sscarduzio
commented
9 years ago Filtering on the destination address is possible using the uri_re parameter.
Make a rule that whitelists the internal users, based on what URI they have requested
- name: allow requests directed to the internal IP
type: allow
uri_re: ^http://<internal_ip>:9200/.*After that, put another rule that intercepts all the remaining traffic and requires it to be read only.
- name: restricted access to all other hosts
type: allow
methods: [OPTIONS,GET]
maxBodyLength: 0The basic http auth support is in a pull request I'm waiting for to be documented (see #9 ). Feel free to clone @antoniossss fork
hackel
If you are blocking get/post requests with a body, how can one accomplish anything with Elasticsearch? This would seem to prevent using the Query DSL at all, or am I missing something? Am I supposed to convert a 30-line json query with several levels of nested relations, etc. into a simple URL query string somehow?
Basically what I want to be able to do is say that if a request comes in on the public IP address, it should be readonly, whatever the request is, and on internal IPs, allow to specify a username/password for write access. It seems like this is not currently possible with this addon.