Greetings,
I'm trying to design some Kibana dashboards for my team, but I don't want them editing the dashboard or deleting them.
My Kibana is currently situated behind Nginx and only accessible on localhost. What would happen if Nginx blocked all PUT and POST requests? I could only see those requests being useful to edit dashboards. Am I missing something?
I don't want to use Shield for ... reasons.
Sorry if this is a silly question.
Kind regards,
JaminVP
You could block requests going directly to KB, but not from KB>ES as that'd probably catch queries.
After some experimentation I figured that blocking all POST/PUT requests blocked pretty much everything. To fix this I managed to use NGINX to block URL's with the regexp comparators. Note how the code is extremely dirty (almost disgustingly so) due to NGINX's bad implementation of an if directive.
In Nginx.conf:
if ($request_uri ~ ^/elasticsearch/.kibana/dashboard/.) {
set $test K;
}
if ($request_uri !~ ^/elasticsearch/.kibana/dashboard/_search.) {
set $test "${test}K";
}
if ($test = KK){
return 403;
}
This blocks all requests to permanently change/delete the dashboard saved on the server, but still allows opening all available ones or temporarily change dashboards to then export/import them.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.