Created 02-25-2021 02:06 AM
Hello Everyone,
Is there a reference document for exhaustive list of properties that can be set within ambari.properties?
I would like to check whether Ambari has an option for disabling HTTP OPTIONS method.
Thanks,
Megh
Created 03-01-2021 12:55 AM
Hello Megh,
Yes, You can surely do it using the command #ambari-server setup-security. This will make changes in the ambari.properties
You can refer to the below doc for complete steps by steps setup to disable HTTP and enable HTTPS.
Created 03-09-2021 02:16 AM
Hi @Atahar ,
Thanks for your reply. I'm actually looking for a property to disable HTTP options method as this is being flagged as a vulnerability by my internal Security team.
Thanks,
Megh
Created 03-09-2021 10:04 PM
Hello @vidanimegh ,
Do you have any CVE number for the vulnerability you are facing by the internal team?
Do you want to disable HTTP? That logically means you want to enable HTTPS.
Correct me if my understanding is wrong.
Created 03-10-2021 05:21 AM
Hello @Atahar ,
The Vulnerability ID is "http-options-method-enabled".
I Don't want to disable HTTP and enable HTTPS, I want to disable "HTTP Options Method".
Thanks,
Megh
Created 03-10-2021 05:57 AM
@vidanimegh I have done some research and there does not appear to be a way to disable the HTTP Options method from the Ambari Web UI. An RMP has been raised for this feature (RMP-10941) but it is not currently available. In terms of security, these options are made available because Ambari can be administered via curl API calls but each call is authenticated.
In terms of other ways to secure the WebUI, SSL can be enabled to ensure any response is encoded and Kerberos can be enabled to further secure the cluster.