We are connecting to CM console via F5 Load Balancer (Reverse Proxy). We are trying to enable X-Forwarded-For (XFF) in HTTP header, to get actual source client IP address from the CM Audits log.
How can I enable CM server to read XFF HTTP header for the source client IP address instead of reading source IP address from layer 3?
Thank you in advance.
Hello @ram76 ,
You can configure Hue to use the XFF header:
See hue.ini reference:
If not already done, besides using an external load-balancer (like F5 - to let the end users remember only a single Hue login URL) please consider to add "Hue Load Balaner" role in CM > Hue service (which sets up an Apache httpd) to serve the static contents.
See the following for more:
Hope this helps. Best regards, Miklos
Hi @mszurap ,
Thank you for the solution, I guess this would help to audit HUE access, though I was I looking for CM Audits.
For HUE I assume I need to add the parameter you mentioned in the following HUE configuration item.
Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini
Regarding to the preserve source client IP when login into CM console. I did log a ticket Cloudera Support and apparently there is JIRA OPSAPS-41615 was raised for this enhancement for CM server able to read XFF header. I don't have the access to the JIRA. I am not sure if you do.
Thanks again for the solution for HUE. I will try to test it my environment and I will update you.
Hi Rama, yes, you can configure that in the "Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini".
OPSAPS-41615 is still open, in the future you can ask the status from any of your account team contacts. If you don't know who are those contacts, please ask/clarify that through the already open support case.
Best regards, Miklos