In 1.5.0, stricter controls were put in place to prevent a host header poisoning attack. This caused some usability issues as you have seen, so in 1.6.0 (soon to be released), we have made some changes to make this easier to control. There is a new property (nifi.web.proxy.host) in nifi.properties which accepts a comma-separated list of valid host names/IPs, so you can provide the IP address there to access the application using either hostname or IP. The reason you can only access it via hostname right now is because that is likely the value of nifi.web.http(s).host or it is determined by Java to be the local host name, so it is automatically added to the list of valid headers to compare incoming requests against.
Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Mar 18, 2018, at 8:37 PM, 李 磊 <[email protected]> wrote: > > Hi all, > > I now use the NIFI-1.5.0 and I want to build a NIFI cluster and make a > haproxy + keepalived ahead. > > It makes me confused that when I set the property “nifi.web.http.host” with > an ip, I can visit NIFI UI both ip or hostname, but when I set the property > with a hostname, I can only visit with the hostname, and response me an error > when I use the ip “System Error The request contained an invalid host header > [***.***.***.***:8079] in the request [/nifi/]. Check for request > manipulation or third-party intercept.”. > > Besides I find some description > “https://issues.apache.org/jira/browse/NIFI-4761 > <https://issues.apache.org/jira/browse/NIFI-4761>”. > > Could you tell me why the difference between ip and hostname and the correct > setup . Thanks!
signature.asc
Description: Message signed with OpenPGP using GPGMail
