Thanks for getting to this so soon. As soon as the ticket is closed, I'll be sure to give it a quick test with the proxy I am using. Thanks again.
On Wed, Jan 10, 2018 at 1:40 PM Andy LoPresto <[email protected]> wrote: > Matt meant to link to this Jira [1]. We will be writing a blog and > updating the documentation guides in addition to the new property. > > > [1] https://issues.apache.org/jira/browse/NIFI-4761 > > Andy LoPresto > [email protected] > *[email protected] <[email protected]>* > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > > On Jan 10, 2018, at 5:54 AM, Matt Gilman <[email protected]> wrote: > > Robert, James, All, > > NiFi has been updated to be a little more strict regarding incoming HTTP > requests. If the Host header does not comply with an expected value, the > request is rejected. Currently, the expected value comes from those .host > properties. What's happening is the proxy is likely passing through all > incoming header values. When NiFi sees the request, it appears as those it > was not meant for it so it's rejected. I believe there are two valid > options here: > > 1) Remove the Host header at the proxy. This should allow it to explicitly > set it to the NiFi Host when issuing the request instead of passing through > the incoming value. > 2) Update NiFi to allow whitelisting of expected Host values like we did > for context paths. I've created a JIRA for this option [1]. > > We'll make sure these get appropriately documented for folks running > behind a proxy. > > Thanks > > Matt > > [1] https://issues.apache.org/jira/browse/NIFI-4501 > > On Wed, Jan 10, 2018 at 5:00 AM, Robert R. Bruno <[email protected]> > wrote: > >> James, >> >> Funny enough I was thinking of the same hack, but as you said sounds a >> bit nasty. Hopefully there is a better solution. Also for me, I may not >> always have local admin rights on my client machine which I believe is >> required to change the hosts file. >> >> Thanks, >> Robert >> >> On Wed, Jan 10, 2018, 00:18 James Wing <[email protected]> wrote: >> >>> Robert, >>> >>> I had the same problem. One workaround I have used was to add the DNS >>> name to the /etc/hosts file with a local IP address, so that I could >>> configure that name in nifi.web.http.host and NiFi would still bind to the >>> right IP. It sounds like a nasty hack now that I describe it, but it >>> worked. >>> >>> Perhaps someone else knows a more elegant configuration? >>> >>> Thanks, >>> >>> James >>> >>> On Tue, Jan 9, 2018 at 7:33 AM, Robert R. Bruno <[email protected]> >>> wrote: >>> >>>> I just ran into this as well while trying out 1.5.0-SNAPSHOT. >>>> >>>> What is the solution where you are running nifi behind a proxy? I >>>> tried setting nifi.web.http.host to my proxy ip but then nifi attempted to >>>> bind to this ip address. >>>> >>>> Hopefully I am missing something. If not any chance a config value for >>>> allowed proxies before the release? >>>> >>>> >>>> >>>> On Fri, Dec 15, 2017, 19:26 Mike Thomsen <[email protected]> >>>> wrote: >>>> >>>>> Thanks. Is that documented? >>>>> >>>>> On Fri, Dec 15, 2017 at 7:02 PM, Andy LoPresto <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Mike, >>>>>> >>>>>> This is a recent change introduced in 1.5.0-SNAPSHOT (master). You >>>>>> can resolve this by setting nifi.web.http.host in nifi.properties to the >>>>>> value of SERVER_HERE. >>>>>> >>>>>> >>>>>> Andy LoPresto >>>>>> [email protected] >>>>>> *[email protected] <[email protected]>* >>>>>> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 >>>>>> >>>>>> On Dec 15, 2017, at 3:32 PM, Mike Thomsen <[email protected]> >>>>>> wrote: >>>>>> >>>>>> I get this error after I installed a new build: >>>>>> >>>>>> The request contained an invalid host header [SERVER_IP:8080] in the >>>>>> request [/]. Check for request manipulation or third-party intercept. >>>>>> >>>>>> In the logs it says: >>>>>> >>>>>> 2017-12-15 18:34:59,937 WARN [NiFi Web Server-66] >>>>>> o.a.n.w.s.HostHeaderSanitizationCustomizer Request host header >>>>>> [SERVER_HERE:8080] different from web hostname [(:8080)]. Overriding to >>>>>> [:8080/nifi/] >>>>>> 2017-12-15 18:34:59,938 WARN [NiFi Web Server-66] >>>>>> o.a.nifi.web.server.HostHeaderHandler Request host header >>>>>> [SERVER_HERE:8080] different from web hostname [localhost(:8080)]. >>>>>> Overriding to [localhost:8080/nifi/] >>>>>> 2017-12-15 18:35:00,059 WARN [NiFi Web Server-59] >>>>>> o.a.n.w.s.HostHeaderSanitizationCustomizer Request host header >>>>>> [SERVER_HERE:8080] different from web hostname [(:8080)]. Overriding to >>>>>> [:8080/favicon.ico] >>>>>> 2017-12-15 18:35:00,059 WARN [NiFi Web Server-59] >>>>>> o.a.nifi.web.server.HostHeaderHandler Request host header >>>>>> [SERVER_HERE:8080] different from web hostname [localhost(:8080)]. >>>>>> Overriding to [localhost:8080/favicon.ico] >>>>>> >>>>>> Never saw this with 1.4 and earlier. Any ideas? >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Mike >>>>>> >>>>>> >>>>>> >>>>> >>> > >
