[
https://issues.apache.org/jira/browse/NIFI-7329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann resolved NIFI-7329.
------------------------------------
Resolution: Workaround
The current {{HostHeaderHandler}} implementation supports configuring the
allowed {{Host}} header with and without the port number. In this scenario,
the {{nifi.web.proxy.host}} property should be set to the proxy server address
together with the port number, such as:
{noformat}
nifi.web.proxy.host=nifi.apache.org:443
{noformat}
Since the proxy server may or may not use the same port as NiFi, including the
value of {{nifi.web.https.port}} automatically does not seem like a reliable
solution.
> Host header handler is not generating all combinations of provided hostname
> and port
> ------------------------------------------------------------------------------------
>
> Key: NIFI-7329
> URL: https://issues.apache.org/jira/browse/NIFI-7329
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 1.11.4
> Reporter: Andy LoPresto
> Assignee: David Handermann
> Priority: Major
> Labels: http, security, tls
>
> As reported in private Slack chat, the host header handler is not combining
> the value of {{nifi.web.proxy.host}} in {{nifi.properties}} with the
> {{nifi.web.https.port}} value, thus blocking a connection on {{host:port}}.
> The handler is only injecting {{host}} into the valid list.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
