mirror of
https://github.com/apache/impala.git
synced 2025-12-21 10:58:31 -05:00
3bdf1d2648
When using hs2-http protocol, http messages from Impala clients may pass through one or more proxies before reaching the Impala coordinator. This can make it harder to track the origin of the http messages. The 'X-Forwarded-For' header is added to or edited by HTTP proxies when forwarding a request, so it may contain multiple source addresses. Add the value of this header to the runtime profile so that it can be observed. Impala will truncate the 'X-Forwarded-For' header value at 8096 characters. Apart from this, Impala does not do any verification or sanitization of this value, so its value should only be trusted if the deployment environment protects against spoofing. A good reference for understanding the use of 'X-Forwarded-For' is https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For This patch does not address the cases where http proxies insert multiple 'X-Forwarded-For' headers. This issue is tracked in IMPALA-13335. TESTING: add an option '--hs2_x_forward' to impala-shell which will set the 'X-Forwarded-For' header. Add tests which verify that the value is set in the profile, and that a long value is truncated correctly. Change-Id: I2e010cfb09674c5d043ef915347c3836696e03cf Reviewed-on: http://gerrit.cloudera.org:8080/21700 Reviewed-by: Impala Public Jenkins <impala-public-jenkins@cloudera.com> Tested-by: Impala Public Jenkins <impala-public-jenkins@cloudera.com>
21 KiB
Executable File
21 KiB
Executable File