Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-962

Ranger plugin should have an option to use X-Forwarded-For address

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.6.0
    • 0.6.0
    • plugins
    • None

    Description

      Ranger plugins use the client IP address provided by the component for authorization and audit log. In cases where a client accesses data through a gateway, like Knox, the components provide Ranger with the IP address of the gateway, instead of the original client IP address. Hence, authorization and audit logs are performed using the IP address of the gateway - instead of the client's IP address.

      Ranger plugins should be updated to be able to use client IP address, when available in X-Forwarded-For field of the request. Further X-Forwarded-For field should only be used when the request is through a trusted proxy address.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. RANGER-1077 Audit logs for Hive access show empty IP address

          • Major - Major loss of function.
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. RANGER-2306 Knox Plugin doesn't pass X-Forwarded-for remote address to Ranger

          • Major - Major loss of function.
          • Resolved

          New Feature - A new feature of the product, which has yet to be developed. HIVE-13418 HiveServer2 HTTP mode should support X-Forwarded-Host header for authorization/audits

          • Major - Major loss of function.
          • Closed

          Activity

            People

              abhayk Abhay Kulkarni
              madhan Madhan Neethiraj
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: