is the only way to match CONNECT requests for HTTP/1.1. For HTTP/2 and HTTP/3, where Extended CONNECT requests may have a path, the path matchers will work if there is a path present. Note that CONNECT support is currently considered alpha in Envoy. [#comment: TODO(htuch): Replace the above comment with an alpha tag.]
- string path_separated_prefix = 14
  If specified, the route is a path-separated prefix rule meaning that the ``:path`` header (without the query string) must either exactly match the ``path_separated_prefix`` or have it as a prefix, followed by ``/`` For example, ``/api/dev`` would match ``/api/dev``, ``/api/dev/``, ``/api/dev/v1``, and ``/api/dev?param=true`` but would not match ``/api/developer`` Expect the value to not contain ``?`` or ``#`` and not to end in ``/``
- core.v3.TypedExtensionConfig path_match_policy = 15
  [#extension-category: envoy.path.match]
optional google.protobuf.BoolValue case_sensitive = 4
Indicates that prefix/path matching should be case sensitive. The default is true. Ignored for safe_regex matching.
optional core.v3.RuntimeFractionalPercent runtime_fraction = 9
Indicates that the route should additionally match on a runtime key. Every time the route is considered for a match, it must also fall under the percentage of matches indicated by this field. For some fraction N/D, a random number in the range [0,D) is selected. If the number is <= the value of the numerator N, or if the key is not present, the default value, the router continues to evaluate the remaining match criteria. A runtime_fraction route configuration can be used to roll out route changes in a gradual manner without full code/config deploys. Refer to the :ref:`traffic shifting <config_http_conn_man_route_table_traffic_splitting_shift>` docs for additional documentation. .. note:: Parsing this field is implemented such that the runtime key's data may be represented as a FractionalPercent proto represented as JSON/YAML and may also be represented as an integer with the assumption that the value is an integral percentage out of 100. For instance, a runtime key lookup returning the value "42" would parse as a FractionalPercent whose numerator is 42 and denominator is HUNDRED. This preserves legacy semantics.
repeated HeaderMatcher headers = 6
Specifies a set of headers that the route should match on. The router will check the request’s headers against all the specified headers in the route config. A match will happen if all the headers in the route are present in the request with the same values (or based on presence if the value field is not in the config).
repeated QueryParameterMatcher query_parameters = 7
Specifies a set of URL query parameters on which the route should match. The router will check the query string from the ``path`` header against all the specified query parameters. If the number of specified query parameters is nonzero, they all must match the ``path`` header's query string for a match to occur. In the event query parameters are repeated, only the first value for each key will be considered. .. note:: If query parameters are used to pass request message fields when `grpc_json_transcoder <https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/grpc_json_transcoder_filter>`_ is used, the transcoded message fields maybe different. The query parameters are url encoded, but the message fields are not. For example, if a query parameter is "foo%20bar", the message field will be "foo bar".
optional RouteMatch.GrpcRouteMatchOptions grpc = 8
If specified, only gRPC requests will be matched. The router will check that the content-type header has a application/grpc or one of the various application/grpc+ values.
optional RouteMatch.TlsContextMatchOptions tls_context = 11
If specified, the client tls context will be matched against the defined match options. [#next-major-version: unify with RBAC]
repeated type.matcher.v3.MetadataMatcher dynamic_metadata = 13
Specifies a set of dynamic metadata matchers on which the route should match. The router will check the dynamic metadata against all the specified dynamic metadata matchers. If the number of specified dynamic metadata matchers is nonzero, they all must match the dynamic metadata for a match to occur.
repeated type.matcher.v3.FilterStateMatcher filter_state = 16
Specifies a set of filter state matchers on which the route should match. The router will check the filter state against all the specified filter state matchers. If the number of specified filter state matchers is nonzero, they all must match the filter state for a match to occur.

An extensible message for matching CONNECT or CONNECT-UDP requests.

Used in: RouteMatch

(message has no fields)

Used in: RouteMatch

(message has no fields)

Used in: RouteMatch

optional google.protobuf.BoolValue presented = 1
If specified, the route will match against whether or not a certificate is presented. If not specified, certificate presentation status (true or false) will not be considered when route matching.
optional google.protobuf.BoolValue validated = 2
If specified, the route will match against whether or not a certificate is validated. If not specified, certificate validation status (true or false) will not be considered when route matching. .. warning:: Client certificate validation is not currently performed upon TLS session resumption. For a resumed TLS session the route will match only when ``validated`` is false, regardless of whether the client TLS certificate is valid. The only known workaround for this issue is to disable TLS session resumption entirely, by setting both :ref:`disable_stateless_session_resumption <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.disable_stateless_session_resumption>` and :ref:`disable_stateful_session_resumption <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.disable_stateful_session_resumption>` on the DownstreamTlsContext.

Specifies a routing scope, which associates a :ref:`Key<envoy_v3_api_msg_config.route.v3.ScopedRouteConfiguration.Key>` to a :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. The :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration` can be obtained dynamically via RDS (:ref:`route_configuration_name<envoy_v3_api_field_config.route.v3.ScopedRouteConfiguration.route_configuration_name>`) or specified inline (:ref:`route_configuration<envoy_v3_api_field_config.route.v3.ScopedRouteConfiguration.route_configuration>`). The HTTP connection manager builds up a table consisting of these Key to RouteConfiguration mappings, and looks up the RouteConfiguration to use per request according to the algorithm specified in the :ref:`scope_key_builder<envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.ScopedRoutes.scope_key_builder>` assigned to the HttpConnectionManager. For example, with the following configurations (in YAML): HttpConnectionManager config: .. code:: ... scoped_routes: name: foo-scoped-routes scope_key_builder: fragments: - header_value_extractor: name: X-Route-Selector element_separator: "," element: separator: = key: vip ScopedRouteConfiguration resources (specified statically via :ref:`scoped_route_configurations_list<envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.ScopedRoutes.scoped_route_configurations_list>` or obtained dynamically via SRDS): .. code:: (1) name: route-scope1 route_configuration_name: route-config1 key: fragments: - string_key: 172.10.10.20 (2) name: route-scope2 route_configuration_name: route-config2 key: fragments: - string_key: 172.20.20.30 A request from a client such as: .. code:: GET / HTTP/1.1 Host: foo.com X-Route-Selector: vip=172.10.10.20 would result in the routing table defined by the ``route-config1`` RouteConfiguration being assigned to the HTTP request/stream. [#next-free-field: 6]

Used in: extensions.filters.network.http_connection_manager.v3.ScopedRouteConfigurationsList

bool on_demand = 4
Whether the RouteConfiguration should be loaded on demand.
string name = 1
The name assigned to the routing scope.
string route_configuration_name = 2
The resource name to use for a :ref:`envoy_v3_api_msg_service.discovery.v3.DiscoveryRequest` to an RDS server to fetch the :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration` associated with this scope.
optional RouteConfiguration route_configuration = 5
The :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration` associated with the scope.
optional ScopedRouteConfiguration.Key key = 3
The key to match against.

Specifies a key which is matched against the output of the :ref:`scope_key_builder<envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.ScopedRoutes.scope_key_builder>` specified in the HttpConnectionManager. The matching is done per HTTP request and is dependent on the order of the fragments contained in the Key.

Used in: ScopedRouteConfiguration

repeated Key.Fragment fragments = 1
The ordered set of fragments to match against. The order must match the fragments in the corresponding :ref:`scope_key_builder<envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.ScopedRoutes.scope_key_builder>`.

Used in: Key

oneof type
- string string_key = 1
  A string to match against.

Used in: Route

optional type.v3.FractionalPercent client_sampling = 1
Target percentage of requests managed by this HTTP connection manager that will be force traced if the :ref:`x-client-trace-id <config_http_conn_man_headers_x-client-trace-id>` header is set. This field is a direct analog for the runtime variable 'tracing.client_enabled' in the :ref:`HTTP Connection Manager <config_http_conn_man_runtime>`. Default: 100%
optional type.v3.FractionalPercent random_sampling = 2
Target percentage of requests managed by this HTTP connection manager that will be randomly selected for trace generation, if not requested by the client or not forced. This field is a direct analog for the runtime variable 'tracing.random_sampling' in the :ref:`HTTP Connection Manager <config_http_conn_man_runtime>`. Default: 100%
optional type.v3.FractionalPercent overall_sampling = 3
Target percentage of requests managed by this HTTP connection manager that will be traced after all other sampling checks have been applied (client-directed, force tracing, random sampling). This field functions as an upper limit on the total configured sampling rate. For instance, setting client_sampling to 100% but overall_sampling to 1% will result in only 1% of client requests with the appropriate headers to be force traced. This field is a direct analog for the runtime variable 'tracing.global_enabled' in the :ref:`HTTP Connection Manager <config_http_conn_man_runtime>`. Default: 100%
repeated type.tracing.v3.CustomTag custom_tags = 4
A list of custom tags with unique tag name to create tags for the active span. It will take effect after merging with the :ref:`corresponding configuration <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.Tracing.custom_tags>` configured in the HTTP connection manager. If two tags with the same name are configured each in the HTTP connection manager and the route level, the one configured here takes priority.

