02-15-2017 09:50 PM - edited 02-15-2017 09:59 PM
Many many thanks!! We had the same error  with CM 5.9 with embedded PostGRESql db.
I confirm that this has resolved our issue.
A gist of out setup:
Platform: AWS, 4 x t2.medium, 50GiB EBS
OS: CentOS 6 with updates HVM
03-09-2017 07:48 AM
I would like to understand what security risk this change addresses. From what I can tell, this will adversly impact any cloud deployment that is using default cloud-provided domain names (ie AWS with default VPC configuration) and it will not affect any environment (ie on-premesis) where the clients are in the same domain as Hue. The only situation that I have been able to imagine is one where Hue is sitting on the public Internet at hue.domain with a very loose firewall (if any) but we want only clients (laptop.domain) to be served.
Can the Hue Team elaborate on how allowed_hosts=".domain" can possibly help my customers and why every AWS install I do with 5.10 will require me to revert to allowed_hosts="*"?
03-09-2017 08:11 AM
I posted this somewhere else earlier and I think it will help answer your question:
Workaround to revert to pre-CDH 5.10 behavior:
NOTE: The goal in changing the default to something more restrictive was to improve security. Now that we are aware of the security measure, if desired, restriction can be added via a comma-separated list of hosts and IPs like this:
See the following on how to configure if you choose that route:
To round out the above explanation, before CDH 5.10, "allowed_hosts=*" was the default. We tried changing the default to help promote security as outlined in the above Django page.
Since our change to allowed_hosts to help enhance security had unanticipated negative experiences for existing users, we are reverting the CDH default to "allowed_hosts=*". We'll opt to document it better and also build in validation warnings in Cloudera Manager to strongly recommend not leaving "allowed_hosts=*" unless that is the desired configuration.
The security risk is described in the django documentation (see the link above).
03-11-2017 03:49 PM
same problem here
i am getting " server not found " when i open hue web UI, and i tried to access with the external ip address:8888, i am getting "Bad Request(400) ".
i have been trying to debug the error but no use
have you solved your error ? if yes can you share the solution that helps alot
03-17-2017 11:59 AM
So to clarify my assumptions and (mis)understandings:
The allowed_hosts setting is not checking the HTTP client's DNS domain. It is the Hue webserver framework (ie Django) checking the HTTP Host: header that the client sends.
In my case of AWS VPC with default public subnet configuration, my web browser thinks I am talking to ec2-54-50-32-4.compute-1.amazonaws.com and sends that as the Host: header. The Hue server sees that, expecting something more like ip-10-1-2-3.ec2.internal, and replies with the "Bad Request (400)" to the client.