Configure HSTS for HBase Web UIs

You can configure HBase to include HTTP headers to enforce the HTTP Strict Transport Security (HSTS) ensuring that a web browser does not load the service information using HTTP.

Additionally, all attempts to load the information using HTTP will automatically be converted to HTTPS.
  1. Go to the HBase service.
  2. Click the Configuration tab.
  3. Select Advanced under Category.
  4. Set the following HSTS credentials in HBase Service Advanced Configuration Snippet (Safety Valve) for hbase-site.xml.
    <property>
    <name>hbase.http.filter.hsts.value</name>
    <value>max-age=63072000;includeSubDomains;preload</value>
    </property>
    <property>
    <name>hbase.http.filter.csp.value</name>
    <value>default-src https: data: 'unsafe-inline' 'unsafe-eval'</value>
    </property>
    
  5. Restart the HBase service.