Sec-websocket-protocol header not passing to ext auth sever

Hi team,

Thank you in advance for your support.

Sec-websocket-protocol header not passing to ext auth sever and we are getting 403 issues.

Istio version - 1.10.6
AKS - 1.21

Kindly guide me to resolve the issue.

Header value is being shown as null at ext-auth-server pod logs, please help.

Regards,
Kalyan

@YangminZhu, Kindly suggest on this request.

have you defined extension provider in your mesh config ? ref : Istio / External Authorization

Yeah, this has been deployed. Kindly suggest Sec-Websocket-Protocol should be in lower case. Below has been defined.

extensionProviders:
- envoyExtAuthzHttp:
    headersToUpstreamOnAllow:
    - authorization
    - x-auth-role
    - x-projectid
    includeHeadersInCheck:
    - authorization
    - Sec-WebSocket-Protocol
    - x-projectid
    port: "8000"
    service: ext-authz-server-service.default.svc.cluster.local
  name: ext-authz-http

You can try that, your config looks correct though.

We have tried that option, but It didn’t work and not sure why we socket protocol header only not passing to backend.