[7.5] [DOCS]Clarify that by default server.host only allows local connections (#52802)

docs/setup/access.asciidoc

@@ -2,8 +2,8 @@
 == Accessing Kibana
 
 Kibana is a web application that you access through port 5601. All you need to do is point your web browser at the
-machine where Kibana is running and specify the port number. For example, `localhost:5601` or
-`http://YOURDOMAIN.com:5601`.
+machine where Kibana is running and specify the port number. For example, `localhost:5601` or `http://YOURDOMAIN.com:5601`.
+If you want to allow remote users to connect, set the parameter `server.host` in `kibana.yml` to a non-loopback address.
 
 When you access Kibana, the <<discover,Discover>> page loads by default with the default index pattern selected. The
 time filter is set to the last 15 minutes and the search query is set to match-all (\*).
@@ -15,9 +15,10 @@ If you still don't see any results, it's possible that you don't *have* any docu
 [[status]]
 === Checking Kibana Status
 
-You can reach the Kibana server's status page by navigating to `localhost:5601/status`. The status page displays
+You can reach the Kibana server's status page by navigating to the status endpoint, for example, `localhost:5601/status`. The status page displays
 information about the server's resource usage and lists the installed plugins.
 
-image::images/kibana-status-page.png[]
+[role="screenshot"]
+image::images/kibana-status-page-7_5_0.png[]
 
 NOTE: For JSON-formatted server status details, use the API endpoint at `localhost:5601/api/status`

docs/setup/settings.asciidoc

@@ -7,9 +7,7 @@ if you installed {kib} from an archive distribution (`.tar.gz` or `.zip`), by
 default it is in `$KIBANA_HOME/config`. By default, with package distributions
 (Debian or RPM), it is in `/etc/kibana`.
 
-The default settings configure Kibana to run on `localhost:5601`. To change the
-host or port number, or connect to Elasticsearch running on a different machine,
-you'll need to update your `kibana.yml` file. You can also enable SSL and set a
+The default host and port settings configure {kib} to run on `localhost:5601`. To change this behavior and allow remote users to connect, you'll need to update your `kibana.yml` file. You can also enable SSL and set a
 variety of other options. Finally, environment variables can be injected into
 configuration using `${MY_ENV_VAR}` syntax.
 
@@ -32,7 +30,7 @@ strongly recommend that you keep the default CSP rules that ship with Kibana.
 
 `csp.strict:`:: *Default: `false`* Blocks access to Kibana to any browser that
 does not enforce even rudimentary CSP rules. In practice, this will disable
-support for older, less safe browsers like Internet Explorer. 
+support for older, less safe browsers like Internet Explorer.
 See <<csp-strict-mode, Content Security Policy>> for more information.
 
 `csp.warnLegacyBrowsers:`:: *Default: `true`* Shows a warning message after
@@ -65,7 +63,7 @@ connects to this Kibana instance.
 `elasticsearch.requestHeadersWhitelist:`:: *Default: `[ 'authorization' ]`* List
 of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
 headers, set this value to [] (an empty list).
-Removing the `authorization` header from being whitelisted means that you cannot 
+Removing the `authorization` header from being whitelisted means that you cannot
 use <<basic-authentication, basic authentication>> in Kibana.
 
 `elasticsearch.requestTimeout:`:: *Default: 30000* Time in milliseconds to wait
@@ -129,11 +127,11 @@ store saved searches, visualizations, and dashboards. Kibana creates a new index
 if the index doesn’t already exist. If you configure a custom index, the name must
 be lowercase, and conform to {es} {ref}/indices-create-index.html[index name limitations].
 +
-When running multiple tenants of {kib} by changing the `kibana.index` in your `kibana.yml`, 
-you cannot use the `kibana_user` or `kibana_dashboard_only_user` roles 
-to grant access to {kib}. 
-You must create custom roles that authorize the user for that specific tenant. 
-Although multi-tenant installations are supported, the recommended approach 
+When running multiple tenants of {kib} by changing the `kibana.index` in your `kibana.yml`,
+you cannot use the `kibana_user` or `kibana_dashboard_only_user` roles
+to grant access to {kib}.
+You must create custom roles that authorize the user for that specific tenant.
+Although multi-tenant installations are supported, the recommended approach
 to securing access to {kib} segments is to grant users access to specific spaces.
 
 `kibana.autocompleteTimeout:`:: *Default: "1000"* Time in milliseconds to wait
@@ -281,7 +279,7 @@ This setting may not be used when `server.compression.enabled` is set to `false`
   send on all responses to the client from the Kibana server.
 
 `server.host:`:: *Default: "localhost"* This setting specifies the host of the
-back end server.
+back end server. To allow remote users to connect, set the value to the IP address or DNS name of the {kib} server.
 
 `server.keepaliveTimeout:`:: *Default: "120000"* The number of milliseconds to wait for additional data before restarting
 the `server.socketTimeout` counter.
@@ -334,15 +332,15 @@ supported protocols with versions. Valid protocols: `TLSv1`, `TLSv1.1`, `TLSv1.2
 setting this to `true` enables unauthenticated users to access the Kibana server
 status API and status page.
 
-`telemetry.allowChangingOptInStatus`:: *Default: true*. If `true`, 
-users are able to change the telemetry setting at a later time in 
-<<advanced-options, Advanced Settings>>.  If `false`, 
-{kib} looks at the value of `telemetry.optIn` to determine whether to send 
+`telemetry.allowChangingOptInStatus`:: *Default: true*. If `true`,
+users are able to change the telemetry setting at a later time in
+<<advanced-options, Advanced Settings>>.  If `false`,
+{kib} looks at the value of `telemetry.optIn` to determine whether to send
 telemetry data or not. `telemetry.allowChangingOptInStatus` and `telemetry.optIn`
 cannot be `false` at the same time.
 
-`telemetry.optIn`:: *Default: true* If `true`, telemetry data is sent to Elastic. 
- If `false`, collection of telemetry data is disabled.  
+`telemetry.optIn`:: *Default: true* If `true`, telemetry data is sent to Elastic.
+ If `false`, collection of telemetry data is disabled.
  To enable telemetry and prevent users from disabling it,
  set `telemetry.allowChangingOptInStatus` to `false` and `telemetry.optIn` to `true`.