Gary: Thanks for your suggestion. I have tested my patch which is outlined in: https://issues.apache.org/jira/browse/HBASE-3161
I worked with mod_rewrite at my previous company which is a php shop. I will pick it up if needed :-) Cheers On Wed, Oct 27, 2010 at 3:04 PM, Gary Helmling <[email protected]> wrote: > One other option, since a read-only configuration isn't currently > available, > you could configure Apache HTTPD as a reverse proxy in front of the > stargate > server and use mod_rewrite to only allow get requests through. Since I > believe stargate follows the RESTful conventions for request methods, you > can just allow GET requests. Something like: > > # block non-get requests > RewriteCond %{REQUEST_METHOD} !^GET$ > RewriteRule ^(.*) $1 [F] > > # allow everything else > RewriteRule ^(.*) http://stargate.host.name/$1 [P,QSA] > > Not sure if that's exactly right, but it should return a 403 response code > (forbidden) for any non-GET requests. Get requests will continue on and > get > proxied through to "stargate.host.name". > > You could extend this to lock down specific paths for certain tables, etc. > as well. > > --gh > > > On Tue, Oct 26, 2010 at 7:03 PM, Ted Yu <[email protected]> wrote: > > > Alternatively, is there a way to configure Stargate to serve read > requests > > only ? > > > > On Tue, Oct 26, 2010 at 6:58 PM, Ted Yu <[email protected]> wrote: > > > > > Ops are wary of developers (inside firewall) performing operations > > against > > > 8080. > > > > > > If Stargate isn't a good choice, what other methods can I use to query > > > selected rows from each region server ? Parsing HTML is not ideal > either. > > > > > > Thanks > > > > > > > > > On Tue, Oct 26, 2010 at 6:33 PM, Jonathan Gray <[email protected]> > > wrote: > > > > > >> If monitoring is inside firewall, then why do you have to "open" > ports? > > >> Requiring all monitoring to go through port 80 seems rather odd. > Your > > ops > > >> guys don't support ganglia, jmx, etc. on standard or custom ports? > > >> > > >> > -----Original Message----- > > >> > From: Ted Yu [mailto:[email protected]] > > >> > Sent: Tuesday, October 26, 2010 4:45 PM > > >> > To: [email protected] > > >> > Subject: Re: hbase monitoring through stargate > > >> > > > >> > The monitoring is done inside firewall. > > >> > They won't open any ports at all. > > >> > > > >> > Does anyone run Stargate in production ? > > >> > > > >> > On Tue, Oct 26, 2010 at 4:35 PM, Stack <[email protected]> wrote: > > >> > > > >> > > You can change the port it runs on? Or are ops saying they won't > > >> > open > > >> > > any ports at all for you? Do you have to monitor from outside the > > >> > > firewall? > > >> > > St.Ack > > >> > > > > >> > > On Tue, Oct 26, 2010 at 4:28 PM, Ted Yu <[email protected]> > > wrote: > > >> > > > Stargate provides REST service through certain port. > > >> > > > Ops told me that they cannot open additional port from hbase > > >> > cluster for > > >> > > > security reasons. > > >> > > > > > >> > > > I want to hear opinions/approaches w.r.t. hbase monitoring in > > >> > production > > >> > > > through stargate. > > >> > > > > > >> > > > Thanks > > >> > > > > > >> > > > > >> > > > > > > > > >
