Redirect URLs that detect vulnerabilities to kibana HomePage or change their content to 404

Septianingrum.17 · March 5, 2024, 4:42am

Dear All,

I have 3 elasticsearh, 2 kibana and 2 logtsash in 1 cluster with versions elasticsearch and kibana 8.11.3

after carrying out a VA scan on the ELK cluster, the vulnerabilities "Web Server Misconfiguration: Unprotected File" and "Privacy Violation" were detected for the same URL, namely: https://IpAddress:443/68312/bundles/plugin/ apm/1.0.0/apm.chunk.5.js

is it possible to redirect this URL to Kibana Homepage? or change the contents of the URL so that when opened it becomes 404?

Thankyou,
Regards,
Septia

Septianingrum.17 · March 6, 2024, 2:29am

Can anyone help me resolve this issue?

tsullivan · March 19, 2024, 5:39pm

It would be beneficial to set up a reverse proxy. That would allow end users to access the Kibana service through a configurable portal. An advantage with reverse proxies is that they can be tailored with specific redirect rules, like the kind you’re interested in.

system · April 16, 2024, 5:39pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
KeyCloak redirect_uri gives 404 page not found error Kibana elastic-stack-security	3	198	November 3, 2022
Kibana reverse proxy Kibana	5	904	January 13, 2021
Kibana error loop redirect login page - when config server.basePath Kibana	2	3841	June 26, 2019
Elastic Stack 7.13.0 and 6.8.16 Security Update Security Announcements	1	10212	November 4, 2022
Reverse Proxy Kibana	4	489	September 11, 2019

Redirect URLs that detect vulnerabilities to kibana HomePage or change their content to 404

Related Topics