question Restrict/Protect free access to users through web in Archives of Support Questions (Read Only) https://community.cloudera.com/t5/Archives-of-Support-Questions/Restrict-Protect-free-access-to-users-through-web/m-p/128682#M34683 <P>Hello,</P><P>Is there a way to restrict/protect the access to the following service URLs through browser. As of now all these URLs are accessible without authentication and our Security Assessment team list these as part of the vulnerabilities.</P><P><A href="http://domainame:50070/logs/" target="_blank">http://domainame:50070/logs/</A></P><P><A href="http://domainame:50070/explorer.html#/" target="_blank">http://domainame:50070/explorer.html#/</A> </P><P> <A href="http://domainame:50070/dfshealth.html#tab-datanode" target="_blank">http://domainame:50070/dfshealth.html#tab-datanode</A> </P><P> <A href="http://domainame:16030/rs-status" target="_blank">http://domainame:16030/rs-status</A> </P><P> <A href="http://domainame:8088/cluster/cluster" target="_blank">http://domainame:8088/cluster/cluster</A> </P><P> <A href="http://domainame:8188/applicationhistory" target="_blank">http://domainame:8188/applicationhistory</A> </P><P> <A href="http://domainame:8042/node" target="_blank">http://domainame:8042/node</A> </P><P><A href="http://secondarynamenode:16010/logs/" target="_blank">http://secondarynamenode:16010/logs/</A> </P><P><A href="http://datanode:61310/logs/" target="_blank">http://datanode:61310/logs/</A> </P><P>Your speedy response is highly appreciated.</P><P>Thanks</P> Fri, 16 Sep 2022 10:29:53 GMT testsaran09 2022-09-16T10:29:53Z Restrict/Protect free access to users through web https://community.cloudera.com/t5/Archives-of-Support-Questions/Restrict-Protect-free-access-to-users-through-web/m-p/128682#M34683 <P>Hello,</P><P>Is there a way to restrict/protect the access to the following service URLs through browser. As of now all these URLs are accessible without authentication and our Security Assessment team list these as part of the vulnerabilities.</P><P><A href="http://domainame:50070/logs/" target="_blank">http://domainame:50070/logs/</A></P><P><A href="http://domainame:50070/explorer.html#/" target="_blank">http://domainame:50070/explorer.html#/</A> </P><P> <A href="http://domainame:50070/dfshealth.html#tab-datanode" target="_blank">http://domainame:50070/dfshealth.html#tab-datanode</A> </P><P> <A href="http://domainame:16030/rs-status" target="_blank">http://domainame:16030/rs-status</A> </P><P> <A href="http://domainame:8088/cluster/cluster" target="_blank">http://domainame:8088/cluster/cluster</A> </P><P> <A href="http://domainame:8188/applicationhistory" target="_blank">http://domainame:8188/applicationhistory</A> </P><P> <A href="http://domainame:8042/node" target="_blank">http://domainame:8042/node</A> </P><P><A href="http://secondarynamenode:16010/logs/" target="_blank">http://secondarynamenode:16010/logs/</A> </P><P><A href="http://datanode:61310/logs/" target="_blank">http://datanode:61310/logs/</A> </P><P>Your speedy response is highly appreciated.</P><P>Thanks</P> Fri, 16 Sep 2022 10:29:53 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Restrict-Protect-free-access-to-users-through-web/m-p/128682#M34683 testsaran09 2022-09-16T10:29:53Z Re: Restrict/Protect free access to users through web https://community.cloudera.com/t5/Archives-of-Support-Questions/Restrict-Protect-free-access-to-users-through-web/m-p/128683#M34684 <P style="margin-left: 40px;"> <A rel="user" href="https://community.cloudera.com/users/11121/testsaran09.html" nodeid="11121">@Saravanan Ramaraj</A> have you looked into apache knox? </P><P>The Knox API Gateway is designed as a reverse proxy with consideration for pluggability in the areas of policy enforcement, through providers and the backend services for which it proxies requests. The Apache Knox Gateway is a REST API Gateway for interacting with Apache Hadoop clusters. The Knox Gateway provides a single access point for all REST interactions with Apache Hadoop clusters.</P><P>In this capacity, the Knox Gateway is able to provide valuable functionality to aid in the control, integration, monitoring and automation of critical administrative and analytical needs of the enterprise.</P><UL> <LI>Authentication (LDAP and Active Directory Authentication Provider)</LI><LI>Federation/SSO (HTTP Header Based Identity Federation)</LI><LI>Authorization (Service Level Authorization)</LI><LI>Auditing</LI></UL><P>And then for authorization you can use Apache Ranger which offers a centralized security framework to manage fine-grained access control over Hadoop data access components</P><P>coupled with kerberos you cluster will be secured and the links shall be authenticed using kerberos and ranger will provide authorization on what services the user has access to. Finally knox will be your perimeter security.</P> Thu, 14 Jul 2016 10:12:37 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Restrict-Protect-free-access-to-users-through-web/m-p/128683#M34684 sunile_manjee 2016-07-14T10:12:37Z