Description
Ranger plugins use the client IP address provided by the component for authorization and audit log. In cases where a client accesses data through a gateway, like Knox, the components provide Ranger with the IP address of the gateway, instead of the original client IP address. Hence, authorization and audit logs are performed using the IP address of the gateway - instead of the client's IP address.
Ranger plugins should be updated to be able to use client IP address, when available in X-Forwarded-For field of the request. Further X-Forwarded-For field should only be used when the request is through a trusted proxy address.
Attachments
Issue Links
- is related to
-
RANGER-1077 Audit logs for Hive access show empty IP address
- Resolved
- relates to
-
RANGER-2306 Knox Plugin doesn't pass X-Forwarded-for remote address to Ranger
- Resolved
-
HIVE-13418 HiveServer2 HTTP mode should support X-Forwarded-Host header for authorization/audits
- Closed