Used in: RouteConfiguration

optional core.v3.ConfigSource config_source = 1
Configuration source specifier for VHDS.

A virtual cluster is a way of specifying a regex matching rule against certain important endpoints such that statistics are generated explicitly for the matched requests. The reason this is useful is that when doing prefix/path matching Envoy does not always know what the application considers to be an endpoint. Thus, it’s impossible for Envoy to generically emit per endpoint statistics. However, often systems have highly critical endpoints that they wish to get “perfect” statistics on. Virtual cluster statistics are perfect in the sense that they are emitted on the downstream side such that they include network level failures. Documentation for :ref:`virtual cluster statistics <config_http_filters_router_vcluster_stats>`. .. note:: Virtual clusters are a useful tool, but we do not recommend setting up a virtual cluster for every application endpoint. This is both not easily maintainable and as well the matching and statistics output are not free.

Used in: VirtualHost

repeated HeaderMatcher headers = 4
Specifies a list of header matchers to use for matching requests. Each specified header must match. The pseudo-headers ``:path`` and ``:method`` can be used to match the request path and method, respectively.
string name = 2
Specifies the name of the virtual cluster. The virtual cluster name as well as the virtual host name are used when emitting statistics. The statistics are emitted by the router filter and are documented :ref:`here <config_http_filters_router_stats>`.

The top level element in the routing configuration is a virtual host. Each virtual host has a logical name as well as a set of domains that get routed to it based on the incoming request's host header. This allows a single listener to service multiple top level domain path trees. Once a virtual host is selected based on the domain, the routes are processed in order to see which upstream cluster to route to or whether to perform a redirect. [#next-free-field: 25]

