ipEgressFilter selects exchanges by the IP address of the upstream server Fluxzy is about to talk to. It is the right choice when hostnames are too noisy or too volatile, and it works for both IPv4 and IPv6 destinations. Pair it with any action below to throttle, tag or reject traffic targeting a specific subnet or origin.
Reach for ipEgressFilter when the meaningful selector is the remote server's IP address rather than its hostname. This is common in environments where many hostnames resolve to the same back end, or where a DNS round robin makes hostname matching unreliable.
Typical situations:
10.0.5.0/24.The filter evaluates on the onAuthorityReceived scope, so the destination IP is already resolved by the time it fires. Use StartsWith to emulate CIDR style prefix matching, and pair it with hostFilter when you need both layer 3 and layer 7 conditions.
Slow down every exchange whose destination IP falls inside 10.0.5.0/24 to reproduce a bandwidth issue affecting an internal API cluster.
rules:
- filter:
typeKind: IpEgressFilter
pattern: 10.0.5.
operation: StartsWith
actions:
- typeKind: AverageThrottleAction
bandwidthBytesPerSeconds: 65536
Mark every call that lands on a known IPv6 origin so you can audit the routing path of mobile clients that prefer AAAA records.
rules:
- filter:
typeKind: IpEgressFilter
pattern: 2a01:cb00:7e2:5000:10d5:70df:665:c654
operation: Exact
actions:
- typeKind: ApplyTagAction
tag:
value: ipv6-origin
Block every outbound connection whose destination IP starts with 203.0.113 (an example reserved range), useful in test environments to fail fast when stub services are misconfigured.
rules:
- filter:
typeKind: IpEgressFilter
pattern: 203.0.113.
operation: StartsWith
actions:
- typeKind: RejectAction
Select exchanges according to upstream IP address. Full IP notation is used from IPv6.
Evaluation scope defines the timing where this filter will be applied.
onAuthorityReceived This scope denotes the moment fluxzy is aware the destination authority. In a regular proxy connection, it will occur the moment where fluxzy parsed the CONNECT request.
ipEgressFilter
The following table describes the customizable properties available for this filter:
| Property | Type | Description | DefaultValue |
|---|---|---|---|
| pattern | string | The string pattern to search | |
| operation | exact | contains | startsWith | endsWith | regex | The search operation performed | contains |
| caseSensitive | boolean | true if the Search should be case sensitive | false |
| inverted | boolean | Negate the filter result | false |
The following examples apply a comment to the filtered exchange
Retains only exchanges where the destination address is 212.12.14.0/24.
rules:
- filter:
typeKind: IpEgressFilter
pattern: 212.12.14
operation: StartsWith
actions:
- typeKind: ApplyCommentAction
comment: filter was applied
Retains only exchanges where the destination address is 2a01:cb00:7e2:5000:10d5:70df:665:c654 (IPv6).
rules:
- filter:
typeKind: IpEgressFilter
pattern: 2a01:cb00:7e2:5000:10d5:70df:665:c654
operation: Exact
actions:
- typeKind: ApplyCommentAction
comment: filter was applied
View definition of IpEgressFilter for .NET integration.
This filter has no related filter
Use the StartsWith operation with the prefix portion of the address, for example pattern: 10.0.5. for a /24. For a /16, use 10.0. as the pattern. For more complex masks use a regex.
Yes. Full IPv6 notation is supported. Use the Exact operation for a single address or StartsWith for a prefix such as 2a01:cb00:.
After. The onAuthorityReceived scope fires once Fluxzy knows the destination authority and has resolved the upstream IP, so the address you match against is the one Fluxzy will actually connect to.
ipEgressFilter matches the upstream (destination) IP. ipIngressFilter matches the client (source) IP. Pick the one that corresponds to the side of the connection you want to filter.