After enabling ext_authz filters through custom default envoy settings. db trafic fails

i enabled ext_autz now in the default pipeline but it also affects the connection the the database it seems. when i add ext_auth filters to the default ovveride it applies it to all services no suprise realy, as i gues thats what its ment to do. but i need to be able to apply this to the services that neeeds it. how can this be achieved in consul