[jira] [Commented] (NIFI-4761) Allow whitelisting expected Host values

Fri, 19 Jan 2018 09:27:29 -0800 

    [ 
https://issues.apache.org/jira/browse/NIFI-4761?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16332576#comment-16332576
 ] 

Joseph Witt commented on NIFI-4761:
-----------------------------------

[~mcgilman] [~alopresto] seeing this issue

 

{quote}

-------------------------------------------------------
 T E S T S
-------------------------------------------------------
Running org.apache.nifi.web.server.HostHeaderHandlerTest
Tests run: 7, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.934 sec <<< 
FAILURE! - in org.apache.nifi.web.server.HostHeaderHandlerTest
testShouldHandle_1_5_0_DefaultValues(org.apache.nifi.web.server.HostHeaderHandlerTest)
 Time elapsed: 0.074 sec <<< FAILURE!
org.codehaus.groovy.runtime.powerassert.PowerAssertionError: 
assert handler.hostHeaderIsValid(host)
 | | |
 | false localhost:8080
 HostHeaderHandler for nifi.apache.org:8080
 at 
org.apache.nifi.web.server.HostHeaderHandlerTest.testShouldHandle_1_5_0_DefaultValues(HostHeaderHandlerTest.groovy:97)

Running org.apache.nifi.web.server.JettyServerTest
Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.285 sec - in 
org.apache.nifi.web.server.JettyServerTest

Results :

Failed tests: 
 HostHeaderHandlerTest.testShouldHandle_1_5_0_DefaultValues:97 assert 
handler.hostHeaderIsValid(host)
 | | |
 | false localhost:8080
 HostHeaderHandler for nifi.apache.org:8080

 

{quote}

> Allow whitelisting expected Host values
> ---------------------------------------
>
>                 Key: NIFI-4761
>                 URL: https://issues.apache.org/jira/browse/NIFI-4761
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.5.0
>            Reporter: Matt Gilman
>            Assignee: Andy LoPresto
>            Priority: Major
>              Labels: configuration, header, host, security
>
> NiFi has been updated to only accept requests where the Host header contains 
> an expected value. Currently, the expected values are driven by the .host 
> properties in nifi.properties. When running behind a proxy, the value may be 
> the proxy host if the headers simply pass through. In this scenario, we 
> should offer the ability to whitelist values in case updating the proxy 
> configuration isn't possible.
> Also, the proxy documentation in the admin guide should be updated to include 
> details regarding the Host name whitelisting. Also, should verify the context 
> path whitelisting is documented there.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to