Skip to main content
API resource reference for HTTPRouteFilter, an Envoy Gateway extension resource. To create or change one, see Changing resources; to inspect, see Reading resources.
This resource is part of the v1alpha1 API and is subject to change. Fields and behavior may change in future releases.

Identity

Groupgateway.envoyproxy.io
Versionv1alpha1
KindHTTPRouteFilter
ScopeProject

Overview

An HTTPRouteFilter is an Envoy Gateway extension to the Gateway API, defined by the Envoy Gateway API, that provides extended HTTP traffic processing options beyond the standard filters. Use it when a route needs behavior such as rewriting URL path or host, returning a fixed direct response, or injecting credentials into requests before they reach a backend. You reference an HTTPRouteFilter from an HTTPRoute (via an extension-reference filter) so the extended processing applies to the matching traffic within a Project.

Spec fields

FieldTypeRequiredDescription
spec.credentialInjectionObjectNoInjects credentials into the request before forwarding to the backend. Useful when the backend requires credentials that the original request does not carry.
spec.credentialInjection.credentialObjectYes*The credential to inject. Required when credentialInjection is set.
spec.credentialInjection.headerstringNoName of the header the credentials are injected into. Defaults to the Authorization header.
spec.credentialInjection.overwritebooleanNoWhether to overwrite the value if the injected header already exists. Defaults to false.
spec.directResponseObjectNoReturns a fixed response instead of forwarding to a backend.
spec.directResponse.bodyObjectNoBody of the response.
spec.directResponse.contentTypestringNoContent type of the response, set in the Content-Type header.
spec.directResponse.statusCodeintegerNoHTTP status code of the response. Defaults to 200 if unset.
spec.urlRewriteObjectNoRewrites HTTP URL components such as path and host.
spec.urlRewrite.hostnameObjectNoValue used to replace the Host header during forwarding.
spec.urlRewrite.pathObjectNoDefines a path rewrite.
* credentialInjection.credential is required only when the credentialInjection block is present.
This resource has no status field.

Usage

apiVersion: gateway.envoyproxy.io/v1alpha1
kind: HTTPRouteFilter
metadata:
  name: fixed-maintenance-response
spec:
  directResponse:
    statusCode: 503
    contentType: text/plain
datumctl apply -f httproutefilter.yaml --project my-project
datumctl get httproutefilters --project my-project
datumctl describe httproutefilter fixed-maintenance-response --project my-project
Run datumctl explain httproutefilters --recursive to see the full, live field tree for this resource.
Last modified on July 2, 2026