Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
4.0.0
-
None
Description
HIVE-21783 added trusted domain authentication. However, it looks only at request.getRemoteAddr() which works in most cases where there are no intermediate forward/reverse proxies. In trusted domain scenarios, if there intermediate proxies, the proxies typically append its own ip address "X-Forwarded-For" header. The X-Forwarded-For will look like clientIp -> proxyIp1 -> proxyIp2. The left most ip address in the X-Forwarded-For represents the real client ip address. For such scenarios, add a config to optionally look at X-Forwarded-For header when available to determine the real client ip.
Attachments
Attachments
Issue Links
- is related to
-
HIVE-21783 Avoid authentication for connection from the same domain
- Closed
- links to