Allow all from localhost but login required in Kibana

security

(sqpdln) #1

Hi,

I have a rather simple use case.

I want Kibana (localhost:5601) to require login.
But I also want all my api's running on localhost that integrate with Elasticsearch to be able to communicate without authentication.

I've been experimenting with ip filtering and anonymous access, but can't really make it work.

I'm using Kibana 4.1.2.

What would be the best approach here?

Thanks.


(Steve Kearns) #2

While that may sound like a simple use-case, the configuration you describe isn't secure - anyone who can access the box and make requests to localhost would be able to wreak havoc with your cluster.

Instead, have you considered setting up an administrator account and/or using PKI (certificate-based authentication) for your administrative needs?


(system) #3