英文:
How disable public access in elasticsearch port 9200
问题
我安装了Elasticsearch服务器。在Windows服务器上,Elasticsearch服务器上的www.example.com:9200端口可以进行外部访问。我想限制这个访问。我使用Elasticsearch的应用程序正在另一台服务器上运行。
当从应用程序服务器发送请求时,Elasticsearch服务器进行搜索并发送请求回来。它的运行没有问题,但是当从任何计算机(除了具有服务器访问权限的计算机)连接到www.example.com:9200时,可以访问端口9200。
我应该怎么做才能只保持对应用程序服务器的访问开放?
我不想通过防火墙来进行更改,我在安装过程中遇到了一些防火墙的问题。
谢谢。祝你有一个愉快的一天。
英文:
I installed elasticsearch server. There is external access to elasticsearch www.example.com:9200 port on this server on Windows server. I want to restrict this. My application that I use Elasticsearch is running on another server.
When a request is sent from the app server, Elasticsearch server searches and sends a request back. There is no problem in its operation, but when www.example.com:9200 is connected from any computer (except those with server access), port 9200 can be accessed.
What should I do to keep it open only for app server access?
I don't want to change it with firewall, I had a few problems with firewall during installation.
Thanks. Have a good day.
答案1
得分: 0
你可以启用 CORS 并将 http.cors.allow-origin 设置为允许特定 IP 访问 Elasticsearch。
注意:默认情况下,CORS 是禁用的。
使用以下凭据更新 elasticsearch.yml。
http.cors.allow-origin: "*" # 仅在本地开发时使用不受限制的值
# 在生产环境中使用特定的来源值,如 `http.cors.allow-origin: ""https://<my-website-domain.example>"`
http.cors.enabled: true
http.cors.allow-credentials: true
http.cors.allow-methods: OPTIONS, POST
http.cors.allow-headers: X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization, Access-Control-Allow-Headers, Accept
可选地,你可以使用逗号分隔的列表设置多个允许的来源:
http.cors.allow-origin: "http://domain1:port, http://domain2:port"
更新完 yaml 文件后,别忘了重新启动 elasticsearch.yml。
设置
http.cors.allow-origin将会如你所愿地限制对浏览器中 elasticsearch:port 的访问。
然而,请注意,仅设置
http.cors.allow-origin不会提供完整的访问控制或限制对特定 IP 地址的访问。CORS 主要用于管理来自 Web 浏览器的请求,在 Web 应用程序中使用,而不像防火墙规则或网络配置提供相同级别的安全性。
英文:
You can enable the CORS and set the http.cors.allow-origin to allow access for some specific IP's to Elasticsearch.
Note: CORS is disabled by default.
Update elasticsearch.yml with the following credentials.
http.cors.allow-origin: "*" # Only use unrestricted value for local development
# Use a specific origin value in production, like `http.cors.allow-origin: "https://<my-website-domain.example>"`
http.cors.enabled: true
http.cors.allow-credentials: true
http.cors.allow-methods: OPTIONS, POST
http.cors.allow-headers: X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization, Access-Control-Allow-Headers, Accept
Optionally, you can set multiple allowed origins using a comma-separated list:
http.cors.allow-origin: "http://domain1:port, http://domain2:port"
Don't forget to restart the elasticsearch.yml after update the yaml.
> Setting the http.cors.allow-origin will restrict access to elasticsearch:port on the browser as you want.
> However, please note that the http.cors.allow-origin setting alone
> won't provide full access control or restrict access to specific IP
> addresses. CORS is primarily used to manage requests from web browsers
> in web applications and does not provide the same level of security as
> firewall rules or network configurations.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论