You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ranger.apache.org by "Ellis, Tom (Financial Markets IT)" <To...@LloydsBanking.com> on 2016/06/01 11:13:02 UTC
Knox X-Forwarded-For IP Policy
Hi,
The Knox Ranger Plugin will use the request's remote address when authorizing at IP level, but this could obviously be a proxy. Is there any support for authorizing based on an X-Forwarded-For header (assuming this has been propagated down correctly)?
Cheers,
Tom Ellis
Consultant Developer - Excelian
Data Lake | Financial Markets IT
LLOYDS BANK COMMERCIAL BANKING
________________________________
E: Tom.Ellis@LloydsBanking.com<ma...@LloydsBanking.com>
Website: www.lloydsbankcommercial.com<http://www.lloydsbankcommercial.com/>
, , ,
Reduce printing. Lloyds Banking Group is helping to build the low carbon economy.
Corporate Responsibility Report: www.lloydsbankinggroup-cr.com/downloads<http://www.lloydsbankinggroup-cr.com/downloads>
Lloyds Banking Group plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC95000. Telephone: 0131 225 4555. Lloyds Bank plc. Registered Office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no. 2065. Telephone 0207626 1500. Bank of Scotland plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC327000. Telephone: 03457 801 801. Cheltenham & Gloucester plc. Registered Office: Barnett Way, Gloucester GL4 3RL. Registered in England and Wales 2299428. Telephone: 0345 603 1637
Lloyds Bank plc, Bank of Scotland plc are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority.
Cheltenham & Gloucester plc is authorised and regulated by the Financial Conduct Authority.
Halifax is a division of Bank of Scotland plc. Cheltenham & Gloucester Savings is a division of Lloyds Bank plc.
HBOS plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC218813.
This e-mail (including any attachments) is private and confidential and may contain privileged material. If you have received this e-mail in error, please notify the sender and delete it (including any attachments) immediately. You must not copy, distribute, disclose or use any of the information in it or any attachments. Telephone calls may be monitored or recorded.
Re: Knox X-Forwarded-For IP Policy
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
Hi Tom,
Please take a look at RANGER-962<https://issues.apache.org/jira/browse/RANGER-962>. This is still being worked as it has dependency on Hive. Also, although this is specific to Hive, it may be extended to Hbase as well if/when Hbase supports X-Forwarded-For header. Current design of this feature supports user supplied list of trusted proxies (through a configuration proprerty) for whom the X-Forwarded-For header will be read and used.
This is not part of Ranger 0.6 Geolocation based policies. Also, it does not address Knox Ranger Plugin.
Thanks,
-Abhay
From: "Ellis, Tom (Financial Markets IT)" <To...@LloydsBanking.com>>
Reply-To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Date: Thursday, June 2, 2016 at 1:45 AM
To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Subject: RE: Knox X-Forwarded-For IP Policy
Hi Abhay,
Can you elaborate on this? Is this part of the Ranger 0.6 Geolocation based policies or something different?
Is HBase included in these downstream components?
Where is the source for this?
From: Abhay Kulkarni [mailto:akulkarni@hortonworks.com]
Sent: 01 June 2016 23:18
To: user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>
Subject: Re: Knox X-Forwarded-For IP Policy
-- This email has reached the Bank via an external source --
Ranger authorization plugin in downstream components (such as Hive) will do exactly this. It will use the IP address in X-Forwarded-For header only if the remote-ip-address is address of one of the known and trusted nodes.
Thanks,
-Abhay
From: Larry McCay <lm...@hortonworks.com>>
Reply-To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Date: Wednesday, June 1, 2016 at 10:38 AM
To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Subject: Re: Knox X-Forwarded-For IP Policy
I think that we need to be careful to not add something even more spoofable than ip address.
This may be acceptable if you were to check not only the header but also that the ip is that of a known proxy.
On Jun 1, 2016, at 12:13 PM, Ramesh Mani <rm...@hortonworks.com>> wrote:
Tom,
Would you like to create a ranger jira and provide a patch for it?
Thanks,
Ramesh
From: "Ellis, Tom (Financial Markets IT)" <To...@LloydsBanking.com>>
Reply-To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Date: Wednesday, June 1, 2016 at 4:13 AM
To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Subject: Knox X-Forwarded-For IP Policy
Hi,
The Knox Ranger Plugin will use the request's remote address when authorizing at IP level, but this could obviously be a proxy. Is there any support for authorizing based on an X-Forwarded-For header (assuming this has been propagated down correctly)?
