IP filtering


(tybreizh29) #1

Hi
I want to limit access to my ElasticSearch to 4 machines.
My server is Leila (not Leia :confused: i always thought is was Leila but in real it's Leia :confounded:).
All others are just here to post data in it.
Below is my elasticsearch.yml file, and there is no IP filtering with it.I can access http on any machine

network.host: leila
shield.transport.filter.enabled: true
shield.transport.filter.allow: [ "leila", "localhost" ]
shield.transport.filter.deny: _all

transport.profiles.client.shield.filter.enabled: true
transport.profiles.client.shield.filter.allow: [ "leila", "localhost" ]
transport.profiles.client.shield.filter.deny: _all

shield.http.filter.enabled: true
shield.http.filter.allow: [ "leila", "yoda", "darkvador", "amidala", "localhost" ]
shield.http.filter.deny: _all

I tried with

network.host: 127.0.0.1

but then no one can access E.S. with http.
what's wrong ?
thanks for your help.
marc


(David Pilato) #2

If you define network.host to 127.0.0.1, you'll be able to access your instance only using 127.0.0.1 address, which means only access locally.

Try to change that to the network card IP address.


(tybreizh29) #3

I already tried that.

that's what I did, but it's world open when i do that.


(David Pilato) #4

But Shield will then filter allowed IP addresses, right?


(tybreizh29) #5

changing network.host:localhost to network.host:leila disable the localhost only access.
but what i was expecting from

shield.http.filter.enabled: true
shield.http.filter.allow: [ "leila", "yoda", "darkvador", "amidala", "localhost" ]
shield.http.filter.deny: _all

was to disable all http access except for the 4 machines in the allow line.

in real, the 4 machines are allowed, but also any other machine on the Internet, that's not expected.


(tybreizh29) #6

ok, shame on me :confused:

to use shield, install shield BEFORE ...

bin/plugin install license
bin/plugin install shield

i need some holidays ...


(system) #7