@Zennet: I was thinking of doing something similar via a reverse-proxy in front of Kibana, however I believe Kibana still uses DELETE, PUT, and POST requests to save its dashboards, so I'm not sure what to block exactly.
@Jaguar: jetty plugin looks interesting, especially the "jetty-restrict-writes.xml" part, I'll be taking a look at that. As Jörg said, it shouldn't be too difficult to create a DELETE request and spoof its source to appear as if coming from a trusted source; I just wish there was an option built into ES to disable deletes/updates or at least authenticate them first. Thanks everyone -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/ec799ca8-a833-49c7-9794-cbb23435e98b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.