Cheers,
Tom Ellis
Consultant Developer - Excelian
Data Lake | Financial Markets IT
LLOYDS BANK COMMERCIAL BANKING
________________________________
E: Tom.Ellis@LloydsBanking.com<ma...@LloydsBanking.com>
Website: www.lloydsbankcommercial.com<http://www.lloydsbankcommercial.com/>
, , ,
Reduce printing. Lloyds Banking Group is helping to build the low carbon economy.
Corporate Responsibility Report:www.lloydsbankinggroup-cr.com/downloads<http://www.lloydsbankinggroup-cr.com/downloads>
Lloyds Banking Group plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC95000. Telephone: 0131 225 4555. Lloyds Bank plc. Registered Office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no. 2065. Telephone 0207626 1500. Bank of Scotland plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC327000. Telephone: 03457 801 801. Cheltenham & Gloucester plc. Registered Office: Barnett Way, Gloucester GL4 3RL. Registered in England and Wales 2299428. Telephone: 0345 603 1637
Lloyds Bank plc, Bank of Scotland plc are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority.
Cheltenham & Gloucester plc is authorised and regulated by the Financial Conduct Authority.
Halifax is a division of Bank of Scotland plc. Cheltenham & Gloucester Savings is a division of Lloyds Bank plc.
HBOS plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC218813.
This e-mail (including any attachments) is private and confidential and may contain privileged material. If you have received this e-mail in error, please notify the sender and delete it (including any attachments) immediately. You must not copy, distribute, disclose or use any of the information in it or any attachments. Telephone calls may be monitored or recorded.
Lloyds Banking Group plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC95000. Telephone: 0131 225 4555. Lloyds Bank plc. Registered Office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no. 2065. Telephone 0207626 1500. Bank of Scotland plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC327000. Telephone: 03457 801 801. Cheltenham & Gloucester plc. Registered Office: Barnett Way, Gloucester GL4 3RL. Registered in England and Wales 2299428. Telephone: 0345 603 1637
Lloyds Bank plc, Bank of Scotland plc are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority.
Cheltenham & Gloucester plc is authorised and regulated by the Financial Conduct Authority.
Halifax is a division of Bank of Scotland plc. Cheltenham & Gloucester Savings is a division of Lloyds Bank plc.
HBOS plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC218813.
This e-mail (including any attachments) is private and confidential and may contain privileged material. If you have received this e-mail in error, please notify the sender and delete it (including any attachments) immediately. You must not copy, distribute, disclose or use any of the information in it or any attachments. Telephone calls may be monitored or recorded.
RE: Knox X-Forwarded-For IP Policy
Posted by "Ellis, Tom (Financial Markets IT)" <To...@LloydsBanking.com>.
Hi Abhay,
Can you elaborate on this? Is this part of the Ranger 0.6 Geolocation based policies or something different?
Is HBase included in these downstream components?
Where is the source for this?
From: Abhay Kulkarni [mailto:akulkarni@hortonworks.com]
Sent: 01 June 2016 23:18
To: user@ranger.incubator.apache.org
Subject: Re: Knox X-Forwarded-For IP Policy
-- This email has reached the Bank via an external source --
Ranger authorization plugin in downstream components (such as Hive) will do exactly this. It will use the IP address in X-Forwarded-For header only if the remote-ip-address is address of one of the known and trusted nodes.
Thanks,
-Abhay
From: Larry McCay <lm...@hortonworks.com>>
Reply-To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Date: Wednesday, June 1, 2016 at 10:38 AM
To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Subject: Re: Knox X-Forwarded-For IP Policy
I think that we need to be careful to not add something even more spoofable than ip address.
This may be acceptable if you were to check not only the header but also that the ip is that of a known proxy.
On Jun 1, 2016, at 12:13 PM, Ramesh Mani <rm...@hortonworks.com>> wrote:
Tom,
Would you like to create a ranger jira and provide a patch for it?
Thanks,
Ramesh
From: "Ellis, Tom (Financial Markets IT)" <To...@LloydsBanking.com>>
Reply-To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Date: Wednesday, June 1, 2016 at 4:13 AM
To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Subject: Knox X-Forwarded-For IP Policy
Hi,
The Knox Ranger Plugin will use the request's remote address when authorizing at IP level, but this could obviously be a proxy. Is there any support for authorizing based on an X-Forwarded-For header (assuming this has been propagated down correctly)?
