Is response_if_req_forbidden message functionality changed

On ROR login screen, if I type wrong creds, I get this message

Could not login: { “kibanaIndex”: “.kibana”, “authHeaders”: “”,…

instead of what is defined in

enable: true
response_if_req_forbidden: Access Denied! Please contact …

I am using Enterprise version 1.24

1 Like

Hi @praveenmak, got it. Will have a look!

This was tricky.

Actually you should not see that message, unless your incorrect credentials have been matched by an ACL block that does not carry user identity information.

One of the classic pitfalls is to have a “catch all” ACL block with “hosts” rule in the bottom of the ACL.

Simple try: try and log in again, but this time observe the Elasticsearch logs, and it won’t show “FORBIDDEN” when you put wrong credentials. It will say ALLOWED by

Sorry I have not got a chance to look into this. But my users still complain about this.

Are you saying I should have “catch all” ACL block with “hosts” rule in the bottom of the ACL?

No, I always advise no to have a block with only “hosts” rule.