Egress gateway does not send traffic to destination when rewriting destination using host_rewrite_header

Networking
1

I’m generating traffic from a container inside istio mesh, the istio sidecar attached to my workload has an EnvoyFilter defined with a host rewrite: we do this:
Original request:
:authority: external-service-url:com

Changed to:
changed :authority: temporary-url.com
added x-forwarded-host: external-service-url.com

Request goes out from service’s istio-proxy and reach egress-gateway.

We have defined a Gateway, VirtualService, DestinationRule for temporary-url.com in order to allow traffic and handle traffic.
We also have defined an EnvoyFilter for routing the request to external-service-url.com again like this:

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: proxy-egress-rewrite
  namespace: istio-system
spec:
  configPatches:
    - applyTo: HTTP_ROUTE
      match:
        routeConfiguration:
          vhost:
            name: "temporary-url.com"
            route:
              action: ANY
      patch:
        operation: MERGE
        value:
            route:
              host_rewrite_header: x-forwarded-host

So the idea here is to send traffic from egress gateway to the original destination, the problem is that egress gateway shows a 404 error, the log shows this:

{
    "bytes_received": 0,
    "downstream_peer_serial": "4cefb22d0b55239ed4b0b8b86c84cf8e",
    "x_forwarded_proto": "https",
    "upstream_cluster": null,
    "user_agent": "Java-EurekaClient/v\u003cversion_unknown\u003e",
    "traceId": null,
    "response_code": 404,
    "requested_server_name": "temporary-url.com",
    "downstream_peer_cert_start": "2022-09-01T13:32:43.000Z",
    "downstream_peer_cert_end": "2022-09-02T13:34:43.000Z",
    "downstream_tls_version": "TLSv1.2",
    "response_flags": "NR",
    "upstream_transport_failure_reason": null,
    "duration": 0,
    "method": "GET",
    "downstream_peer_fingerprint_1": "3f03425d5....5c1618c38e1a18",
    "downstream_peer_fingerprint_256": "c4ec312bcfeb6e2...4eaea443708106bcfaaef3e55",
    "upstream_service_time": null,
    "spanId": null,
    "start_time": "2022-09-01T20:16:50.087Z",
    "downstream_remote_address": "100.64.45.254:52474",
    "upstream_local_address": null,
    "upstream_host": null,
    "path": "/eureka/v2/apps/",
    "x_forwarded_for": "100.64.45.254",
    "authority": "external-service-url.com:8010",
    "bytes_sent": 0,
    "protocol": "HTTP/2",
    "parentSpanId": null,
    "x_forwarded_port": null,
    "route_name": null
}

I tried to create a :authority rewrite using lua script like this:

  configPatches:
    - applyTo: HTTP_FILTER
      match:
        context: SIDECAR_OUTBOUND
        listener:
          filterChain:
            filter:
              name: "envoy.http_connection_manager"
              subFilter:
                name: "envoy.router"
      patch:
        operation: INSERT_BEFORE
        value:
          name: envoy.lua
          typed_config:
            '@type': type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua
            inlineCode: |
              function envoy_on_request(request_handle)

and the result is exactly the same.

Any ideas why this behavior?

Thanks in advance.
Fernando

More information:
istio version: 1.13.5
kubernetes: EKS 1.21.14