Authentication in Elasticsearch

The plugin mentioned in this answer is no longer being actively supported.


There is no built-in access control in elasticsearch. So, you would need to setup a reverse proxy (here is a blog post how to setup nginx), use one of the 3rd party elasticsearch plugins such as https://github.com/Asquera/elasticsearch-http-basic or use the official security plugin Shield.


<shamelessPlug>

Sorry but I have serious doubts about all these plugins and proxies that only try to capture queries with sloppy regex's at HTTP level.

Will you regex all the possible ES syntax that may perform a write? How do you filter by index? How about index aliases? Multi-index queries?

The only clean way to do the access control is AFTER ElasticSearch has parsed the queries. This is exactly what Shield does after all!

I wrote a MIT licensed plugin (readonly-rest-plugin) that does exactly this.

You can match request by:

  • ✔️ Host name, IP and IP with Netmask

  • ✔️ Indices (wildcards supported) and index aliases are resolved

  • ✔️ HTTP Basic Auth

It has also first class support for Kibana authentication :)

</shamelessPlug>