[
https://issues.apache.org/jira/browse/HDFS-6219?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13969669#comment-13969669
]
Kihwal Lee commented on HDFS-6219:
----------------------------------
bq. Arguably if you trust a proxy, then you should be able to trust its
configuration to only accept other valid clients or proxies.
That's reasonable. +1 on the condition that this is documented, probably in
{{SecureMode.apt.m}}. If you decide to do it in a separate jira, please file
one and link it to this jira before resolving.
> Proxy superuser configuration should use true client IP for address checks
> --------------------------------------------------------------------------
>
> Key: HDFS-6219
> URL: https://issues.apache.org/jira/browse/HDFS-6219
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: namenode, webhdfs
> Affects Versions: 2.0.0-alpha, 3.0.0
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Attachments: HDFS-6219.patch
>
>
> Similar to HDFS-6218, the trusted proxies should use X-Forwarded-For when
> performing superuser checks so oozie can use webhdfs via a http proxy.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
