Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Is there a reference document for ambari.properties

avatar
author-rank vidanimegh
Expert Contributor

Created ‎02-25-2021 02:06 AM

Hello Everyone,

 

Is there a reference document for exhaustive list of properties that can be set within ambari.properties?

 

I would like to check whether Ambari has an option for disabling HTTP OPTIONS method.

 

Thanks,

Megh

1,180 Views
0 Kudos
5 REPLIES 5

avatar
author-rank Atahar author-rank
Contributor

Created ‎03-01-2021 12:55 AM

Hello Megh,

 

Yes, You can surely do it using the command  #ambari-server setup-security. This will make changes in the ambari.properties

 

You can refer to the below doc for complete steps by steps setup to disable HTTP and enable HTTPS.

https://docs.cloudera.com/HDPDocuments/Ambari-2.2.0.0/bk_Ambari_Security_Guide/content/_optional_set...

1,147 Views
0 Kudos

avatar
author-rank vidanimegh
Expert Contributor

Created ‎03-09-2021 02:16 AM

Hi @Atahar ,

 

Thanks for your reply. I'm actually looking for a property to disable HTTP options method as this is being flagged as a vulnerability by my internal Security team.

 

Thanks,

Megh

1,114 Views
0 Kudos

avatar
author-rank Atahar author-rank
Contributor

Created ‎03-09-2021 10:04 PM

Hello @vidanimegh  , 

Do you have any CVE number for the vulnerability you are facing by the internal team?

Do you want to disable HTTP? That logically means you want to enable HTTPS.

Correct me if my understanding is wrong.

1,091 Views
0 Kudos

avatar
author-rank vidanimegh
Expert Contributor

Created ‎03-10-2021 05:21 AM

Hello @Atahar ,

 

The Vulnerability ID is "http-options-method-enabled".

 

I Don't want to disable HTTP and enable HTTPS, I want to disable "HTTP Options Method".

 

Thanks,

Megh

1,077 Views
0 Kudos

avatar
author-rank Atahar author-rank
Contributor

Created ‎03-10-2021 05:57 AM

@vidanimegh I have done some research and there does not appear to be a way to disable the HTTP Options method from the Ambari Web UI. An RMP has been raised for this feature (RMP-10941) but it is not currently available. In terms of security, these options are made available because Ambari can be administered via curl API calls but each call is authenticated.

In terms of other ways to secure the WebUI, SSL can be enabled to ensure any response is encoded and Kerberos can be enabled to further secure the cluster.

1,069 Views
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements