Pivotal Knowledge Base

Follow

Encountered Error "CSRF protection is turned on." While Deleting HAWQ Services from Ambari

Environment

 Product  Version
 Pivotal HDB  2.x

Purpose

This article discusses -

1 - What is CSRF protection?

2 - Why CSRF protection does not allow deleting HAWQ services from Ambari?

3 - How to disable CSRF protection in Ambari?

Cause

Cross-Site Request Forgery (CSRF) is a class of attack that forces an end user to execute unwanted actions on Ambari. Wikipedia describes it as a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts.

CSRF attack attempts to force a user to execute functionality without their knowledge. These types of attacks are possible in Ambari through as it exposes REST endpoint. To avoid CSRF attacks, Ambari has enabled API CSRF protection by default.

CSRF hinders when an administrator tries to delete HAWQ service from Ambari.

Procedure

Remove HAWQ service

To remove HAWQ services, we use the following command -

curl -s -u admin:admin -H “X-Requested-By: Ambari” -X DELETE http://<ambari-server>:<port>/api/v1/clusters/<your_cluster_name>/services/HAWQ

Error Snippet

curl -s -u admin:admin -H “X-Requested-By: Ambari” -X DELETE http://<ambari-server>:<port>/api/v1/clusters/<your_cluster_name>/services/HAWQ

{

  "status" : 400,

  "message" : "CSRF protection is turned on. X-Requested-By HTTP header is required."

}

To solve this problem, we have to disable CSRF protection in Ambari 

WARNING: Please make sure disabling CSRF meets your security requirements. If not, after deleting the HAWQ service, please revert the changes to disable CSRF.

This is the process to be followed:

  1. Open /etc/ambari-server/conf/ambari.properties in edit mode.
  2. Add config property api.csrfPrevention.enabled=false at the end of the file, if not already present.
  3. Restart Ambari server using ambari-server restart.
  4. You should now be able to delete the HAWQ service now. 

 

 

Comments

Powered by Zendesk