Despite the COVID-19 outbreak, our team continues operating at full speed. We are always here to support and answer all your questions.

Feel free to reach out by filling this quick form.

Fill the form
Get Free Trial

Securing Flexmonster with Elasticsearch

Answered
Monu asked on December 1, 2020

Hi,
I would like to know the ways that we can secure flexmonster calls to elasticsearch. With current implementation, we have to allow elasticsearch apis to public so that flexmonster being in frontend can access. This is a major security vulnerability. Per documentation, we can use basic auth which is again exposed in frontend. Please suggest a way out here. We can not do ip whitelisting as the application should be accessible from anywhere over internet. Additionally, our application itself is AAA compliant. However, due to flexmonster, our application is vulnerable. Please advise ASAP to go for license.

3 answers

Public
Milena Pechura Milena Pechura Flexmonster December 2, 2020

Hello, Monu,
 
Thank you for posting to our forum.
 
As the most flexible way to establish a secure connection to Elasticsearch, we suggest creating a proxy in front of your Elasticsearch instance.
Please have a look at the following forum thread describing this approach in detail:
https://www.flexmonster.com/question/flexmonster-elasticsearch/.
 
Hope it helps!
Do not hesitate to contact us in case any additional questions arise.
 
Kind regards,
Milena

Public
Milena Pechura Milena Pechura Flexmonster December 15, 2020

Hi, Monu,
 
Hope you are doing well!
 
We would like to kindly take an interest in whether our response helped.
Did you have a chance to try the suggested approach?
 
Our team would be glad to hear your feedback.
 
Best regards,
Milena

Public
Milena Pechura Milena Pechura Flexmonster December 24, 2020

Hello, Monu,
 
How are you?
 
Our team was wondering whether our recommendation was helpful.
Did you have a chance to check out the forum thread we mentioned in our response?
 
Looking forward to hearing from you.
 
Kind regards,
Milena

Please login or Register to Submit Answer