Support Questions

alvinuw · ‎01-18-2018

Hi Guys,

I just upgraded NiFi from v1.4 to v1.5. The cluster is set in secure mode and running in Kubernetes.

But I found below error in Web UI.

System Error The request contained an invalid host header [server:port] in the request [/nifi/]. Check for request manipulation or third-party intercept.

Is it due to nifi.web.proxy.host property? How do I setup it? the IP of the nifi node?

Thanks.

MattWho · ‎02-26-2018

@Vincent van Oudenhoven

A Jira was raised in Apache Jira (https://issues.apache.org/jira/browse/NIFI-4761) to add a whitelist capability so that users could create a list of hostnames that would be allowed. This Whitelist feature is already part of the HDF 3.1 release from Hortonworks and will be part of the Apache NiFi 1.6 release at a later time.

I am sorry to report there is no way around this host name check in Apache NIFi 1.5.

Thanks,

Matt

View solution in original post

craig_knell · ‎01-27-2018

I'm experiencing the same issue with running Docker 2 instances either locally on my laptop and on AWS.

Due to dockers setup, there should be some way to pass a startup parameter to:

- disable request header check

Locally Docker Nifi instance 1 : nifi1 on port 8080 is ok whilst on port 8090, where docker redirects, this fails.

This has stopped my current development.

Running a single instance without docker on AWS also generates this issue.

rich_midwinter · ‎02-23-2018

This is so messed up, isn't it?

The external client request hostname and port has to match the internal hostname and port? I've lost a day to trying to figure out how to get that working when I have multiple nifi instances in docker-compose and I'm not getting anywhere.

The only thing I can think might work is adding a proxy to intercept and rewrite those, but that's insane out of the box behaviour, surely?

craig_knell · ‎02-25-2018

Has anyone successfully come up with a non proxy based solution?

vincentvanouden · ‎02-25-2018

I'm also getting this same error. Running Nifi v1.5 on an EC2 instance (AWS) and trying to access it from my browser as follows: ec2-instance-IP:port/nifi/.

Is there a way to allow this access? I don't need to disable the "header check" as a whole, but it would be great if I could somehow allow whatever header it is that I'm currently passing to be allowed to go through.

Any help is appreciated.

MattWho · ‎02-26-2018

@Vincent van Oudenhoven

A Jira was raised in Apache Jira (https://issues.apache.org/jira/browse/NIFI-4761) to add a whitelist capability so that users could create a list of hostnames that would be allowed. This Whitelist feature is already part of the HDF 3.1 release from Hortonworks and will be part of the Apache NiFi 1.6 release at a later time.

I am sorry to report there is no way around this host name check in Apache NIFi 1.5.

Thanks,

Matt

vincentvanouden · ‎02-27-2018

@Matt Clarke

Thank you for your reply. Would it thus be advised to run NIFI 1.4 for now?

TimothySpann · ‎02-27-2018

Or you can run HDF 3.1, ambari makes it easy to manage your cluster. I recommend running Apache NiFi through HDF for a while.

TimothySpann · ‎02-27-2018

Thanks Matt. The whitelist is really helpful.

abourakb · ‎04-10-2018

Hello Vincent,

Could you please share the link to the Ambari Whitelist Configuration.

this only link I found in Ambari wiki is about the Ambari Metrics White list :

https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Metrics+-+Whitelisting

Best Regards

Abdou

abourakb · ‎04-13-2018

Hello @Matt Clarke,

Could you please share the link to the Ambari Whitelist Configuration ?

this only link I found in Ambari wiki is about the Ambari Metrics White list :

https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Metrics+-+Whitelisting

Best Regards

Abdou

Cloudera Community

Support Questions

NiFi 1.5 System Error: Invalid host header