Just having the REST endpoint open is a security risk. :) You can always put a proxy in front of elasticsearch that intercepts certain calls such as PUT, POST, DELETE or simply / in your case.
Normally in elasticsearch, a request is built with various parameters via a builder and then the resulting response will have the correct fields. You can see an example with the nodes stats: https://github.com/elasticsearch/elasticsearch/blob/master/src/main/java/org/elasticsearch/rest/action/admin/cluster/node/stats/RestNodesStatsAction.java The main action does not really have specific request/response classes. You can try raising an issue or even submitting a pull request yourself, but I do not see this issue as being very important. That is just my guess. -- Ivan On Thu, Dec 19, 2013 at 2:52 PM, Josh Harrison <[email protected]> wrote: > To clarify, when I go to http://localhost:9200, I want to get back > > { > "ok" : true, > "status" : 200, > "name" : "Stem Cell", > "tagline" : "You Know, for Search" > } > > > Not > > { > "ok" : true, > "status" : 200, > "name" : "Stem Cell", > "version" : { > "number" : "0.90.5", > "build_hash" : "c8714e8e0620b62638f660f6144831792b9dedee", > "build_timestamp" : "2013-09-17T13:09:46Z", > "build_snapshot" : false, > "lucene_version" : "4.4" > }, > "tagline" : "You Know, for Search" > } > > > I poked around in the code and the only code place I fine "You Know, for > Search" is > > https://github.com/elasticsearch/elasticsearch/blob/c20d4bb69ed29cf11a747f0fdc40ce4237f79ce4/src/main/java/org/elasticsearch/rest/action/main/RestMainAction.java > There doesn't appear to be an explicit flag that would allow me to > suppress that, but perhaps that's somewhere else? My IT folks are in a > tizzy that version information is being displayed, saying it's a major > security risk. Sigh. > Honestly, if it doesn't break something else, I wouldn't mind if there was > just a way to turn off that default response entirely. That'd do it too. > > > On Thursday, December 19, 2013 12:50:29 PM UTC-8, Ivan Brusic wrote: > >> From what I can tell from the code, it appears that you can disable >> returning the version field. >> >> -- >> Ivan >> >> >> On Thu, Dec 19, 2013 at 12:27 PM, Josh Harrison <[email protected]> wrote: >> >>> The subject says it all pretty much, is it possible to turn off the >>> reporting of version data in response to GET http://localhost:9200? >>> Thanks, >>> Josh >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "elasticsearch" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> >>> To view this discussion on the web visit https://groups.google.com/d/ >>> msgid/elasticsearch/7962249a-610f-4ee6-9496-a1cf14df8d95% >>> 40googlegroups.com. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "elasticsearch" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elasticsearch/dbd5cd20-6b39-46f8-bab8-b6c37de21c26%40googlegroups.com > . > > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CALY%3DcQBcYEm%3DsKkoiQiM-LGKdPYZoEjQH9wqw2%3DWUPYR7xwvNg%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
