Created 10-17-2018 01:42 AM
How do I restrict access to Ambari WebUI by IP address?
Of course, using a firewall included in OS is a solution, but I'd like to know the way which requires only to modify Ambari's configurations.
I know Ambari uses Jetty for HTTP server and Jetty provides IP address restriction by IPAccessHandler https://www.eclipse.org/jetty/documentation/9.4.x/ipaccess-handler.html, but I'm not sure how to apply this to Ambari.
Created 10-17-2018 02:23 AM
From Ambari side currently i do not see any such option to enable the "IPAccessHandler" handler without Ambari Code changes.
This is correct that ambari uses Jetty API and it makes use of Handlers "org.eclipse.jetty.server" APIs via Java code (programatic way) but unfortunately it does not use the "IPAccessHandler" directly.
https://github.com/apache/ambari/blob/release-2.7.0/ambari-server/src/main/java/org/apache/ambari/se...
These handlers are added programmatically (not via configuration params) like following code:
handlerList.addHandler(gzipHandler);
As it is done via Java code hence without code change i do not see an option for ambari to make use of Jetty handler "org.eclipse.jetty.server.handler.IPAccessHandler". It can not be achieved via configuration.
Created 10-17-2018 02:23 AM
From Ambari side currently i do not see any such option to enable the "IPAccessHandler" handler without Ambari Code changes.
This is correct that ambari uses Jetty API and it makes use of Handlers "org.eclipse.jetty.server" APIs via Java code (programatic way) but unfortunately it does not use the "IPAccessHandler" directly.
https://github.com/apache/ambari/blob/release-2.7.0/ambari-server/src/main/java/org/apache/ambari/se...
These handlers are added programmatically (not via configuration params) like following code:
handlerList.addHandler(gzipHandler);
As it is done via Java code hence without code change i do not see an option for ambari to make use of Jetty handler "org.eclipse.jetty.server.handler.IPAccessHandler". It can not be achieved via configuration.
Created 10-18-2018 09:49 AM
Thanks, @Jay Kumar SenSharma