How to disable DELETE API


(Vijay Dodla) #1

Hi
I'm trying to disable DELETE API option from sense or via HTTP and was not
able to do it . My requirement is make DELETE API not available so that
user will not accidentally delete any index . I tried the following in .yml
file and restarted the server ,but still i'm able to DELETE any index .Is
there something i'm missing ?

Access-Control-Allow-Methods: OPTIONS, POST, GET, PUT
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Content-Length

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/cf3ca0be-7ea1-4c6d-af69-58dde27b1565%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


(Alexander Reelsen) #2

Hi,

Elasticsearch currently does not allow you to enable/disable specific HTTP
methods. If you need that kind of security, please use a nginx or another
webserver in front of Elasticsearch which does this.

--Alex

On Thu, Jul 24, 2014 at 4:50 PM, Vijay Dodla vijay.remedy@gmail.com wrote:

Hi
I'm trying to disable DELETE API option from sense or via HTTP and was not
able to do it . My requirement is make DELETE API not available so that
user will not accidentally delete any index . I tried the following in .yml
file and restarted the server ,but still i'm able to DELETE any index .Is
there something i'm missing ?

Access-Control-Allow-Methods: OPTIONS, POST, GET, PUT
Access-Control-Allow-Headers: X-Requested-With, Content-Type,
Content-Length

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/cf3ca0be-7ea1-4c6d-af69-58dde27b1565%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/cf3ca0be-7ea1-4c6d-af69-58dde27b1565%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAGCwEM-7tAHcW71XFdoWBdNkcFgFy6CWPr%2BkYTCr_2k6_dz%3Dow%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


(Vijay Dodla) #3

Thanks Alexander . Not sure why we have setting in .yml file for
Access-Control-Allow-Methods: OPTIONS, POST, GET, PUT . This raises
question on the configuration usage .

On Mon, Aug 4, 2014 at 3:31 AM, Alexander Reelsen alr@spinscale.de wrote:

Hi,

Elasticsearch currently does not allow you to enable/disable specific HTTP
methods. If you need that kind of security, please use a nginx or another
webserver in front of Elasticsearch which does this.

--Alex

On Thu, Jul 24, 2014 at 4:50 PM, Vijay Dodla vijay.remedy@gmail.com
wrote:

Hi
I'm trying to disable DELETE API option from sense or via HTTP and was
not able to do it . My requirement is make DELETE API not available so that
user will not accidentally delete any index . I tried the following in .yml
file and restarted the server ,but still i'm able to DELETE any index .Is
there something i'm missing ?

Access-Control-Allow-Methods: OPTIONS, POST, GET, PUT
Access-Control-Allow-Headers: X-Requested-With, Content-Type,
Content-Length

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/cf3ca0be-7ea1-4c6d-af69-58dde27b1565%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/cf3ca0be-7ea1-4c6d-af69-58dde27b1565%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the
Google Groups "elasticsearch" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/elasticsearch/F7m2eTP2GOA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CAGCwEM-7tAHcW71XFdoWBdNkcFgFy6CWPr%2BkYTCr_2k6_dz%3Dow%40mail.gmail.com
https://groups.google.com/d/msgid/elasticsearch/CAGCwEM-7tAHcW71XFdoWBdNkcFgFy6CWPr%2BkYTCr_2k6_dz%3Dow%40mail.gmail.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
Thanks,
Vijay Dodla.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CADw3ZMQ%3Dmc--TGTxRru2H5vu5T6__W%2Bk7-ZsYB-qgvJ6Gi374Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


(Jörg Prante) #4

The options are for cross origin resource sharing (CORS) only

http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/modules-http.html#modules-http

Jörg

On Mon, Aug 4, 2014 at 3:27 PM, Vijay Dodla vijay.remedy@gmail.com wrote:

Thanks Alexander . Not sure why we have setting in .yml file for
Access-Control-Allow-Methods: OPTIONS, POST, GET, PUT . This raises
question on the configuration usage .

On Mon, Aug 4, 2014 at 3:31 AM, Alexander Reelsen alr@spinscale.de
wrote:

Hi,

Elasticsearch currently does not allow you to enable/disable specific
HTTP methods. If you need that kind of security, please use a nginx or
another webserver in front of Elasticsearch which does this.

--Alex

On Thu, Jul 24, 2014 at 4:50 PM, Vijay Dodla vijay.remedy@gmail.com
wrote:

Hi
I'm trying to disable DELETE API option from sense or via HTTP and was
not able to do it . My requirement is make DELETE API not available so that
user will not accidentally delete any index . I tried the following in .yml
file and restarted the server ,but still i'm able to DELETE any index .Is
there something i'm missing ?

