Support Questions

Find answers, ask questions, and share your expertise

NiFi 1.5 System Error: Invalid host header

avatar
Expert Contributor

Hi Guys,

I just upgraded NiFi from v1.4 to v1.5. The cluster is set in secure mode and running in Kubernetes.

But I found below error in Web UI.

System Error The request contained an invalid host header [server:port] in the request [/nifi/]. Check for request manipulation or third-party intercept.

Is it due to nifi.web.proxy.host property? How do I setup it? the IP of the nifi node?

Thanks.

1 ACCEPTED SOLUTION

avatar
Master Mentor

@Vincent van Oudenhoven

A Jira was raised in Apache Jira (https://issues.apache.org/jira/browse/NIFI-4761) to add a whitelist capability so that users could create a list of hostnames that would be allowed. This Whitelist feature is already part of the HDF 3.1 release from Hortonworks and will be part of the Apache NiFi 1.6 release at a later time.

I am sorry to report there is no way around this host name check in Apache NIFi 1.5.

Thanks,

Matt

View solution in original post

28 REPLIES 28

avatar
Explorer

I'm experiencing the same issue with running Docker 2 instances either locally on my laptop and on AWS.

Due to dockers setup, there should be some way to pass a startup parameter to:

- disable request header check

Locally Docker Nifi instance 1 : nifi1 on port 8080 is ok whilst on port 8090, where docker redirects, this fails.

This has stopped my current development.

Running a single instance without docker on AWS also generates this issue.

avatar

This is so messed up, isn't it?

The external client request hostname and port has to match the internal hostname and port? I've lost a day to trying to figure out how to get that working when I have multiple nifi instances in docker-compose and I'm not getting anywhere.

The only thing I can think might work is adding a proxy to intercept and rewrite those, but that's insane out of the box behaviour, surely?

avatar
Explorer

Has anyone successfully come up with a non proxy based solution?

avatar
Contributor

I'm also getting this same error. Running Nifi v1.5 on an EC2 instance (AWS) and trying to access it from my browser as follows: ec2-instance-IP:port/nifi/.

Is there a way to allow this access? I don't need to disable the "header check" as a whole, but it would be great if I could somehow allow whatever header it is that I'm currently passing to be allowed to go through.

Any help is appreciated.

avatar
Master Mentor

@Vincent van Oudenhoven

A Jira was raised in Apache Jira (https://issues.apache.org/jira/browse/NIFI-4761) to add a whitelist capability so that users could create a list of hostnames that would be allowed. This Whitelist feature is already part of the HDF 3.1 release from Hortonworks and will be part of the Apache NiFi 1.6 release at a later time.

I am sorry to report there is no way around this host name check in Apache NIFi 1.5.

Thanks,

Matt

avatar
Contributor
@Matt Clarke

Thank you for your reply. Would it thus be advised to run NIFI 1.4 for now?

avatar
Master Guru

Or you can run HDF 3.1, ambari makes it easy to manage your cluster. I recommend running Apache NiFi through HDF for a while.

avatar
Master Guru

Thanks Matt. The whitelist is really helpful.

avatar
Explorer

Hello Vincent,

Could you please share the link to the Ambari Whitelist Configuration.

this only link I found in Ambari wiki is about the Ambari Metrics White list :

https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Metrics+-+Whitelisting

Best Regards

Abdou

avatar
Explorer

Hello @Matt Clarke,

Could you please share the link to the Ambari Whitelist Configuration ?

this only link I found in Ambari wiki is about the Ambari Metrics White list :

https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Metrics+-+Whitelisting

Best Regards

Abdou