Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider how to secure API Umbrella elasticsearch from anonymous access #1402

Closed
brylie opened this issue Aug 17, 2016 · 2 comments
Closed

Consider how to secure API Umbrella elasticsearch from anonymous access #1402

brylie opened this issue Aug 17, 2016 · 2 comments
Assignees
@shaliko
Labels
security

Comments

@brylie
Copy link
Contributor

brylie commented Aug 17, 2016
edited by bajiat
Loading

By default, the API Umbrella Elastic server is publicly accessible. This means that anyone with the proper knowledge may be able to access complete analytics records for API Umbrella. Consider how to secure the API Umbrella Elastic server as part of our packaging and/or upstream.

Related
@brylie brylie mentioned this issue Aug 17, 2016
Closed
6 tasks
@bajiat bajiat added the icebox label Sep 7, 2016
@brylie brylie added in progress and removed icebox labels Jan 18, 2017
@brylie
Copy link
Contributor Author

brylie commented Jan 18, 2017

@bajiat I moved this to In Progress column, since we are currently investigating.

@shaliko I added you to the task, since you are working on this currently.

@shaliko
Copy link
Contributor

shaliko commented May 29, 2017

@brylie Can we close that issue? Now we run ElasticSearch in Docker private network, so ES not available for public Internet.

@brylie brylie closed this as completed May 29, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shaliko shaliko

Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brylie @shaliko @bajiat