Prasanth Jayachandran created HIVE-21892:
--------------------------------------------
Summary: Trusted domain authentication should look at
X-Forwarded-For header as well
Key: HIVE-21892
URL: https://issues.apache.org/jira/browse/HIVE-21892
Project: Hive
Issue Type: Bug
Affects Versions: 4.0.0
Reporter: Prasanth Jayachandran
Assignee: Prasanth Jayachandran
HIVE-21783 added trusted domain authentication. However, it looks only at
request.getRemoteAddr() which works in most cases where there are no
intermediate forward/reverse proxies. In trusted domain scenarios, if there
intermediate proxies, the proxies typically append its own ip address
"X-Forwarded-For" header. The X-Forwarded-For will look like clientIp ->
proxyIp1 -> proxyIp2. The left most ip address in the X-Forwarded-For
represents the real client ip address. For such scenarios, add a config to
optionally look at X-Forwarded-For header when available to determine the real
client ip.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
