Cloudera 5.16.2: Enable/Disable HTTP Methods for specific services

ask_bill_brooks · ‎02-11-2020

Hi,

We have a customer requirement to disable some HTTP methods like DELETE and TRACE for some specific services like Oozie. Is this possible to do from Cloudera Manager?

I did try manually changing the web.xml in the configuration directories of the services but any restart or configuration refresh done from Cloudera Manager overrides the configuration changes. Any help would be greatly appreciated.

Thanks.

Regards,

CaptainJay

venkatsambath · ‎02-12-2020

May I know which particular web.xml did you tweak? I see these xmls gets refreshed on every restart

/var/lib/oozie/tomcat-deployment/conf/web.xml
/var/lib/oozie/tomcat-deployment/conf/ssl/ssl-web.xml
/var/lib/oozie/tomcat-deployment/webapps/oozie/WEB-INF/web.xml

The script which copies these files is /opt/cloudera/parcels/CDH/lib/oozie/tomcat-deployment.sh which would give you clues on the source files from which the above files gets copied to.

isoardi · ‎03-09-2021

Uhm,

I don't think there is a "simple" method in amabri configurations.

But I would try to look in the web app configuration path, then the web.xml, ssl.xm ... and see if you can intervene at that level.

In other contexts these kinds of limitations were handled "before" they came to the ambari interfaces.