Support Questions
Find answers, ask questions, and share your expertise

How do I restrict access to Ambari WebUI by IP address?

Contributor

How do I restrict access to Ambari WebUI by IP address?

Of course, using a firewall included in OS is a solution, but I'd like to know the way which requires only to modify Ambari's configurations.

I know Ambari uses Jetty for HTTP server and Jetty provides IP address restriction by IPAccessHandler https://www.eclipse.org/jetty/documentation/9.4.x/ipaccess-handler.html, but I'm not sure how to apply this to Ambari.

1 ACCEPTED SOLUTION

Super Mentor

@Takefumi Oide

From Ambari side currently i do not see any such option to enable the "IPAccessHandler" handler without Ambari Code changes.

This is correct that ambari uses Jetty API and it makes use of Handlers "org.eclipse.jetty.server" APIs via Java code (programatic way) but unfortunately it does not use the "IPAccessHandler" directly.
https://github.com/apache/ambari/blob/release-2.7.0/ambari-server/src/main/java/org/apache/ambari/se...

These handlers are added programmatically (not via configuration params) like following code:

handlerList.addHandler(gzipHandler);


As it is done via Java code hence without code change i do not see an option for ambari to make use of Jetty handler "org.eclipse.jetty.server.handler.IPAccessHandler". It can not be achieved via configuration.

View solution in original post

2 REPLIES 2

Super Mentor

@Takefumi Oide

From Ambari side currently i do not see any such option to enable the "IPAccessHandler" handler without Ambari Code changes.

This is correct that ambari uses Jetty API and it makes use of Handlers "org.eclipse.jetty.server" APIs via Java code (programatic way) but unfortunately it does not use the "IPAccessHandler" directly.
https://github.com/apache/ambari/blob/release-2.7.0/ambari-server/src/main/java/org/apache/ambari/se...

These handlers are added programmatically (not via configuration params) like following code:

handlerList.addHandler(gzipHandler);


As it is done via Java code hence without code change i do not see an option for ambari to make use of Jetty handler "org.eclipse.jetty.server.handler.IPAccessHandler". It can not be achieved via configuration.

Contributor
; ;