Ruben, You could also put a proxy in front of NiFi to control access, like nginx [1]. To build on Koji's response, the host running NiFi can be firewalled off from external access, with a rule to only allowing the proxy to communicate with NiFI.
There are some instructions [2] in the NiFi System Administration guide for configuring a proxy to work with NiFi. Please let us know if you have more questions! [1] https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-tcp/ [2] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#proxy_configuration On Wed, Jun 6, 2018 at 2:35 AM Koji Kawamura <[email protected]> wrote: > Hi Ruben, > > I am not aware of any configuration to do that at NiFi side, I believe > NiFi doesn't have that. > I usually do access control based on client IP addresses by FireWall. > > 'iptables' is the standard one for Linux. You can find many examples > on the internet to configure iptables. > If you are using IaaS cloud services such as AWS EC2 or Azure VM > instances, then you can apply such access control at 'Security Group' > configuration. > > Thanks, > Koji > > On Wed, Jun 6, 2018 at 7:46 AM, Ruben Barrios <[email protected]> > wrote: > > Hello NiFi team, > > > > My name is Ruben, I'm working with NiFi 1.6.0 in Stand Alone mode. > > > > I have a question about WebUI access, it's possible to block incoming > > connections to 8080 port based on specific IP's or a Subnet? > > > > For Example: > > Dev team is on IPs 172.0.1.5 to 172.0.1.10, > > Testing team is on 172.0.1.11 to 172.0.1.20 > > > > Is any option to allow access only to IPs from Dev Team? > > > > Thank you! > > > > Rubén Barrios >
