0

I have an Elasticsearch 1.7.5 instance running on a Ubuntu 16.04 server that I need to test after opening it up to the internet. I know you can use Mod Rewrite on Apache to lock down HTTP request methods (PUT, GET, POST, etc).

I can currently access my Elasticsearch instance through http://example.com/es/ which I've configured a proxy for, in Apache.

I want to disable the PUT, DELETE and TRACE methods entirely. I want to leave GET open, but restrict POST to the search call (http://example.com/es/_search).

My current Mod Rewrite rules are:

RewriteEngine on
RewriteCond %{THE_REQUEST} !^(POST|GET)\ /.*\ HTTP/1\.1$ 
RewriteRule .* - [F]

Which I know will only allow the POST and GET methods.

473183469
  • 1,350
  • 1
  • 12
  • 23
Donglecow
  • 111
  • 5

1 Answers1

0

Maybe this would be of a help?

orestis
  • 111
  • 3
  • Thanks for the link. I'd prefer to get this sorted out a bit sooner than then, but I'll definitely take a look. – Donglecow Jan 25 '17 at 10:49