asked on December 1, 2020
Hi,
I would like to know the ways that we can secure flexmonster calls to elasticsearch. With current implementation, we have to allow elasticsearch apis to public so that flexmonster being in frontend can access. This is a major security vulnerability. Per documentation, we can use basic auth which is again exposed in frontend. Please suggest a way out here. We can not do ip whitelisting as the application should be accessible from anywhere over internet. Additionally, our application itself is AAA compliant. However, due to flexmonster, our application is vulnerable. Please advise ASAP to go for license.
⋅ December 2, 2020
Hello, Monu,
Thank you for posting to our forum.
As the most flexible way to establish a secure connection to Elasticsearch, we suggest creating a proxy in front of your Elasticsearch instance.
Please have a look at the following forum thread describing this approach in detail:
https://www.flexmonster.com/question/flexmonster-elasticsearch/.
Hope it helps!
Do not hesitate to contact us in case any additional questions arise.
Kind regards,
Milena
⋅ December 15, 2020
Hi, Monu,
Hope you are doing well!
We would like to kindly take an interest in whether our response helped.
Did you have a chance to try the suggested approach?
Our team would be glad to hear your feedback.
Best regards,
Milena
⋅ December 24, 2020
Hello, Monu,
How are you?
Our team was wondering whether our recommendation was helpful.
Did you have a chance to check out the forum thread we mentioned in our response?
Looking forward to hearing from you.
Kind regards,
Milena