Cheers,
Tom Ellis
Consultant Developer - Excelian
Data Lake | Financial Markets IT
LLOYDS BANK COMMERCIAL BANKING
________________________________
E: Tom.Ellis@LloydsBanking.com<ma...@LloydsBanking.com>
Website: www.lloydsbankcommercial.com<http://www.lloydsbankcommercial.com/>
, , ,
Reduce printing. Lloyds Banking Group is helping to build the low carbon economy.
Corporate Responsibility Report:www.lloydsbankinggroup-cr.com/downloads<http://www.lloydsbankinggroup-cr.com/downloads>
Lloyds Banking Group plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC95000. Telephone: 0131 225 4555. Lloyds Bank plc. Registered Office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no. 2065. Telephone 0207626 1500. Bank of Scotland plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC327000. Telephone: 03457 801 801. Cheltenham & Gloucester plc. Registered Office: Barnett Way, Gloucester GL4 3RL. Registered in England and Wales 2299428. Telephone: 0345 603 1637
Lloyds Bank plc, Bank of Scotland plc are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority.
Cheltenham & Gloucester plc is authorised and regulated by the Financial Conduct Authority.
Halifax is a division of Bank of Scotland plc. Cheltenham & Gloucester Savings is a division of Lloyds Bank plc.
HBOS plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC218813.
This e-mail (including any attachments) is private and confidential and may contain privileged material. If you have received this e-mail in error, please notify the sender and delete it (including any attachments) immediately. You must not copy, distribute, disclose or use any of the information in it or any attachments. Telephone calls may be monitored or recorded.
Lloyds Banking Group plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC95000. Telephone: 0131 225 4555. Lloyds Bank plc. Registered Office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no. 2065. Telephone 0207626 1500. Bank of Scotland plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC327000. Telephone: 03457 801 801. Cheltenham & Gloucester plc. Registered Office: Barnett Way, Gloucester GL4 3RL. Registered in England and Wales 2299428. Telephone: 0345 603 1637
Lloyds Bank plc, Bank of Scotland plc are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority.
Cheltenham & Gloucester plc is authorised and regulated by the Financial Conduct Authority.
Halifax is a division of Bank of Scotland plc. Cheltenham & Gloucester Savings is a division of Lloyds Bank plc.
HBOS plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC218813.
This e-mail (including any attachments) is private and confidential and may contain privileged material. If you have received this e-mail in error, please notify the sender and delete it (including any attachments) immediately. You must not copy, distribute, disclose or use any of the information in it or any attachments. Telephone calls may be monitored or recorded.
Re: Knox X-Forwarded-For IP Policy
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
Ranger authorization plugin in downstream components (such as Hive) will do exactly this. It will use the IP address in X-Forwarded-For header only if the remote-ip-address is address of one of the known and trusted nodes.
Thanks,
-Abhay
From: Larry McCay <lm...@hortonworks.com>>
Reply-To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Date: Wednesday, June 1, 2016 at 10:38 AM
To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Subject: Re: Knox X-Forwarded-For IP Policy
I think that we need to be careful to not add something even more spoofable than ip address.
This may be acceptable if you were to check not only the header but also that the ip is that of a known proxy.
On Jun 1, 2016, at 12:13 PM, Ramesh Mani <rm...@hortonworks.com>> wrote:
Tom,
Would you like to create a ranger jira and provide a patch for it?
Thanks,
Ramesh
From: "Ellis, Tom (Financial Markets IT)" <To...@LloydsBanking.com>>
Reply-To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Date: Wednesday, June 1, 2016 at 4:13 AM
To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Subject: Knox X-Forwarded-For IP Policy
Hi,
The Knox Ranger Plugin will use the request's remote address when authorizing at IP level, but this could obviously be a proxy. Is there any support for authorizing based on an X-Forwarded-For header (assuming this has been propagated down correctly)?
Cheers,
Tom Ellis
Consultant Developer - Excelian
Data Lake | Financial Markets IT
LLOYDS BANK COMMERCIAL BANKING
________________________________
E: Tom.Ellis@LloydsBanking.com<ma...@LloydsBanking.com>
Website: www.lloydsbankcommercial.com<http://www.lloydsbankcommercial.com/>
, , ,
Reduce printing. Lloyds Banking Group is helping to build the low carbon economy.
