🍉 Meet Flexmonster Pivot Table & Charts 2.9.Check out all hot features!
Get Free Trial

Securing Flexmonster with Elasticsearch

Monu asked on December 1, 2020

I would like to know the ways that we can secure flexmonster calls to elasticsearch. With current implementation, we have to allow elasticsearch apis to public so that flexmonster being in frontend can access. This is a major security vulnerability. Per documentation, we can use basic auth which is again exposed in frontend. Please suggest a way out here. We can not do ip whitelisting as the application should be accessible from anywhere over internet. Additionally, our application itself is AAA compliant. However, due to flexmonster, our application is vulnerable. Please advise ASAP to go for license.

3 answers

Milena Pechura Milena Pechura Flexmonster December 2, 2020

Hello, Monu,
Thank you for posting to our forum.
As the most flexible way to establish a secure connection to Elasticsearch, we suggest creating a proxy in front of your Elasticsearch instance.
Please have a look at the following forum thread describing this approach in detail:
Hope it helps!
Do not hesitate to contact us in case any additional questions arise.
Kind regards,

Milena Pechura Milena Pechura Flexmonster December 15, 2020

Hi, Monu,
Hope you are doing well!
We would like to kindly take an interest in whether our response helped.
Did you have a chance to try the suggested approach?
Our team would be glad to hear your feedback.
Best regards,

Milena Pechura Milena Pechura Flexmonster December 24, 2020

Hello, Monu,
How are you?
Our team was wondering whether our recommendation was helpful.
Did you have a chance to check out the forum thread we mentioned in our response?
Looking forward to hearing from you.
Kind regards,

Please login or Register to Submit Answer