[jira] [Commented] (HIVE-21892) Trusted domain authentication should look at X-Forwarded-For header as well

Tue, 18 Jun 2019 22:47:04 -0700 


    [ 
https://issues.apache.org/jira/browse/HIVE-21892?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16867242#comment-16867242
 ] 

Hive QA commented on HIVE-21892:
--------------------------------



Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12972150/HIVE-21892.1.patch

{color:red}ERROR:{color} -1 due to no test(s) being added or modified.

{color:green}SUCCESS:{color} +1 due to 16168 tests passed

Test results: 
https://builds.apache.org/job/PreCommit-HIVE-Build/17642/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/17642/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-17642/

Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.YetusPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
{noformat}

This message is automatically generated.

ATTACHMENT ID: 12972150 - PreCommit-HIVE-Build

> Trusted domain authentication should look at X-Forwarded-For header as well
> ---------------------------------------------------------------------------
>
>                 Key: HIVE-21892
>                 URL: https://issues.apache.org/jira/browse/HIVE-21892
>             Project: Hive
>          Issue Type: Bug
>    Affects Versions: 4.0.0
>            Reporter: Prasanth Jayachandran
>            Assignee: Prasanth Jayachandran
>            Priority: Major
>         Attachments: HIVE-21892.1.patch
>
>
> HIVE-21783 added trusted domain authentication. However, it looks only at 
> request.getRemoteAddr() which works in most cases where there are no 
> intermediate forward/reverse proxies. In trusted domain scenarios, if there 
> intermediate proxies, the proxies typically append its own ip address 
> "X-Forwarded-For" header. The X-Forwarded-For will look like clientIp -> 
> proxyIp1 -> proxyIp2. The left most ip address in the X-Forwarded-For 
> represents the real client ip address. For such scenarios, add a config to 
> optionally look at X-Forwarded-For header when available to determine the 
> real client ip. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to