Hi everybody
I have Elasticsearch and Kibana version 7.13.1 and readonlyrest 1.30.1 (free ES).
I can’t login into Kibana with the auth_key clause in the settings, if I remove it instead kibana works.
I have this error message:
{“statusCode”: 401, “error”: “Unauthorized”, “message”: “[Forbidden by ReadonlyREST ES plugin: Response Error]: Forbidden by ReadonlyREST ES plugin”}
With auth_key the authentication in ES works, the only problem appears in kibana where there isn’t a banner for entering user and password
ROR conf:
readonlyrest:
response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin
audit_collector: true
access_control_rules:
- name: "00 - basic"
auth_key: user:pass
verbosity: error
type: allow
indices: ["*"]
Kibana conf:
elasticsearch.username: "user"
elasticsearch.password: "pass"
xpack.security.enabled: false
telemetry.enabled: false
ES conf:
cluster.name: xxx-elk-cluster
node.name: xxx-elk-node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
xpack.security.enabled: false
ES log:
[INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [xxx-elk-node-1] e[35mFORBIDDEN by default req={ ID:16906169-1687150194#442, TYP:SearchRequest, CGR:N/A, USR:[no info about user], BRS:true, KDX:null, ACT:indices:data/read/search, OA:127.0.0.1/32, XFF:null, DA:127.0.0.1/32, IDX:.kibana_7.13.1, MET:POST, PTH:/.kibana_7.13.1/_search, CNT:<OMITTED, LENGTH=466.0 B> , HDR:Connection=keep-alive, Host=localhost:9200, content-length=466, content-type=application/json, user-agent=elasticsearch-js/7.13.0-canary.1 (linux 4.18.0-240.el8.x86_64-x64; Node.js v14.16.1), x-elastic-client-meta=es=7.13.0p,js=14.16.1,t=7.13.0p,hc=14.16.1, x-elastic-product-origin=kibana, HIS:[01 - basic-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_7.13.1]], }e[0m
[INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [xxx-elk-node-1] e[35mFORBIDDEN by default req={ ID:53542787-278737162#743, TYP:SearchRequest, CGR:N/A, USR:[no info about user], BRS:true, KDX:null, ACT:indices:data/read/search, OA:127.0.0.1/32, XFF:null, DA:127.0.0.1/32, IDX:.kibana_7.13.1, MET:POST, PTH:/.kibana_7.13.1/_search, CNT:<OMITTED, LENGTH=312.0 B> , HDR:Connection=keep-alive, Host=localhost:9200, content-length=312, content-type=application/json, user-agent=elasticsearch-js/7.13.0-canary.1 (linux 4.18.0-240.el8.x86_64-x64; Node.js v14.16.1), x-elastic-client-meta=es=7.13.0p,js=14.16.1,t=7.13.0p,hc=14.16.1, x-elastic-product-origin=kibana, x-opaque-id=a823f4a3-a598-4299-a372-65b1c704c868, HIS:[01 - basic-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_7.13.1]], }e[0m
Kibana log:
{"type":"response","@timestamp":"2021-06-14T11:00:02+02:00","tags":[],"pid":33476,"method":"get","statusCode":401,"req":{"url":"/","method":"get","headers":{"host":"localhost:5601","cache-control":"max-age=0","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","accept-encoding":"gzip, deflate","accept-language":"it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7","x-forwarded-for":"xxxxx","x-forwarded-host":"xxxxx","x-forwarded-server":"xxxxx","connection":"Keep-Alive"},"remoteAddress":"127.0.0.1","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36"},"res":{"statusCode":401,"responseTime":45,"contentLength":144},"message":"GET / 401 45ms - 144.0B"}
{"type":"response","@timestamp":"2021-06-14T11:00:02+02:00","tags":[],"pid":33476,"method":"get","statusCode":404,"req":{"url":"/favicon.ico","method":"get","headers":{"host":"localhost:5601","pragma":"no-cache","cache-control":"no-cache","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36","accept":"image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8","referer":"http://xxxxxxxx/","accept-encoding":"gzip, deflate","accept-language":"it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7","x-forwarded-for":"xxxxx","x-forwarded-host":"xxxxx","x-forwarded-server":"xxxxx","connection":"Keep-Alive"},"remoteAddress":"127.0.0.1","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36","referer":"http://xxxxxxxx/"},"res":{"statusCode":404,"responseTime":33,"contentLength":60},"message":"GET /favicon.ico 404 33ms - 60.0B"}
Can you help me?
Thank you
Daniele