Steve Loughran resolved YARN-2086.
    Resolution: Won't Fix

you can't open the filter and keep the AM secure ... the only secure solution 
here is for the proxy to support the full set of HTTP verbs

> AmIpFilter to support REST APIs
> -------------------------------
>                 Key: YARN-2086
>                 URL: https://issues.apache.org/jira/browse/YARN-2086
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: webapp
>            Reporter: Steve Loughran
> The {{AmIpFilter}} doesn't like REST APIs, as all operations are redirected 
> to the proxy as a 302. Even if the proxy did relay all verbs, the filter 
> would need to return a 307 and hope the client was enable to re-issue the 
> verb.
> The alternative is to have a dedicated part of the webapp to be unproxied, 
> which we did with a custom filter to not relay "/ws/*", or even allow apps to 
> register a rest endpoint directly, either in the AppReport data, or via the 
> YARN-913 registry

This message was sent by Atlassian JIRA

Reply via email to