Commit Graph

13 Commits (1dfc265abe20b202bd90cf3946020a1587717667)

Author SHA1 Message Date
Michael Zalimeni 40c7f73629
[NET-1151 NET-11046] docs: clarify request normalization and L7 headers feature availability (#21855)
docs: clarify request normalization and L7 headers feature availability

- Add notes on feature availability tied to specific fix versions
- Add missing 1.20 upgrade entry
- Remove erroneous 1.17 upgrade entry (version DNE)
- Add missing HCL variant for service intentions config
2024-10-28 11:06:28 -06:00
Michael Zalimeni d9206fc7e2
[NET-1151 NET-11228] security: Add request normalization and header match options to prevent L7 intentions bypass (#21816)
mesh: add options for HTTP incoming request normalization

Expose global mesh configuration to enforce inbound HTTP request
normalization on mesh traffic via Envoy xDS config.

mesh: enable inbound URL path normalization by default

mesh: add support for L7 header match contains and ignore_case

Enable partial string and case-insensitive matching in L7 intentions
header match rules.

ui: support L7 header match contains and ignore_case

Co-authored-by: Phil Renaud <phil@riotindustries.com>

test: add request normalization integration bats tests

Add both "positive" and "negative" test suites, showing normalization in
action as well as expected results when it is not enabled, for the same
set of test cases.

Also add some alternative service container test helpers for verifying
raw HTTP request paths, which is difficult to do with Fortio.

docs: update security and reference docs for L7 intentions bypass prevention

- Update security docs with best practices for service intentions
  configuration
- Update configuration entry references for mesh and intentions to
  reflect new values and add guidance on usage
2024-10-16 12:23:33 -04:00
Chris S. Kim 12fd9db45d
Add docs for default_intention_policy (#20886) 2024-03-22 15:33:17 -04:00
Jared Kirschner 166d7a39e8
docs: consistently name Consul service mesh (#17222)
Remove outdated usage of "Consul Connect" instead of Consul service mesh.

The connect subsystem in Consul provides Consul's service mesh capabilities.
However, the term "Consul Connect" should not be used as an alternative to
the name "Consul service mesh".
2023-05-05 13:41:40 -04:00
Ashlee M Boyer 6e425f7428
docs: Migrate link formats (#15976)
* Adding check-legacy-links-format workflow

* Adding test-link-rewrites workflow

* Updating docs-content-check-legacy-links-format hash

* Migrating links to new format

Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com>
2023-01-25 08:52:43 -08:00
boruszak f797d128c7 Spacing and title fixes 2022-09-16 10:28:32 -05:00
boruszak 653cfb431d /docs/connect 2022-09-13 15:48:39 -05:00
Tu Nguyen 110139a4df revert links to learn 2022-09-06 08:35:01 -07:00
Tu Nguyen 6dcc2a2110 Update Learn links in prep for devdot 2022-08-25 22:49:29 -07:00
Blake Covarrubias 59394e4aa2 docs: Avoid redirects by pointing links to new URLs
Avoid HTTP redirects for internal site links by updating old URLs to
point to the new location for the target content.
2022-01-20 08:52:51 -08:00
Blake Covarrubias 97b4fdff0d
Document possible risk w.r.t exposing the admin API in Envoy (#10817)
Add a section to the Connect Security page which highlights the risks
of exposing Envoy's administration interface outside of localhost.

Resolves #5692

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Kent 'picat' Gruber <kent@hashicorp.com>
2021-08-13 10:05:29 -07:00
Zachary Shilton 8671762474
website: implement mktg 032 (#9953)
* website: migrate to new nav-data format

* website: clean up unused intro content

* website: remove deprecated sidebar_title from frontmatter

* website: add react-content to fix global style import issue
2021-04-07 15:50:38 -04:00
Jeff Escalante 582dce9d8f
maintenance complete, pending markdown-page component addition 2020-12-16 16:55:23 -05:00