Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

How do I restrict access to Ambari WebUI by IP address?

avatar
Contributor

How do I restrict access to Ambari WebUI by IP address?

Of course, using a firewall included in OS is a solution, but I'd like to know the way which requires only to modify Ambari's configurations.

I know Ambari uses Jetty for HTTP server and Jetty provides IP address restriction by IPAccessHandler https://www.eclipse.org/jetty/documentation/9.4.x/ipaccess-handler.html, but I'm not sure how to apply this to Ambari.

1 ACCEPTED SOLUTION

avatar
Master Mentor

@Takefumi Oide

From Ambari side currently i do not see any such option to enable the "IPAccessHandler" handler without Ambari Code changes.

This is correct that ambari uses Jetty API and it makes use of Handlers "org.eclipse.jetty.server" APIs via Java code (programatic way) but unfortunately it does not use the "IPAccessHandler" directly.
https://github.com/apache/ambari/blob/release-2.7.0/ambari-server/src/main/java/org/apache/ambari/se...

These handlers are added programmatically (not via configuration params) like following code:

handlerList.addHandler(gzipHandler);


As it is done via Java code hence without code change i do not see an option for ambari to make use of Jetty handler "org.eclipse.jetty.server.handler.IPAccessHandler". It can not be achieved via configuration.

View solution in original post

2 REPLIES 2

avatar
Master Mentor

@Takefumi Oide

From Ambari side currently i do not see any such option to enable the "IPAccessHandler" handler without Ambari Code changes.

This is correct that ambari uses Jetty API and it makes use of Handlers "org.eclipse.jetty.server" APIs via Java code (programatic way) but unfortunately it does not use the "IPAccessHandler" directly.
https://github.com/apache/ambari/blob/release-2.7.0/ambari-server/src/main/java/org/apache/ambari/se...

These handlers are added programmatically (not via configuration params) like following code:

handlerList.addHandler(gzipHandler);


As it is done via Java code hence without code change i do not see an option for ambari to make use of Jetty handler "org.eclipse.jetty.server.handler.IPAccessHandler". It can not be achieved via configuration.

avatar
Contributor