[jira] [Commented] (NIFI-4761) Allow whitelisting expected Host values

Fri, 19 Jan 2018 07:59:30 -0800 

    [ 
https://issues.apache.org/jira/browse/NIFI-4761?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16332448#comment-16332448
 ] 

ASF subversion and git services commented on NIFI-4761:
-------------------------------------------------------

Commit 8cb09c301d6fef70cc8a02a4a7e80f3062ab58ae in nifi's branch 
refs/heads/master from [~alopresto]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=8cb09c3 ]

NIFI-4761
Added HostHeaderHandler regression unit tests before adding new functionality.
Added logic for parsing nifi.web.proxy.host property.
Added default property in nifi.properties and pom.xml.
Added logic for IPv6 and custom default hostnames.
Improved error messaging.
Added HostHeaderHandler unit tests.
Disabled HostHeaderSanitizationCustomizer in HTTP mode.
Fixed HTML escaping in error message.
Improved error message.
Added failing unit test for parsing custom hostnames.
Fixed custom hostname parsing.
Fixed unit tests.
Added TODO for IPv6 custom hostname parsing and unit test.
Added IPv6 custom hostname parsing and unit tests.
Fixed checkstyle issues.
Removed empty element in host list when no value defined.
Improved error message formatting.
Added unit tests.
Removed HostHeaderSanitizationCustomizer.
Removed InvalidPropertiesFormatException from NiFiProperties.
Removed InvalidPropertiesFormatException from HostHeaderHandler.
This closes #2415


> Allow whitelisting expected Host values
> ---------------------------------------
>
>                 Key: NIFI-4761
>                 URL: https://issues.apache.org/jira/browse/NIFI-4761
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.5.0
>            Reporter: Matt Gilman
>            Assignee: Andy LoPresto
>            Priority: Major
>              Labels: configuration, header, host, security
>
> NiFi has been updated to only accept requests where the Host header contains 
> an expected value. Currently, the expected values are driven by the .host 
> properties in nifi.properties. When running behind a proxy, the value may be 
> the proxy host if the headers simply pass through. In this scenario, we 
> should offer the ability to whitelist values in case updating the proxy 
> configuration isn't possible.
> Also, the proxy documentation in the admin guide should be updated to include 
> details regarding the Host name whitelisting. Also, should verify the context 
> path whitelisting is documented there.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to