hexiaodai

使用 Envoyfilter 隐藏 HTTP Response Header server 字段

很多时候，我们并不想在 HTTP Response Header 中暴露反向代理服务器的信息。

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: global-http-header
  namespace: istio-system
spec:
  workloadSelector:
    labels:
      istio: ingressgateway
  configPatches:
  - applyTo: NETWORK_FILTER
    match:
      context: GATEWAY
      listener:
        filterChain:
          filter:
            name: envoy.filters.network.http_connection_manager
    patch:
      operation: MERGE
      value:
        typed_config:
          '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          server_header_transformation: PASS_THROUGH
  - applyTo: ROUTE_CONFIGURATION
    match:
      context: GATEWAY
    patch:
      operation: MERGE
      value:
        response_headers_to_remove:
          - server