My company use free version of Elasticsearch software so no security on it. Our Elasticsearch server is running on internal network and internet user cannot access to it. We have a public app need to call Elasticsearch API to fetch some data. Therefore, I use api gateway/reverse proxy to expose one index's search api endpoint.
My concern is data integrity. data is public and I don't mind user view the whole data. But I don' t want user to update record or delete index through the search api endpoint http://myelasticserver:9200/myindex/_search. Technically, user can post anything to the search api endpoint.
can anybody confirm that the index search api endpoint is read only? Thanks!
Need to configure privileges on a given user role. Configuring via Kibana: Kibana > Stack Management > Roles > Privileges.
Setting to be given for the user role is "read". As a result, methods such as PUT or POST cannot be used.
Index blocks prevent certain operations from all users. That is, if read-only block is set, no one can write to the index including your admin users. Depending on your use case, this may or may not be an issue.
can anybody confirm that the index search api endpoint is read only?
It should be read only. It will be a bug if it can be used for any mutation.
For your use case, I think turning on security and enabling anonymous access with read only privilege are probably your best bet. It means you get full security protections and extrenal users can only ever read data (via anonymous access).
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.