nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Curtis Ruck <>
Subject Re: X-Forwarded-Context whitelisting not working
Date Wed, 15 May 2019 20:46:15 GMT
Yes, went through that guide with a fine tooth comb.  Then started enabling
debug logging and comparing log outputs.

The telling factor in the logs were these lines (/nifi1 in Sanitize and
nothing in CatchAll).

o.a.n.w.filter.SanitizeContextPathFilter - SanitizeContextPathFilter
received provided whitelisted context paths from NiFi properties: /nifi1
o.a.n.w.filter.CatchAllFilter - CatchAllFilter  [index.jsp] received
provided whitelisted context paths from NiFi properties:

Then investigation into how whitelistedContextPaths gets set revealed the
likely culprit is the lack of a super.init(filterConfig) inside

Curtis Ruck

On Wed, May 15, 2019 at 8:50 AM Matt Gilman <> wrote:

> Curtis,
> I haven't set this up recently but it was working the last time I tried
> it. Just wanted to ensure you that were following the guidance in our admin
> guide for standing up instances behind a proxy [1].
> Matt
> [1]
> On Tue, May 14, 2019 at 6:17 PM Curtis Ruck <> wrote:
>> I am attempting (unsuccessfully) to configure multiple numbered
>> unclustered nifi instances behind a single reverse proxy vhost (external
>> limitations on single vhost and no clustering)
>> In my reverse proxy I have X-Forwarded-Context set and in debug logging
>> both CatchAllFilter and SanitizeContextPathFilter see the passed context
>> (/nifi1 ... /nifiN).  In debug logging though, CatchAllFilter isn't seeing
>> any items from getWhitelistedContextPath() where as
>> SanitizeContextPathFilter does show the items in the
>> getWhitelistedContextPath().
>> Since CatchAllFilter extends SanitizeContextPathFilter, it should work
>> except CatchAllFilter isn't calling super.init() which means the
>> private whitelistedContextPaths never gets initialized.
>> Has anyone gotten Nifi working at a nested context path i.e.
>> (/nifi1/nifi, /nifi1/nifi-api)?
>> --
>> Curtis Ruck

View raw message