Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

HTTP request works from a browser, but not from nifi.

avatar
Explorer

I am working on a highly secured network. We are required to white list any hosts that we plan on attempting to connect to. I have done so for three different end points that I am attempting to connect to via NiFi. Each of these end points work perfectly fine via a standard browser, but when I attempt the same call using InvokeHTTP in NiFi they fail.
One is using an SSL connection. I've confirmed that my keystores and truststores work via another secured network to the same host via nifi. 
The other two have no real additional security on the other end that could be blocking them so I assume its an issue with this networks configurations.
I'm trying to figure out if there are any potential settings in NiFi that could be changed that would make an GET HTTP call behave differently in NiFi than it would in a standard browser like Chrome or Firefox. Is it possible the call is getting directed through some unusual port? We are running NiFi on port 9090. Could that make a difference for any reason?
I also attempted to run these connections in Postman and I'm getting similar behavior as I do in NiFi. When I execute the request in Postman, I get three extra headers in my return on this system that I don't get on my old network. They are as follows:
X-Cache -> MISS from proxyint01
X-Cache-Lookup -> MISS from proxyint01:3128
via 1.1 proxyint01 (squid/3.5.20)


2 REPLIES 2

avatar
New Contributor

Facing similar issue, could you please let me know if you able to identify the solution for this issue.

avatar
Explorer
I believe what we determined was that most browsers will typically trust a
website if you call it using https, but if you try and make an https call
from nifi, you need to have a trust store built in order to let nifi know
you trust that site. I think alternatively you can set a property in the
invokeHttp processor called trusted host name that will allow you to get
around it.