Used in: RouteConfiguration

string name = 1
The logical name of the virtual host. This is used when emitting certain statistics but is not relevant for routing.
repeated string domains = 2
A list of domains (host/authority header) that will be matched to this virtual host. Wildcard hosts are supported in the suffix or prefix form. Domain search order: 1. Exact domain names: ``www.foo.com``. 2. Suffix domain wildcards: ``*.foo.com`` or ``*-bar.foo.com``. 3. Prefix domain wildcards: ``foo.*`` or ``foo-*``. 4. Special wildcard ``*`` matching any domain. .. note:: The wildcard will not match the empty string. e.g. ``*-bar.foo.com`` will match ``baz-bar.foo.com`` but not ``-bar.foo.com``. The longest wildcards match first. Only a single virtual host in the entire route configuration can match on ``*``. A domain must be unique across all virtual hosts or the config will fail to load. Domains cannot contain control characters. This is validated by the well_known_regex HTTP_HEADER_VALUE.
repeated Route routes = 3
The list of routes that will be matched, in order, for incoming requests. The first route that matches will be used. Only one of this and ``matcher`` can be specified.
optional xds.type.matcher.v3.Matcher matcher = 21
The match tree to use when resolving route actions for incoming requests. Only one of this and ``routes`` can be specified.
VirtualHost.TlsRequirementType require_tls = 4
Specifies the type of TLS enforcement the virtual host expects. If this option is not specified, there is no TLS requirement for the virtual host.
repeated VirtualCluster virtual_clusters = 5
A list of virtual clusters defined for this virtual host. Virtual clusters are used for additional statistics gathering.
repeated RateLimit rate_limits = 6
Specifies a set of rate limit configurations that will be applied to the virtual host.
repeated core.v3.HeaderValueOption request_headers_to_add = 7
Specifies a list of HTTP headers that should be added to each request handled by this virtual host. Headers specified at this level are applied after headers from enclosed :ref:`envoy_v3_api_msg_config.route.v3.Route` and before headers from the enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including details on header value syntax, see the documentation on :ref:`custom request headers <config_http_conn_man_headers_custom_request_headers>`.
repeated string request_headers_to_remove = 13
Specifies a list of HTTP headers that should be removed from each request handled by this virtual host.
repeated core.v3.HeaderValueOption response_headers_to_add = 10
Specifies a list of HTTP headers that should be added to each response handled by this virtual host. Headers specified at this level are applied after headers from enclosed :ref:`envoy_v3_api_msg_config.route.v3.Route` and before headers from the enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including details on header value syntax, see the documentation on :ref:`custom request headers <config_http_conn_man_headers_custom_request_headers>`.
repeated string response_headers_to_remove = 11
Specifies a list of HTTP headers that should be removed from each response handled by this virtual host.
optional CorsPolicy cors = 8
Indicates that the virtual host has a CORS policy. This field is ignored if related cors policy is found in the :ref:`VirtualHost.typed_per_filter_config<envoy_v3_api_field_config.route.v3.VirtualHost.typed_per_filter_config>`. .. attention:: This option has been deprecated. Please use :ref:`VirtualHost.typed_per_filter_config<envoy_v3_api_field_config.route.v3.VirtualHost.typed_per_filter_config>` to configure the CORS HTTP filter.
map<string, google.protobuf.Any> typed_per_filter_config = 15
This field can be used to provide virtual host level per filter config. The key should match the :ref:`filter config name <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpFilter.name>`. See :ref:`Http filter route specific config <arch_overview_http_filters_per_filter_config>` for details. [#comment: An entry's value may be wrapped in a :ref:`FilterConfig<envoy_v3_api_msg_config.route.v3.FilterConfig>` message to specify additional options.]
bool include_request_attempt_count = 14
Decides whether the :ref:`x-envoy-attempt-count <config_http_filters_router_x-envoy-attempt-count>` header should be included in the upstream request. Setting this option will cause it to override any existing header value, so in the case of two Envoys on the request path with this option enabled, the upstream will see the attempt count as perceived by the second Envoy. Defaults to false. This header is unaffected by the :ref:`suppress_envoy_headers <envoy_v3_api_field_extensions.filters.http.router.v3.Router.suppress_envoy_headers>` flag. [#next-major-version: rename to include_attempt_count_in_request.]
bool include_attempt_count_in_response = 19
Decides whether the :ref:`x-envoy-attempt-count <config_http_filters_router_x-envoy-attempt-count>` header should be included in the downstream response. Setting this option will cause the router to override any existing header value, so in the case of two Envoys on the request path with this option enabled, the downstream will see the attempt count as perceived by the Envoy closest upstream from itself. Defaults to false. This header is unaffected by the :ref:`suppress_envoy_headers <envoy_v3_api_field_extensions.filters.http.router.v3.Router.suppress_envoy_headers>` flag.
optional RetryPolicy retry_policy = 16
Indicates the retry policy for all routes in this virtual host. Note that setting a route level entry will take precedence over this config and it'll be treated independently (e.g.: values are not inherited).
optional google.protobuf.Any retry_policy_typed_config = 20
[#not-implemented-hide:] Specifies the configuration for retry policy extension. Note that setting a route level entry will take precedence over this config and it'll be treated independently (e.g.: values are not inherited). :ref:`Retry policy <envoy_v3_api_field_config.route.v3.VirtualHost.retry_policy>` should not be set if this field is used.
optional HedgePolicy hedge_policy = 17
Indicates the hedge policy for all routes in this virtual host. Note that setting a route level entry will take precedence over this config and it'll be treated independently (e.g.: values are not inherited).
bool include_is_timeout_retry_header = 23
Decides whether to include the :ref:`x-envoy-is-timeout-retry <config_http_filters_router_x-envoy-is-timeout-retry>` request header in retries initiated by per try timeouts.
optional google.protobuf.UInt32Value per_request_buffer_limit_bytes = 18
The maximum bytes which will be buffered for retries and shadowing. If set and a route-specific limit is not set, the bytes actually buffered will be the minimum value of this and the listener per_connection_buffer_limit_bytes.
repeated RouteAction.RequestMirrorPolicy request_mirror_policies = 22
Specify a set of default request mirroring policies for every route under this virtual host. It takes precedence over the route config mirror policy entirely. That is, policies are not merged, the most specific non-empty one becomes the mirror policies.
optional core.v3.Metadata metadata = 24
The metadata field can be used to provide additional information about the virtual host. It can be used for configuration, stats, and logging. The metadata should go under the filter namespace that will need it. For instance, if the metadata is intended for the Router filter, the filter name should be specified as ``envoy.filters.http.router``.

Used in: VirtualHost

NONE = 0
No TLS requirement for the virtual host.
EXTERNAL_ONLY = 1
External requests must use TLS. If a request is external and it is not using TLS, a 301 redirect will be sent telling the client to use HTTPS.
ALL = 2
All requests must use TLS. If a request is not using TLS, a 301 redirect will be sent telling the client to use HTTPS.

Compared to the :ref:`cluster <envoy_v3_api_field_config.route.v3.RouteAction.cluster>` field that specifies a single upstream cluster as the target of a request, the :ref:`weighted_clusters <envoy_v3_api_field_config.route.v3.RouteAction.weighted_clusters>` option allows for specification of multiple upstream clusters along with weights that indicate the percentage of traffic to be forwarded to each cluster. The router selects an upstream cluster based on the weights.

Used in: RouteAction, extensions.filters.network.dubbo_proxy.v3.RouteAction, extensions.filters.network.generic_proxy.action.v3.RouteAction

repeated WeightedCluster.ClusterWeight clusters = 1
Specifies one or more upstream clusters associated with the route.
optional google.protobuf.UInt32Value total_weight = 3
Specifies the total weight across all clusters. The sum of all cluster weights must equal this value, if this is greater than 0. This field is now deprecated, and the client will use the sum of all cluster weights. It is up to the management server to supply the correct weights.
string runtime_key_prefix = 2
Specifies the runtime key prefix that should be used to construct the runtime keys associated with each cluster. When the ``runtime_key_prefix`` is specified, the router will look for weights associated with each upstream cluster under the key ``runtime_key_prefix`` + ``.`` + ``cluster[i].name`` where ``cluster[i]`` denotes an entry in the clusters array field. If the runtime key for the cluster does not exist, the value specified in the configuration file will be used as the default weight. See the :ref:`runtime documentation <operations_runtime>` for how key names map to the underlying implementation.
oneof random_value_specifier
- string header_name = 4
  Specifies the header name that is used to look up the random value passed in the request header. This is used to ensure consistent cluster picking across multiple proxy levels for weighted traffic. If header is not present or invalid, Envoy will fall back to use the internally generated random value. This header is expected to be single-valued header as we only want to have one selected value throughout the process for the consistency. And the value is a unsigned number between 0 and UINT64_MAX.

[#next-free-field: 13]

Used in: WeightedCluster

string name = 1
Only one of ``name`` and ``cluster_header`` may be specified. [#next-major-version: Need to add back the validation rule: (validate.rules).string = {min_len: 1}] Name of the upstream cluster. The cluster must exist in the :ref:`cluster manager configuration <config_cluster_manager>`.
string cluster_header = 12
Only one of ``name`` and ``cluster_header`` may be specified. [#next-major-version: Need to add back the validation rule: (validate.rules).string = {min_len: 1 }] Envoy will determine the cluster to route to by reading the value of the HTTP header named by cluster_header from the request headers. If the header is not found or the referenced cluster does not exist, Envoy will return a 404 response. .. attention:: Internally, Envoy always uses the HTTP/2 ``:authority`` header to represent the HTTP/1 ``Host`` header. Thus, if attempting to match on ``Host``, match on ``:authority`` instead. .. note:: If the header appears multiple times only the first value is used.
optional google.protobuf.UInt32Value weight = 2
The weight of the cluster. This value is relative to the other clusters' weights. When a request matches the route, the choice of an upstream cluster is determined by its weight. The sum of weights across all entries in the clusters array must be greater than 0, and must not exceed uint32_t maximal value (4294967295).
optional core.v3.Metadata metadata_match = 3
Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints in the upstream cluster with metadata matching what is set in this field will be considered for load balancing. Note that this will be merged with what's provided in :ref:`RouteAction.metadata_match <envoy_v3_api_field_config.route.v3.RouteAction.metadata_match>`, with values here taking precedence. The filter name should be specified as ``envoy.lb``.
repeated core.v3.HeaderValueOption request_headers_to_add = 4
Specifies a list of headers to be added to requests when this cluster is selected through the enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteAction`. Headers specified at this level are applied before headers from the enclosing :ref:`envoy_v3_api_msg_config.route.v3.Route`, :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost`, and :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including details on header value syntax, see the documentation on :ref:`custom request headers <config_http_conn_man_headers_custom_request_headers>`.
repeated string request_headers_to_remove = 9
Specifies a list of HTTP headers that should be removed from each request when this cluster is selected through the enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteAction`.
repeated core.v3.HeaderValueOption response_headers_to_add = 5
Specifies a list of headers to be added to responses when this cluster is selected through the enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteAction`. Headers specified at this level are applied before headers from the enclosing :ref:`envoy_v3_api_msg_config.route.v3.Route`, :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost`, and :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including details on header value syntax, see the documentation on :ref:`custom request headers <config_http_conn_man_headers_custom_request_headers>`.
repeated string response_headers_to_remove = 6
Specifies a list of headers to be removed from responses when this cluster is selected through the enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteAction`.
map<string, google.protobuf.Any> typed_per_filter_config = 10
This field can be used to provide weighted cluster specific per filter config. The key should match the :ref:`filter config name <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpFilter.name>`. See :ref:`Http filter route specific config <arch_overview_http_filters_per_filter_config>` for details. [#comment: An entry's value may be wrapped in a :ref:`FilterConfig<envoy_v3_api_msg_config.route.v3.FilterConfig>` message to specify additional options.]
oneof host_rewrite_specifier
- string host_rewrite_literal = 11
  Indicates that during forwarding, the host header will be swapped with this value.

