I want to implement a read only dashboard using a reverse proxy and limiting the request's type.
In the documentation of EE I course I read that
‒ only allow GET, HEAD, and OPTIONS requests for the particular Kibana instances that are desired to be read-only"
But inspecting the requests when access to the dashboard (via iframe) some other methods are used. for example:
and If I restrict the POST method the dashboard are not dot displayed correclty.
Is this information correct?
Hey @Anabella_Cristaldi, I wouldn't recommend securing Kibana/ES using a reverse-proxy, it can get really complicated. I'd suggest researching https://www.elastic.co/guide/en/x-pack/current/elasticsearch-security.html
Hi @Brandon_Kobel ,
Thanks for you reply. I know that the best way to secure Kibana/Elastic is the X-Pack, but we do not have the licence; so I was trying to apply some tips that is in the documentation of the Elastic Engineer Course I : to only allow GET, HEAD and OPTIONS; but those methods are not enough in order to get my dashboards working.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.