Comments (5)
Thanks for reporting @ivukotic I'll have a look asap.
from elasticsearch-readonlyrest-plugin.
@ivukotic here you go buddy.
https://github.com/sscarduzio/elasticsearch-readonlyrest-plugin/blob/master/download/elasticsearch-readonlyrest-v1.4_es-v2.0.0.zip?raw=true
from elasticsearch-readonlyrest-plugin.
Hi,
that was really quick! Thanks a lot.
while you are at it… I noticed that the plugin blocks Marvel (and Marvel is for free in ES2).
I happens due to Marvel issuing POSTs directly from a users browser. Would you think there is a way to recognize it?
Thanks,
Ilija
On Nov 10, 2015, at 9:08 , Simone Scarduzio <[email protected]mailto:[email protected]> wrote:
@ivukotichttps://github.com/ivukotic here you go buddy.
https://github.com/sscarduzio/elasticsearch-readonlyrest-plugin/blob/master/download/elasticsearch-readonlyrest-v1.4_es-v2.0.0.zip?raw=true
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/11#issuecomment-155446285.
from elasticsearch-readonlyrest-plugin.
@ivukotic you could tune the ACLs to allow POST, together with a url_re that matches the marvel plugin.
readonlyrest:
enable: true
response_if_req_forbidden: Sorry, your request is forbidden
access_control_rules:
- name: full access to internal servers
type: allow
hosts: [127.0.0.1, 10.0.0.20, 10.0.2.112]
- name: forbid access to private index from external hosts
type: forbid
uri_re: ^http://localhost:9200/reservedIdx/.*
### ADD THIS RULE FOR MARVEL
- name: allow POST if we're hitting Marvel plugin
type: allow
method: [POST]
uri_re: ^http://.*/_plugin/marvel.*
- name: restricted access to all other hosts
type: allow
methods: [OPTIONS,GET]
maxBodyLength: 0
NB: this is not tested, but you got the gist :)
Tell me how it goes, and don't forget to star the project if you like it!
from elasticsearch-readonlyrest-plugin.
Hi,
What marvel is trying to do is this:
curl -XPOST http://cl-analytics.mwt2.org:9200/.marvel-2015.11.10/_search -d '{"facets":{"query":{"terms":{"field":"node.name","size":100},"facet_filter":{"fquery":{"query":{"filtered":{"query":{"query_string":{"query":"_type:node_stats"}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":1447119335396,"to":1447122935396}}}]}}}}}}}},"size":0}’
so I made what you suggested:
uri_re: ^http://._.marvel.__search.*
but the access is still not possible. Does it have to be on all the machines or only on the master node?
Thanks,
Ilija
On Nov 10, 2015, at 9:28 , Simone Scarduzio <[email protected]mailto:[email protected]> wrote:
@ivukotichttps://github.com/ivukotic you could tune the ACLs to allow POST, together with a url_re that matches the marvel plugin.
readonlyrest:
enable: true
response_if_req_forbidden: Sorry, your request is forbidden
access_control_rules:
- name: full access to internal servers
type: allow
hosts: [127.0.0.1, 10.0.0.20, 10.0.2.112]
- name: forbid access to private index from external hosts
type: forbid
uri_re: ^http://localhost:9200/reservedIdx/.*
### ADD THIS RULE FOR MARVEL
- name: allow POST if we're hitting Marvel plugin
type: allow
method: [POST]
uri_re: ^http://.*/_plugin/marvel.*
- name: restricted access to all other hosts
type: allow
methods: [OPTIONS,GET]
maxBodyLength: 0
NB: this is not tested, but you got the gist :)
Tell me how it goes, and don't forget to star the project if you like it!
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/11#issuecomment-155451674.
from elasticsearch-readonlyrest-plugin.
Related Issues (20)
- Does this work on ES 7.10.0? HOT 2
- Support for certificates in PEM format, in addition to keystore format HOT 3
- despite force_load_from_file=true, ROR plugin tries to load .readonlyrest index HOT 2
- Kibana Short url creation not recognised on Kibana 7.8.1 HOT 4
- When user access a forbidden resource, the user cannot access to kibana dashboards in 7.5.1 HOT 3
- Can't Update Kibana to 7.12.0 with ROR enabled HOT 6
- Curator can't create backup with ROR enabled HOT 7
- 请问配置更新有api吗? HOT 3
- Potential security issue HOT 7
- elasticsearch7.15.1 安装后启动报错
- Why are 403 response codes sent while ROR plugin isn't initiated? HOT 5
- No Tag in Github for Version v1.39.0-pre4_es7.17.3 HOT 4
- Indices rule not working for data stream ES 7.17 HOT 11
- How configure in docker compose with this plugin HOT 3
- Unable to make field private static final java.util.Map
- kibana_access is not working (_bulk_resolve are blocked) HOT 12
- Error while installing ror plugin inside docker container HOT 2
- Unable to connect to LDAP server HOT 2
- Can't able to authenticate with LDAP HOT 14
- Kibana ::1:<port> ECONNREFUSED HOT 15
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from elasticsearch-readonlyrest-plugin.