Corporate Responsibility Report:www.lloydsbankinggroup-cr.com/downloads<http://www.lloydsbankinggroup-cr.com/downloads>
Lloyds Banking Group plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC95000. Telephone: 0131 225 4555. Lloyds Bank plc. Registered Office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no. 2065. Telephone 0207626 1500. Bank of Scotland plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC327000. Telephone: 03457 801 801. Cheltenham & Gloucester plc. Registered Office: Barnett Way, Gloucester GL4 3RL. Registered in England and Wales 2299428. Telephone: 0345 603 1637
Lloyds Bank plc, Bank of Scotland plc are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority.
Cheltenham & Gloucester plc is authorised and regulated by the Financial Conduct Authority.
Halifax is a division of Bank of Scotland plc. Cheltenham & Gloucester Savings is a division of Lloyds Bank plc.
HBOS plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC218813.
This e-mail (including any attachments) is private and confidential and may contain privileged material. If you have received this e-mail in error, please notify the sender and delete it (including any attachments) immediately. You must not copy, distribute, disclose or use any of the information in it or any attachments. Telephone calls may be monitored or recorded.
Re: Knox X-Forwarded-For IP Policy
Posted by Ramesh Mani <rm...@hortonworks.com>.
I think we need to create the ranger policy exclusively to allow an ip or range of ips which we trust.
This is the case if I am not wrong, we get only the proxy ip and not the actual IP address if its a anonymous proxy ?
From: Larry McCay <lm...@hortonworks.com>>
Reply-To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Date: Wednesday, June 1, 2016 at 10:38 AM
To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Subject: Re: Knox X-Forwarded-For IP Policy
I think that we need to be careful to not add something even more spoofable than ip address.
This may be acceptable if you were to check not only the header but also that the ip is that of a known proxy.
On Jun 1, 2016, at 12:13 PM, Ramesh Mani <rm...@hortonworks.com>> wrote:
Tom,
Would you like to create a ranger jira and provide a patch for it?
Thanks,
Ramesh
From: "Ellis, Tom (Financial Markets IT)" <To...@LloydsBanking.com>>
Reply-To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Date: Wednesday, June 1, 2016 at 4:13 AM
To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Subject: Knox X-Forwarded-For IP Policy
Hi,
The Knox Ranger Plugin will use the request's remote address when authorizing at IP level, but this could obviously be a proxy. Is there any support for authorizing based on an X-Forwarded-For header (assuming this has been propagated down correctly)?
Cheers,
Tom Ellis
Consultant Developer - Excelian
Data Lake | Financial Markets IT
LLOYDS BANK COMMERCIAL BANKING
________________________________
E: Tom.Ellis@LloydsBanking.com<ma...@LloydsBanking.com>
Website: www.lloydsbankcommercial.com<http://www.lloydsbankcommercial.com/>
, , ,
Reduce printing. Lloyds Banking Group is helping to build the low carbon economy.
Corporate Responsibility Report:www.lloydsbankinggroup-cr.com/downloads<http://www.lloydsbankinggroup-cr.com/downloads>
Lloyds Banking Group plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC95000. Telephone: 0131 225 4555. Lloyds Bank plc. Registered Office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no. 2065. Telephone 0207626 1500. Bank of Scotland plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC327000. Telephone: 03457 801 801. Cheltenham & Gloucester plc. Registered Office: Barnett Way, Gloucester GL4 3RL. Registered in England and Wales 2299428. Telephone: 0345 603 1637
Lloyds Bank plc, Bank of Scotland plc are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority.
Cheltenham & Gloucester plc is authorised and regulated by the Financial Conduct Authority.
Halifax is a division of Bank of Scotland plc. Cheltenham & Gloucester Savings is a division of Lloyds Bank plc.
HBOS plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC218813.
This e-mail (including any attachments) is private and confidential and may contain privileged material. If you have received this e-mail in error, please notify the sender and delete it (including any attachments) immediately. You must not copy, distribute, disclose or use any of the information in it or any attachments. Telephone calls may be monitored or recorded.
Re: Knox X-Forwarded-For IP Policy
Posted by Larry McCay <lm...@hortonworks.com>.
I think that we need to be careful to not add something even more spoofable than ip address.
This may be acceptable if you were to check not only the header but also that the ip is that of a known proxy.
On Jun 1, 2016, at 12:13 PM, Ramesh Mani <rm...@hortonworks.com>> wrote:
Tom,
Would you like to create a ranger jira and provide a patch for it?
