When using Metricbeat to monitor Kibana, it sends requests to Kibana’s /api/* endpoints. Unfortunately, it seems these requests are not authorized (even with basic auth enabled) so they will by default be redirected to the login page.
To get around this, I can add:
But, this is obviously a huge security hole, since it will allow requests from any source to hit the API without authentication.
It would be ideal if i could combine/replace this with something like:
readonlyrest_kbn.whitelistedSourceIPs: ["10.0.x.x"] or something similar