[ https://issues.apache.org/jira/browse/HIVE-21892?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16868048#comment-16868048 ]
Jason Dere commented on HIVE-21892: ----------------------------------- +1 > Trusted domain authentication should look at X-Forwarded-For header as well > --------------------------------------------------------------------------- > > Key: HIVE-21892 > URL: https://issues.apache.org/jira/browse/HIVE-21892 > Project: Hive > Issue Type: Bug > Affects Versions: 4.0.0 > Reporter: Prasanth Jayachandran > Assignee: Prasanth Jayachandran > Priority: Major > Labels: pull-request-available > Attachments: HIVE-21892.1.patch > > Time Spent: 40m > Remaining Estimate: 0h > > HIVE-21783 added trusted domain authentication. However, it looks only at > request.getRemoteAddr() which works in most cases where there are no > intermediate forward/reverse proxies. In trusted domain scenarios, if there > intermediate proxies, the proxies typically append its own ip address > "X-Forwarded-For" header. The X-Forwarded-For will look like clientIp -> > proxyIp1 -> proxyIp2. The left most ip address in the X-Forwarded-For > represents the real client ip address. For such scenarios, add a config to > optionally look at X-Forwarded-For header when available to determine the > real client ip. -- This message was sent by Atlassian JIRA (v7.6.3#76005)