I encountered three security-related issues when using elasticserrch version 7.6.1. Thank you for your help

I encountered three security-related issues when using elasticserrch version 7.6.1. Thank you for your help.

  1. How does elasticserrch configure http response headers, such as X-Content-Type-Options, X-XSS-Protection, Content-Security-Policy, Strict-Transport-Security, etc.
  2. How does elasticserrch solve this security scanning problem "The target host may have a slow HTTP denial of service attack detected"
  3. Are elasticserrch and http OPTIONS methods necessary? Where is he used? Can it be closed?

thank!

This part of the forums is primarily for security related things such as endpoints, SIEM, etc...

You would probably be better off posting to:

And using the tags of elastic-stack-security

You can also search around here or on google for some some of those keywords and there's a lot of forum posts explaining the content security policies and how you can change them to suit your needs such as this one:

Either way, welcome, and good luck on your journeys and when it comes to security, I would always recommend using our latest versions of the stack as well :wink:

1 Like