we have been using elasticsearch for many products in our organization. And one recommendation that we have always given our developers is to make sure that the elasticsearch is definitely not exposed directly to the internet. Gladly, the devs have adhered to it.
However, recently we came across a situation where we have search functionality on a website which speaks to a service in the backend. This service then directly searches somethings in the underlying ES.
We have had similar situations in the past, where we used to simply ask the devs to rate limit the search functionality as it may overload the searches and make the ES itself slow for all the other services interacting with it and we were good with it.
However, now I am more inclined towards understanding
- How exactly would the ES instance get slowed down if the searches are not really rate limited ?
- How is this any different from a huge number of non rate limited queried on any RDMS ?
I did find this ES security guidelines
Understand that it is quite possible to write a
_searchthat overwhelms Elasticsearch and brings down the cluster.
Would be great if someone could please help me understand how exactly is the above possible.