如何在 Elasticsearch 的 9200 端口禁用公共访问

huangapple go评论95阅读模式
英文:

How disable public access in elasticsearch port 9200

问题

我安装了Elasticsearch服务器。在Windows服务器上,Elasticsearch服务器上的www.example.com:9200端口可以进行外部访问。我想限制这个访问。我使用Elasticsearch的应用程序正在另一台服务器上运行。

当从应用程序服务器发送请求时,Elasticsearch服务器进行搜索并发送请求回来。它的运行没有问题,但是当从任何计算机(除了具有服务器访问权限的计算机)连接到www.example.com:9200时,可以访问端口9200。

我应该怎么做才能只保持对应用程序服务器的访问开放?

我不想通过防火墙来进行更改,我在安装过程中遇到了一些防火墙的问题。
谢谢。祝你有一个愉快的一天。

英文:

I installed elasticsearch server. There is external access to elasticsearch www.example.com:9200 port on this server on Windows server. I want to restrict this. My application that I use Elasticsearch is running on another server.

When a request is sent from the app server, Elasticsearch server searches and sends a request back. There is no problem in its operation, but when www.example.com:9200 is connected from any computer (except those with server access), port 9200 can be accessed.

What should I do to keep it open only for app server access?

I don't want to change it with firewall, I had a few problems with firewall during installation.
Thanks. Have a good day.

答案1

得分: 0

你可以启用 CORS 并将 http.cors.allow-origin 设置为允许特定 IP 访问 Elasticsearch。

注意:默认情况下,CORS 是禁用的。

使用以下凭据更新 elasticsearch.yml。

http.cors.allow-origin: "*" # 仅在本地开发时使用不受限制的值
# 在生产环境中使用特定的来源值,如 `http.cors.allow-origin: ""https://<my-website-domain.example>"`
http.cors.enabled: true
http.cors.allow-credentials: true
http.cors.allow-methods: OPTIONS, POST
http.cors.allow-headers: X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization, Access-Control-Allow-Headers, Accept

可选地,你可以使用逗号分隔的列表设置多个允许的来源:

http.cors.allow-origin: "http://domain1:port, http://domain2:port"

更新完 yaml 文件后,别忘了重新启动 elasticsearch.yml。

设置 http.cors.allow-origin 将会如你所愿地限制对浏览器中 elasticsearch:port 的访问。

然而,请注意,仅设置 http.cors.allow-origin 不会提供完整的访问控制或限制对特定 IP 地址的访问。CORS 主要用于管理来自 Web 浏览器的请求,在 Web 应用程序中使用,而不像防火墙规则或网络配置提供相同级别的安全性。

英文:

You can enable the CORS and set the http.cors.allow-origin to allow access for some specific IP's to Elasticsearch.

Note: CORS is disabled by default.

Update elasticsearch.yml with the following credentials.

http.cors.allow-origin: "*" # Only use unrestricted value for local development
# Use a specific origin value in production, like `http.cors.allow-origin: "https://<my-website-domain.example>"`
http.cors.enabled: true
http.cors.allow-credentials: true
http.cors.allow-methods: OPTIONS, POST
http.cors.allow-headers: X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization, Access-Control-Allow-Headers, Accept

Optionally, you can set multiple allowed origins using a comma-separated list:

http.cors.allow-origin: "http://domain1:port, http://domain2:port"

Don't forget to restart the elasticsearch.yml after update the yaml.

> Setting the http.cors.allow-origin will restrict access to elasticsearch:port on the browser as you want.

> However, please note that the http.cors.allow-origin setting alone
> won't provide full access control or restrict access to specific IP
> addresses. CORS is primarily used to manage requests from web browsers
> in web applications and does not provide the same level of security as
> firewall rules or network configurations.

huangapple
  • 本文由 发表于 2023年7月27日 20:16:32
  • 转载请务必保留本文链接:https://go.coder-hub.com/76779654.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定