Preprocessing the requests before envoy ext_authz filter

Hi everyone,
I am trying to add an ext_authz filter in the istio cluster for authorizing API calls. The ext_authz filter will connect with an external server which responds with allow/deny.
Before the request reaches the ext_authz filter, we need to preprocess the request to add certain headers. The value of the headers depends on the request attributes(path, method, body etc) and can either come from a config or from an external service(http).
Ex: The header can depend on the request path and based on the config below, I can set the header value.


  • path: “/product”
    method: “POST”
    value: “create-product”
  • path: “/product”
    method: “PUT”
    value: “update-product”

X-Auth-Action = “create-product” if request.path = “/product” and request.method = “POST”

Or the above value can come from an external service by passing the request details to the service.

One approach is to add another filter before ext_authz. In this case which filter will best fit the usecase? Is there any other recommended approach?