I think that we need to be careful to not add something even more spoofable than ip address. This may be acceptable if you were to check not only the header but also that the ip is that of a known proxy.
On Jun 1, 2016, at 12:13 PM, Ramesh Mani <rm...@hortonworks.com<mailto:rm...@hortonworks.com>> wrote: Tom, Would you like to create a ranger jira and provide a patch for it? Thanks, Ramesh From: "Ellis, Tom (Financial Markets IT)" <tom.el...@lloydsbanking.com<mailto:tom.el...@lloydsbanking.com>> Reply-To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Date: Wednesday, June 1, 2016 at 4:13 AM To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Subject: Knox X-Forwarded-For IP Policy Hi, The Knox Ranger Plugin will use the request’s remote address when authorizing at IP level, but this could obviously be a proxy. Is there any support for authorizing based on an X-Forwarded-For header (assuming this has been propagated down correctly)? Cheers, Tom Ellis Consultant Developer – Excelian Data Lake | Financial Markets IT LLOYDS BANK COMMERCIAL BANKING ________________________________ E: tom.el...@lloydsbanking.com<mailto:tom.el...@lloydsbanking.com> Website: www.lloydsbankcommercial.com<http://www.lloydsbankcommercial.com/> , , , Reduce printing. Lloyds Banking Group is helping to build the low carbon economy. Corporate Responsibility Report:www.lloydsbankinggroup-cr.com/downloads<http://www.lloydsbankinggroup-cr.com/downloads> Lloyds Banking Group plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC95000. Telephone: 0131 225 4555. Lloyds Bank plc. Registered Office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no. 2065. Telephone 0207626 1500. Bank of Scotland plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC327000. Telephone: 03457 801 801. Cheltenham & Gloucester plc. Registered Office: Barnett Way, Gloucester GL4 3RL. Registered in England and Wales 2299428. Telephone: 0345 603 1637 Lloyds Bank plc, Bank of Scotland plc are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority. Cheltenham & Gloucester plc is authorised and regulated by the Financial Conduct Authority. Halifax is a division of Bank of Scotland plc. Cheltenham & Gloucester Savings is a division of Lloyds Bank plc. HBOS plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC218813. This e-mail (including any attachments) is private and confidential and may contain privileged material. If you have received this e-mail in error, please notify the sender and delete it (including any attachments) immediately. You must not copy, distribute, disclose or use any of the information in it or any attachments. Telephone calls may be monitored or recorded.
