Read Only Configuration

Anabella_Cristaldi · December 12, 2018, 3:41pm

Hi all,
I want to implement a read only dashboard using a reverse proxy and limiting the request's type.
In the documentation of EE I course I read that
‒ only allow GET, HEAD, and OPTIONS requests for the particular Kibana instances that are desired to be read-only"
But inspecting the requests when access to the dashboard (via iframe) some other methods are used. for example:

"POST-/api/saved_objects/_bulk_get
"POST-/elasticsearch/_msearch"

and If I restrict the POST method the dashboard are not dot displayed correclty.
Is this information correct?
Thank you
Regards
Ana

Brandon_Kobel · December 12, 2018, 9:01pm

Hey @Anabella_Cristaldi, I wouldn't recommend securing Kibana/ES using a reverse-proxy, it can get really complicated. I'd suggest researching https://www.elastic.co/guide/en/x-pack/current/elasticsearch-security.html

Anabella_Cristaldi · December 13, 2018, 8:24am

Hi @Brandon_Kobel ,
Thanks for you reply. I know that the best way to secure Kibana/Elastic is the X-Pack, but we do not have the licence; so I was trying to apply some tips that is in the documentation of the Elastic Engineer Course I : to only allow GET, HEAD and OPTIONS; but those methods are not enough in order to get my dashboards working.
Thank you
Regards
Ana

system · January 10, 2019, 8:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.