Read Only Configuration

Hi all,
I want to implement a read only dashboard using a reverse proxy and limiting the request's type.
In the documentation of EE I course I read that
‒ only allow GET, HEAD, and OPTIONS requests for the particular Kibana instances that are desired to be read-only"
But inspecting the requests when access to the dashboard (via iframe) some other methods are used. for example:

"POST-/api/saved_objects/_bulk_get
"POST-/elasticsearch/_msearch"

and If I restrict the POST method the dashboard are not dot displayed correclty.
Is this information correct?
Thank you
Regards
Ana

Hey @Anabella_Cristaldi, I wouldn't recommend securing Kibana/ES using a reverse-proxy, it can get really complicated. I'd suggest researching https://www.elastic.co/guide/en/x-pack/current/elasticsearch-security.html

Hi @Brandon_Kobel ,
Thanks for you reply. I know that the best way to secure Kibana/Elastic is the X-Pack, but we do not have the licence; so I was trying to apply some tips that is in the documentation of the Elastic Engineer Course I : to only allow GET, HEAD and OPTIONS; but those methods are not enough in order to get my dashboards working.
Thank you
Regards
Ana

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.