hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Haohui Mai (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-5569) WebHDFS should support a deny/allow list for data access
Date Tue, 03 Dec 2013 01:37:35 GMT

    [ https://issues.apache.org/jira/browse/HDFS-5569?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13837216#comment-13837216
] 

Haohui Mai commented on HDFS-5569:
----------------------------------

[~farisa], what about putting an http proxy (e.g., nginx) over the namenode / datanode http
server? You can deploy path-based filtering pretty easily.

It seems to me that the Knox project is trying to solve the same problem, so it might be worthwhile
to check it out.

> WebHDFS should support a deny/allow list for data access
> --------------------------------------------------------
>
>                 Key: HDFS-5569
>                 URL: https://issues.apache.org/jira/browse/HDFS-5569
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: webhdfs
>            Reporter: Adam Faris
>              Labels: features
>
> Currently we can't restrict what networks are allowed to transfer data using WebHDFS.
 Obviously we can use firewalls to block ports, but this can be complicated and problematic
to maintain.  Additionally, because all the jetty servlets run inside the same container,
blocking access to jetty to prevent WebHDFS transfers also blocks the other servlets running
inside that same jetty container.
> I am requesting a deny/allow feature be added to WebHDFS.  This is already done with
the Apache HTTPD server, and is what I'd like to see the deny/allow list modeled after.  
Thanks.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message