[HIVE-21892] Trusted domain authentication should look at X-Forwarded-For header as well - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 4.0.0
Fix Version/s: 4.0.0-alpha-1
Component/s: None
Labels:
- pull-request-available

Target Version/s:

4.0.0

Description

~~HIVE-21783~~ added trusted domain authentication. However, it looks only at request.getRemoteAddr() which works in most cases where there are no intermediate forward/reverse proxies. In trusted domain scenarios, if there intermediate proxies, the proxies typically append its own ip address "X-Forwarded-For" header. The X-Forwarded-For will look like clientIp -> proxyIp1 -> proxyIp2. The left most ip address in the X-Forwarded-For represents the real client ip address. For such scenarios, add a config to optionally look at X-Forwarded-For header when available to determine the real client ip.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HIVE-21892.1.patch
18/Jun/19 23:25
5 kB
Prasanth Jayachandran
HIVE-21892.2.patch
19/Jun/19 22:27
5 kB
Prasanth Jayachandran

Issue Links

is related to

HIVE-21783 Avoid authentication for connection from the same domain

Closed

links to

GitHub Pull Request #678

Activity

People

Assignee:: Prasanth Jayachandran

Reporter:: Prasanth Jayachandran

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 18/Jun/19 23:20

Updated:: 17/Nov/22 08:51

Resolved:: 19/Jun/19 22:28

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 20m