package envoy.config.route.v3

message ClusterSpecifierPlugin

optional core.v3.TypedExtensionConfig extension = 1

bool is_optional = 2

message CorsPolicy

repeated type.matcher.v3.StringMatcher allow_origin_string_match = 11

string allow_methods = 2

string allow_headers = 3

string expose_headers = 4

string max_age = 5

optional google.protobuf.BoolValue allow_credentials = 6

oneof enabled_specifier

core.v3.RuntimeFractionalPercent filter_enabled = 9

optional core.v3.RuntimeFractionalPercent shadow_enabled = 10

optional google.protobuf.BoolValue allow_private_network_access = 12

optional google.protobuf.BoolValue forward_not_matching_preflights = 13

message Decorator

string operation = 1

optional google.protobuf.BoolValue propagate = 2

message DirectResponseAction

uint32 status = 1

optional core.v3.DataSource body = 2

message FilterAction

optional google.protobuf.Any action = 1

message FilterConfig

optional google.protobuf.Any config = 1

bool is_optional = 2

bool disabled = 3

message HeaderMatcher

string name = 1

oneof header_match_specifier

string exact_match = 4

type.matcher.v3.RegexMatcher safe_regex_match = 11

type.v3.Int64Range range_match = 6

bool present_match = 7

string prefix_match = 9

string suffix_match = 10

string contains_match = 12

type.matcher.v3.StringMatcher string_match = 13

bool invert_match = 8

bool treat_missing_header_as_empty = 14

message HedgePolicy

optional google.protobuf.UInt32Value initial_requests = 1

optional type.v3.FractionalPercent additional_request_chance = 2

bool hedge_on_per_try_timeout = 3

message InternalRedirectPolicy

optional google.protobuf.UInt32Value max_internal_redirects = 1

repeated uint32 redirect_response_codes = 2

repeated core.v3.TypedExtensionConfig predicates = 3

bool allow_cross_scheme_redirect = 4

repeated string response_headers_to_copy = 5

message NonForwardingAction

message QueryParameterMatcher

string name = 1

oneof query_parameter_match_specifier

type.matcher.v3.StringMatcher string_match = 5

bool present_match = 6

message RateLimit

optional google.protobuf.UInt32Value stage = 1

string disable_key = 2

repeated RateLimit.Action actions = 3

optional RateLimit.Override limit = 4

optional RateLimit.HitsAddend hits_addend = 5

bool apply_on_stream_done = 6

message RateLimit.Action

oneof action_specifier

Action.SourceCluster source_cluster = 1

Action.DestinationCluster destination_cluster = 2

Action.RequestHeaders request_headers = 3

Action.QueryParameters query_parameters = 12

Action.RemoteAddress remote_address = 4

Action.GenericKey generic_key = 5

Action.HeaderValueMatch header_value_match = 6

Action.DynamicMetaData dynamic_metadata = 7

Action.MetaData metadata = 8

core.v3.TypedExtensionConfig extension = 9

Action.MaskedRemoteAddress masked_remote_address = 10

Action.QueryParameterValueMatch query_parameter_value_match = 11

message RateLimit.Action.DestinationCluster

message RateLimit.Action.DynamicMetaData