Just an update, it should be possible to protect ES from most malicious requests that are generated from Kibana's end by only allowing requests as described in this nginx config: https://github.com/elasticsearch/kibana/blob/master/sample/nginx.conf I've been looking at the ES API references but I didn't find any other ways to do update/delete operations that bypass the above config, although it would be great if someone could confirm that.
Thanks -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/3eb483d3-ab1a-425c-b629-c490a67c668a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.