[NIFI-4761] Allow whitelisting expected Host values - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.5.0
Fix Version/s: 1.6.0
Component/s: Core Framework
Labels:
- configuration
- header
- host
- security

Description

NiFi has been updated to only accept requests where the Host header contains an expected value. Currently, the expected values are driven by the .host properties in nifi.properties. When running behind a proxy, the value may be the proxy host if the headers simply pass through. In this scenario, we should offer the ability to whitelist values in case updating the proxy configuration isn't possible.

Also, the proxy documentation in the admin guide should be updated to include details regarding the Host name whitelisting. Also, should verify the context path whitelisting is documented there.

Attachments

Issue Links

relates to

NIFI-4501 Refactor header parsing

Resolved

NIFI-4618 Add documentation for context path whitelisting

Resolved

links to

GitHub Pull Request #2415

GitHub Pull Request #2418

Sub-Tasks

1.	Add documentation for new proxy host values in nifi.properties		Resolved	Matt Gilman
2.	Expose whitelisting configuration for docker instantiation		Resolved	Aldrin Piri

Activity

People

Assignee:: Andy LoPresto

Reporter:: Matt Gilman

Votes:: 0 Vote for this issue

Watchers:: 14 Start watching this issue

Dates

Created:: 10/Jan/18 13:50

Updated:: 31/Jan/18 22:34

Resolved:: 19/Jan/18 17:50