Elasticsearch Accessible Without Authentication

How can we close or secure the accessibility of Elasticsearch? We are using Ubuntu servers and are using Elasticsearch 6.7.2. We are a custom Angular front end. Anybody seems to be able to reach or manipulate or do anything to the Elastic program if they have the host names. How can we go about updating or changing this.

From 6.8 some security features are available with the basic default license.

Are there any with the 6.7.2 open source version? Or is there something that can be recommended for this version?

Upgrading should be easy.

Does the 7.2 version have basic authentication features that are free?

Also what would be the steps to upgrade from 6.7.2. (installed).

How can we configure the basic authentication in the upgraded version?

Yes. But you should upgrade then to 7.4.

Also what would be the steps to upgrade from 6.7.2. (installed).

Read https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-upgrade.html

How can we configure the basic authentication in the upgraded version?

Read https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-security.html

Thank you very much. Much appreciated.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.