阿川CH
学海无涯,上栽上栽!
Toggle navigation
阿川CH
主页
归档
标签
Web Application Proxy 介绍
2018-04-16 17:01:35
0
0
0
cqc
## 介绍 > The Web Application Proxy is part of YARN. By default it will run as part of the Resource Manager(RM), but can be configured to run in stand alone mode. The reason for the proxy is to reduce the possibility of web based attacks through YARN. Web Application Proxy是YARN的一部分。 默认情况下,它将作为资源管理器(RM)的一部分运行,但可以配置为以独立模式运行。使用代理的原因是可以减少基于web攻击的可能性。 > In YARN the Application Master(AM) has the responsibility to provide a web UI and to send that link to the RM. This opens up a number of potential issues. The RM runs as a trusted user, and people visiting that web address will treat it, and links it provides to them as trusted, when in reality the AM is running as a non-trusted user, and the links it gives to the RM could point to anything malicious or otherwise. The Web Application Proxy mitigates this risk by warning users that do not own the given application that they are connecting to an untrusted site. 在YARN中,AM负责提供Web UI并将该链接发送给RM。 这带来了一些潜在的问题。 RM以可信用户的身份运行,访问该Web地址的用户将对其进行处理,并将其作为可信任用户提供给他们的链接,但实际上,AM作为不可信用户运行,并且其提供给RM的链接可能会 指向任何恶意或其他方面。 Web应用程序代理通过警告不拥有指定应用程序的用户连接到不受信任的站点来缓解此风险。 > In addition to this the proxy also tries to reduce the impact that a malicious AM could have on a user. It primarily does this by stripping out cookies from the user, and replacing them with a single cookie providing the user name of the logged in user. This is because most web based authentication systems will identify a user based off of a cookie. By providing this cookie to an untrusted application it opens up the potential for an exploit. If the cookie is designed properly that potential should be fairly minimal, but this is just to reduce that potential attack vector. 除此之外,代理还会尝试减少恶意AM可能对用户造成的影响。 它主要是通过从用户中删除cookie,并用提供登录用户的用户名的单个cookie替换它们。 这是因为大多数基于Web的认证系统都会根据cookie来识别用户。 通过将这个cookie提供给不受信任的应用程序,它可以开发利用漏洞。 如果cookie的设计正确,该潜力应该相当小,但这只是为了减少潜在的攻击媒介。 说白了,`Web Application Proxy`是yarn到AM的中间桥梁,在yarn的ui上,当点击`Tracking UI`时,是经过了`Web Application Proxy`的跳转  ## 启动 `$HADOOP_YARN_HOME/sbin/yarn-daemon.sh start proxyserver` ## 参考 [Apache Web Application Proxy](http://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-site/WebApplicationProxy.html)
上一篇:
正确移除hadoop集群中节点步骤
下一篇:
Antlr4学习
文档导航
cqc
cqc