Access-Control-Allow-Methods: OPTIONS, POST, GET, PUT
Access-Control-Allow-Headers: X-Requested-With, Content-Type,
Content-Length

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/cf3ca0be-7ea1-4c6d-af69-58dde27b1565%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/cf3ca0be-7ea1-4c6d-af69-58dde27b1565%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the
Google Groups "elasticsearch" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/elasticsearch/F7m2eTP2GOA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
elasticsearch+unsubscribe@googlegroups.com.

To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CAGCwEM-7tAHcW71XFdoWBdNkcFgFy6CWPr%2BkYTCr_2k6_dz%3Dow%40mail.gmail.com
https://groups.google.com/d/msgid/elasticsearch/CAGCwEM-7tAHcW71XFdoWBdNkcFgFy6CWPr%2BkYTCr_2k6_dz%3Dow%40mail.gmail.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
Thanks,
Vijay Dodla.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CADw3ZMQ%3Dmc--TGTxRru2H5vu5T6__W%2Bk7-ZsYB-qgvJ6Gi374Q%40mail.gmail.com
https://groups.google.com/d/msgid/elasticsearch/CADw3ZMQ%3Dmc--TGTxRru2H5vu5T6__W%2Bk7-ZsYB-qgvJ6Gi374Q%40mail.gmail.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAKdsXoGN2iGyQ%3DdDQsyU%3DWERyZVs9AWRG7n%2Buge-xzN-ONf5cA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


(Alexander Reelsen) #5

Hey,

CORS is not about doing anything secure from a data point of view, but
about telling the browser how to behave. Does not have any impact on the
elasticsearch side. See http://www.html5rocks.com/en/tutorials/cors/

--Alex

On Mon, Aug 4, 2014 at 7:01 PM, joergprante@gmail.com <joergprante@gmail.com

wrote:

The options are for cross origin resource sharing (CORS) only

http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/modules-http.html#modules-http

Jörg

On Mon, Aug 4, 2014 at 3:27 PM, Vijay Dodla vijay.remedy@gmail.com
wrote:

Thanks Alexander . Not sure why we have setting in .yml file for
Access-Control-Allow-Methods: OPTIONS, POST, GET, PUT . This raises
question on the configuration usage .

On Mon, Aug 4, 2014 at 3:31 AM, Alexander Reelsen alr@spinscale.de
wrote:

Hi,

Elasticsearch currently does not allow you to enable/disable specific
HTTP methods. If you need that kind of security, please use a nginx or
another webserver in front of Elasticsearch which does this.

--Alex

On Thu, Jul 24, 2014 at 4:50 PM, Vijay Dodla vijay.remedy@gmail.com
wrote:

Hi
I'm trying to disable DELETE API option from sense or via HTTP and was
not able to do it . My requirement is make DELETE API not available so that
user will not accidentally delete any index . I tried the following in .yml
file and restarted the server ,but still i'm able to DELETE any index .Is
there something i'm missing ?

Access-Control-Allow-Methods: OPTIONS, POST, GET, PUT
Access-Control-Allow-Headers: X-Requested-With, Content-Type,
Content-Length

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/cf3ca0be-7ea1-4c6d-af69-58dde27b1565%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/cf3ca0be-7ea1-4c6d-af69-58dde27b1565%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the
Google Groups "elasticsearch" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/elasticsearch/F7m2eTP2GOA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
elasticsearch+unsubscribe@googlegroups.com.

To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CAGCwEM-7tAHcW71XFdoWBdNkcFgFy6CWPr%2BkYTCr_2k6_dz%3Dow%40mail.gmail.com
https://groups.google.com/d/msgid/elasticsearch/CAGCwEM-7tAHcW71XFdoWBdNkcFgFy6CWPr%2BkYTCr_2k6_dz%3Dow%40mail.gmail.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
Thanks,
Vijay Dodla.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CADw3ZMQ%3Dmc--TGTxRru2H5vu5T6__W%2Bk7-ZsYB-qgvJ6Gi374Q%40mail.gmail.com
https://groups.google.com/d/msgid/elasticsearch/CADw3ZMQ%3Dmc--TGTxRru2H5vu5T6__W%2Bk7-ZsYB-qgvJ6Gi374Q%40mail.gmail.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CAKdsXoGN2iGyQ%3DdDQsyU%3DWERyZVs9AWRG7n%2Buge-xzN-ONf5cA%40mail.gmail.com
https://groups.google.com/d/msgid/elasticsearch/CAKdsXoGN2iGyQ%3DdDQsyU%3DWERyZVs9AWRG7n%2Buge-xzN-ONf5cA%40mail.gmail.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAGCwEM_Zq%2BaUv8rCpnad5Q0H5Qzp0oXjPA-4QQZezkyOJe4S7A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


(system) #6