easy way to make an elasticsearch server read-only

前端未结

关注

 7  2037

日久生厌 2021-02-02 13:03

It\'s really easy to just upload a bunch of json data to an elasticsearch server to have a basic query api, with lots of options

I\'d just like to know if there\'s and e

7条回答

野性不改 (楼主)

2021-02-02 13:08

If you have a public facing ES instance behind nginx, which is updated internally these blocks should make it ready only and only allow _search endpoints

    limit_except GET POST OPTIONS {
        allow 127.0.0.1;
        deny  all;
    }
    if ($request_uri !~ .*search.*) {
        set $sc fail;
    }
    if ($remote_addr = 127.0.0.1) {
        set $sc pass;
    }
    if ($sc = fail) {
        return 404;
    }

0 讨论(0)

查看其它7个回答