Category: Envoy Upstream Failures
Problems where Envoy fails to communicate with an upstream service. This includes connection timeouts, connection refused errors, upstream overflow and cases where no healthy upstream hosts are available. It also covers request timeouts and unexpected stream resets from the upstream service.
| ID | Title | Description | Category | Technology | Tags |
|---|---|---|---|---|---|
| CRE-2025-0118 High Impact: 7/10 Mitigation: 7/10 | Envoy proxy unable to connect to upstream services | This rule detects when Envoy proxy is experiencing consistent failures connecting to upstream services, resulting in HTTP 503 (Service Unavailable) or 504 (Gateway Timeout) errors. These errors are typically accompanied by "UH" (upstream service unhealthy) or "UT" (upstream request timeout) response flags in Envoy access logs, indicating backend service connectivity issues that require immediate attention. | Envoy Upstream Failures | envoy | Envoy ProxyLoad BalancerEnvoy Upstream ErrorsEnvoy Service UnavailableEnvoy Gateway Timeout |