----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72656/#review221148 -----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java Lines 142 (patched) <https://reviews.apache.org/r/72656/#comment309938> Should 'X-Forwarded-For' header be referenced only in case of trusted-proxy logins? Why not for all logins? Refer to following: - AssetMgr.getRemoteAddress() - RangerAccessRequestImpl.extractAndSetClientIPAddress(), called from RangerDefaultRequestProcessor.preProcess() - Madhan Neethiraj On July 7, 2020, 11:19 p.m., Sailaja Polavarapu wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72656/ > ----------------------------------------------------------- > > (Updated July 7, 2020, 11:19 p.m.) > > > Review request for ranger, Abhay Kulkarni, Mehul Parikh, Ramesh Mani, and > Velmurugan Periasamy. > > > Bugs: RANGER-2873 > https://issues.apache.org/jira/browse/RANGER-2873 > > > Repository: ranger > > > Description > ------- > > Added code to set client IP from x-forwarder-for header, if available, when > the request is trusted proxy enabled. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java > b542a435c > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java > 9877e14c3 > > > Diff: https://reviews.apache.org/r/72656/diff/1/ > > > Testing > ------- > > 1. Patched cluster and verified requests coming from knox with trusted proxy. > 2. Also verified non trusted proxy enabled requests for regression > > > Thanks, > > Sailaja Polavarapu > >
