I have a very strange issue with a newly setup 3-node 5.1.1 cluster (with X-Pack basic installed). Normally I access the ES HTTP port through an Apache reverse proxy. This works fine for most actions, I can use Sense or HQ with no problem.
But when I try to DELETE an index, Elasticsearch responds with a 403 Forbidden. I can't find any explanation, not in the response nor in the logs. I can execute the same request with cURL against the localhost Elastic HTTP port, and there the request succeeds.
I made sure that it is not the reverse proxy that is blocking the request, I can see the request arriving in Elasticsearch when tracing the localhost traffic behind the proxy.
I'm out of options to try, and I totally fail to understand what is going on here. Does anybody have an explanation for this?