Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

How do I restrict access to Ambari WebUI by IP address?

Labels:
avatar
author-rank toide author-rank
Contributor

Created ‎10-17-2018 01:42 AM

How do I restrict access to Ambari WebUI by IP address?

Of course, using a firewall included in OS is a solution, but I'd like to know the way which requires only to modify Ambari's configurations.

I know Ambari uses Jetty for HTTP server and Jetty provides IP address restriction by IPAccessHandler https://www.eclipse.org/jetty/documentation/9.4.x/ipaccess-handler.html, but I'm not sure how to apply this to Ambari.

1,357 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎10-17-2018 02:23 AM

@Takefumi Oide

From Ambari side currently i do not see any such option to enable the "IPAccessHandler" handler without Ambari Code changes.

This is correct that ambari uses Jetty API and it makes use of Handlers "org.eclipse.jetty.server" APIs via Java code (programatic way) but unfortunately it does not use the "IPAccessHandler" directly.
https://github.com/apache/ambari/blob/release-2.7.0/ambari-server/src/main/java/org/apache/ambari/se...

These handlers are added programmatically (not via configuration params) like following code: 

handlerList.addHandler(gzipHandler);


As it is done via Java code hence without code change i do not see an option for ambari to make use of Jetty handler "org.eclipse.jetty.server.handler.IPAccessHandler". It can not be achieved via configuration.

View solution in original post

1,316 Views
2 REPLIES 2

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎10-17-2018 02:23 AM

@Takefumi Oide

From Ambari side currently i do not see any such option to enable the "IPAccessHandler" handler without Ambari Code changes.

This is correct that ambari uses Jetty API and it makes use of Handlers "org.eclipse.jetty.server" APIs via Java code (programatic way) but unfortunately it does not use the "IPAccessHandler" directly.
https://github.com/apache/ambari/blob/release-2.7.0/ambari-server/src/main/java/org/apache/ambari/se...

These handlers are added programmatically (not via configuration params) like following code: 

handlerList.addHandler(gzipHandler);


As it is done via Java code hence without code change i do not see an option for ambari to make use of Jetty handler "org.eclipse.jetty.server.handler.IPAccessHandler". It can not be achieved via configuration.

1,317 Views

avatar
author-rank toide author-rank
Contributor

Created ‎10-18-2018 09:49 AM

Thanks, @Jay Kumar SenSharma

1,316 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements