Unauthenticated HTTP GET request for load balancing

We have Elasticsearch behind a load balancer that only supports HTTP GET health checks.
Security is enabled

Are there any existing (7.3.0+) API/paths that will respond to an unauthenticated HTTP GET request (while security is enabled)?

Currently we use the anonymous role to grant access to the base path i.e. https://node:port
but some people get nervous when there is talk of anonymous anything, so we were considering removing said anonymous access.

We like our current load balancer, so don't want to switch LBs just for TCP health checks. Adding TCP health checks is an open feature request with the current LB.

If there isn't an existing API/path should there be? That is, should this be a feature request?


I don't understand the distinction you're making between "anonymous" and "unauthenticated". The people who get nervous around talk of anonymous access are surely also nervous about unauthenticated access?

Rather than expecting a response to an unauthenticated request, can your current load balancer not make authenticated health check requests? For instance, you may be able to include the username and password in the URL: https://user:password@node:port/, or you may be able to pass the Authorization header directly. The latter is how to do it in HAProxy AIUI.