diff --git a/internal/xds/translator/extauth.go b/internal/xds/translator/extauth.go
index 102497633e09..9720ffb341de 100644
--- a/internal/xds/translator/extauth.go
+++ b/internal/xds/translator/extauth.go
@@ -147,9 +147,13 @@ func httpService(http *ir.HTTPExtAuthService) *extauthv3.HttpService {
 	var (
 		uri              string
 		headersToBackend []*matcherv3.StringMatcher
-		service          = new(extauthv3.HttpService)
+		service          *extauthv3.HttpService
 	)
 
+	service = &extauthv3.HttpService{
+		PathPrefix: http.Path,
+	}
+
 	u := url.URL{
 		// scheme should be decided by the TLS setting, but we don't have that info now.
 		// It's safe to set it to http because the ext auth filter doesn't use the