Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Preserve Source client IP address when use Load Balancer to connect to CM console

Labels:
avatar
author-rank ram76
Contributor

Created ‎03-22-2022 09:48 AM

Hello All,

 

We are connecting to CM console via F5 Load Balancer (Reverse Proxy). We are trying to enable X-Forwarded-For (XFF) in HTTP header, to get actual source client IP address from the CM Audits log.

 

How can I enable CM server to read XFF HTTP header for the source client IP address instead of reading source IP address from layer 3?

 

Thank you in advance.

1,719 Views
0 Kudos
3 REPLIES 3

avatar
author-rank mszurap author-rank
Guru

Created ‎03-24-2022 01:29 AM

Hello @ram76 ,

 

You can configure Hue to use the XFF header:

[desktop]
use_x_forwarded_host=true

See hue.ini reference:

https://github.com/cloudera/hue/blob/master/desktop/conf.dist/hue.ini

If not already done, besides using an external load-balancer (like F5 - to let the end users remember only a single Hue login URL) please consider to add "Hue Load Balaner" role in CM > Hue service  (which sets up an Apache httpd) to serve the static contents.

See the following for more:

https://docs.cloudera.com/documentation/enterprise/6/6.3/topics/hue_use_add_lb.html#hue_use_add_lb 

Hope this helps. Best regards, Miklos

1,683 Views

avatar
author-rank ram76
Contributor

Created ‎03-25-2022 12:59 AM

Hi @mszurap ,

 

Thank you for the solution, I guess this would help to audit HUE access, though I was I looking for CM Audits.

 

For HUE I assume I need to add the parameter you mentioned in the following HUE configuration item.

Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini

 

Regarding to the preserve source client IP when login into CM console. I did log a ticket Cloudera Support and apparently there is JIRA OPSAPS-41615 was raised for this enhancement for CM server able to read XFF header. I don't have the access to the JIRA. I am not sure if you do.

 

Thanks again for the solution for HUE. I will try to test it my environment and I will update you.

 

Kind regards,

Rama.

1,664 Views
0 Kudos

avatar
author-rank mszurap author-rank
Guru

Created ‎03-25-2022 01:27 AM

Hi Rama, yes, you can configure that in the "Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini".

OPSAPS-41615 is still open, in the future you can ask the status from any of your account team contacts. If you don't know who are those contacts, please ask/clarify that through the already open support case.

Best regards,  Miklos

1,661 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements