If not already done, besides using an external load-balancer (like F5 - to let the end users remember only a single Hue login URL) please consider to add "Hue Load Balaner" role in CM > Hue service (which sets up an Apache httpd) to serve the static contents.
Thank you for the solution, I guess this would help to audit HUE access, though I was I looking for CM Audits.
For HUE I assume I need to add the parameter you mentioned in the following HUE configuration item.
Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini
Regarding to the preserve source client IP when login into CM console. I did log a ticket Cloudera Support and apparently there is JIRA OPSAPS-41615 was raised for this enhancement for CM server able to read XFF header. I don't have the access to the JIRA. I am not sure if you do.
Thanks again for the solution for HUE. I will try to test it my environment and I will update you.
Hi Rama, yes, you can configure that in the "Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini".
OPSAPS-41615 is still open, in the future you can ask the status from any of your account team contacts. If you don't know who are those contacts, please ask/clarify that through the already open support case.