WARNING: Version 2.3 of Elasticsearch has passed its EOL date.

This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.

« Common options Document APIs »
Elastic Docs Elasticsearch Guide [2.3] API Conventions

URL-based access control

edit

URL-based access control

edit

Many users use a proxy with URL-based access control to secure access to Elasticsearch indices. For multi-search, multi-get and bulk requests, the user has the choice of specifying an index in the URL and on each individual request within the request body. This can make URL-based access control challenging.

To prevent the user from overriding the index which has been specified in the URL, add this setting to the config.yml file:

rest.action.multi.allow_explicit_index: false

The default value is true, but when set to false, Elasticsearch will reject requests that have an explicit index specified in the request body.

« Common options Document APIs »