Kibana/ES security: full proxy mode?

mguiwin · April 1, 2016, 10:03am

Hello,

It seems like Kibana calls ES APIs directly from the browser, through a proxified ES endpoint (e.g.,
/kibana/elasticsearch/_mget...). That Kibana ES proxy allows accessing any ES URL, including plugins (e.g., /kibana/elasticsearch/_plugin/kopf/#!/cluster).

This makes it hard to make Kibana secured and "read-only" using a reverse proxy (for those not opting for Shield), and prevent users from calling ES APIs directly (even though they are proxified by Kibana).

I know that Grafana has a setting "Access" with options:
Proxy = access via Grafana backend, Direct = access directory from browser.

Would not that be possible to have a similar option in Kibana, so Kibana would do server-to-server calls to ES APIs, without exposing all ES functions to end-users?

Thanks,
MG

tylersmalley · April 1, 2016, 8:47pm

Our future plans for Kibana are to remove the proxy in favor of a more restricted REST API. Doing so allows for more control over the data and compatibility surface-area with ES.

Topic		Replies	Views
Is it possible to create proxy server between elasticsearch and kibana? Kibana	5	1942	January 19, 2020
Accessing Elastic Search sitting behind secure proxy Kibana	2	3190	July 6, 2017
Kibana Client Talk to ES Directly? Kibana	4	1177	December 29, 2016
Kibana access to Elasticsearch through a Proxy Kibana	2	3211	July 6, 2017
Reverse Proxy & Security Questions Kibana elastic-stack-security	4	462	January 25, 2021

Kibana/ES security: full proxy mode?

Related topics