Elasticsearch security

I know this's kinda a silly question. But how I can secure elasticsearch server in the front end view. For example, I have to collect the user's data in the front and, that being said, every time user clicks a button or write something, we send the post request including the the data to the elasticsearch server to process.
So go back to the question, how can I protect the server while it has to be public to be used.
Should I make and proxy between the two, or any suggestion?


We'd recommend you use https://www.elastic.co/guide/en/x-pack/current/xpack-security.html

Normally you have an application in the middle. The application communicates with elasticsearch. Not the end user.

I mean that I'd not expose my elasticsearch instance to the public directly. Like a database which is normally running in the backend network.

X-Pack (commercial) is something you need to look at wherever you put elasticsearch (back or front).

My 2 cents

Thanks for all the recommendations, but still, even I have an application/server in the middle, if the hacker gets the pattern of the request in frontend, they can easily make more request and spam our, like add more document into the database. And elastic can't help with that.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.