Thanks,
Ramesh
From: "Ellis, Tom (Financial Markets IT)" <To...@LloydsBanking.com>>
Reply-To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Date: Wednesday, June 1, 2016 at 4:13 AM
To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Subject: Knox X-Forwarded-For IP Policy
Hi,
The Knox Ranger Plugin will use the request’s remote address when authorizing at IP level, but this could obviously be a proxy. Is there any support for authorizing based on an X-Forwarded-For header (assuming this has been propagated down correctly)?
Cheers,
Tom Ellis
Consultant Developer – Excelian
Data Lake | Financial Markets IT
LLOYDS BANK COMMERCIAL BANKING
________________________________
E: Tom.Ellis@LloydsBanking.com<ma...@LloydsBanking.com>
Website: www.lloydsbankcommercial.com<http://www.lloydsbankcommercial.com/>
, , ,
Reduce printing. Lloyds Banking Group is helping to build the low carbon economy.
Corporate Responsibility Report:www.lloydsbankinggroup-cr.com/downloads<http://www.lloydsbankinggroup-cr.com/downloads>
Lloyds Banking Group plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC95000. Telephone: 0131 225 4555. Lloyds Bank plc. Registered Office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no. 2065. Telephone 0207626 1500. Bank of Scotland plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC327000. Telephone: 03457 801 801. Cheltenham & Gloucester plc. Registered Office: Barnett Way, Gloucester GL4 3RL. Registered in England and Wales 2299428. Telephone: 0345 603 1637
Lloyds Bank plc, Bank of Scotland plc are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority.
Cheltenham & Gloucester plc is authorised and regulated by the Financial Conduct Authority.
Halifax is a division of Bank of Scotland plc. Cheltenham & Gloucester Savings is a division of Lloyds Bank plc.
HBOS plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC218813.
This e-mail (including any attachments) is private and confidential and may contain privileged material. If you have received this e-mail in error, please notify the sender and delete it (including any attachments) immediately. You must not copy, distribute, disclose or use any of the information in it or any attachments. Telephone calls may be monitored or recorded.
Re: Knox X-Forwarded-For IP Policy
Posted by Ramesh Mani <rm...@hortonworks.com>.
Tom,
Would you like to create a ranger jira and provide a patch for it?
Thanks,
Ramesh
From: "Ellis, Tom (Financial Markets IT)" <To...@LloydsBanking.com>>
Reply-To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Date: Wednesday, June 1, 2016 at 4:13 AM
To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Subject: Knox X-Forwarded-For IP Policy
Hi,
The Knox Ranger Plugin will use the request's remote address when authorizing at IP level, but this could obviously be a proxy. Is there any support for authorizing based on an X-Forwarded-For header (assuming this has been propagated down correctly)?
Cheers,
Tom Ellis
Consultant Developer - Excelian
Data Lake | Financial Markets IT
LLOYDS BANK COMMERCIAL BANKING
________________________________
E: Tom.Ellis@LloydsBanking.com<ma...@LloydsBanking.com>
Website: www.lloydsbankcommercial.com<http://www.lloydsbankcommercial.com/>
, , ,
Reduce printing. Lloyds Banking Group is helping to build the low carbon economy.
Corporate Responsibility Report:www.lloydsbankinggroup-cr.com/downloads<http://www.lloydsbankinggroup-cr.com/downloads>
Lloyds Banking Group plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC95000. Telephone: 0131 225 4555. Lloyds Bank plc. Registered Office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no. 2065. Telephone 0207626 1500. Bank of Scotland plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC327000. Telephone: 03457 801 801. Cheltenham & Gloucester plc. Registered Office: Barnett Way, Gloucester GL4 3RL. Registered in England and Wales 2299428. Telephone: 0345 603 1637
Lloyds Bank plc, Bank of Scotland plc are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority.
Cheltenham & Gloucester plc is authorised and regulated by the Financial Conduct Authority.
Halifax is a division of Bank of Scotland plc. Cheltenham & Gloucester Savings is a division of Lloyds Bank plc.
HBOS plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC218813.
This e-mail (including any attachments) is private and confidential and may contain privileged material. If you have received this e-mail in error, please notify the sender and delete it (including any attachments) immediately. You must not copy, distribute, disclose or use any of the information in it or any attachments. Telephone calls may be monitored or recorded.