How to protect Kibana 4 dashboards using apache httpd?

gustavomr · August 31, 2015, 10:52pm

Hi, we're trying to protect some dashboards using apache httpd but we don't have any URL that identify the dashboard as an unique resource.

Using Chrome dev tools we could see that when a dashboard is requested the url contains: /elasticsearch/.kibana/dashboard, but the dashboard requested is a json parameter submitted to elasticsearch. So, we need to identify the url as unique to protect it on apache httpd.

I tried to use thie article: http://wiki.linuxwall.info/doku.php/en:ressources:astuces:kibana4_nginx and rewrite the same rules on apache httpd but without success.

Any ideas how to do this? By the way, we cannot use Shield.

tinle · September 1, 2015, 5:25pm

You will need to setup ... protection. I use nginx to do similar.

gustavomr · September 1, 2015, 5:33pm

Could you provide more details on how you do this?
Why cant I use apache httpd?

tinle · September 2, 2015, 12:00am

You can use Apache. Personally I prefer nginx as it is smaller, lighter weight, and more secure.

Essentially, you are going to be using a web server (whether Apache or nginx) as a proxy. You can control what you allow through the proxy.

My nginx configs are a little bit complicated at the moment and contain corporate settings. So I'll need to clean it up before I can release it.

The basic thing is to protect URL that points to your dashboard.

In nginx, use the location directive:

location ~ ^/(kibana(-int)?|kibana-int-.*?)/(?:dashboard|temp)/dashboard-you-want-to-protect {
auth_ldap "Authorized personnel only";
auth_ldap_server my-ldap-server;
}

Something like that, but more....

gustavomr · September 2, 2015, 12:14am

Hi, but this configuration made on nginx works with kibana 4? Because, as I know this is a url schema from kibana 3.

tinle · September 2, 2015, 12:27am

Yes, I grabbed it from my kibana3 config section. I am running both k3 and k4 in the same nginx config.

Regardless, it is intended as an example. The same concept work for K4.

gustavomr · September 2, 2015, 12:32am

Thanks! I"ll try it doing similar on Apache and post the results.

gustavomr · September 2, 2015, 11:42am

Are you sure that this configuration works on kibana 4? I tried to do this on apache and not working. I got this concept but Kibana 4 works with Rest in order to get dashboard configuration.

michelbragaguimaraes · March 11, 2016, 1:52pm

I have used this same article in order to block the settings session of my kibana.

I used this article to configure my nginx, and when I click on menu settings, it asks for the password, but if I cancel the login popup without actually login, I can still change anything I want on this session.

Can someone help me? I didn't find nothing to guide me through this.

Thx anyway!!

dfaropennetwork · March 19, 2016, 1:36am

i can help you with apache

michelbragaguimaraes · March 23, 2016, 6:35pm

Hey man...
Bout the apache, how would it be.

Can you teach me?

Already appreciate any kind of help

dfr0 · March 24, 2016, 12:35am

Sure not problem, i can try to help you

I've two users :D, same person