Yeah, it's been looking like a proxy is the way to go. If it was an already existing functionality allowing me to suppress the version info from /, I'd have been happy to use that, but I agree - it isn't worth anyone's time to add this. Thanks Ivan! -Josh
On Thursday, December 19, 2013 3:04:15 PM UTC-8, Ivan Brusic wrote: > > Just having the REST endpoint open is a security risk. :) You can always > put a proxy in front of elasticsearch that intercepts certain calls such as > PUT, POST, DELETE or simply / in your case. > > Normally in elasticsearch, a request is built with various parameters via > a builder and then the resulting response will have the correct fields. You > can see an example with the nodes stats: > > > https://github.com/elasticsearch/elasticsearch/blob/master/src/main/java/org/elasticsearch/rest/action/admin/cluster/node/stats/RestNodesStatsAction.java > > The main action does not really have specific request/response classes. > You can try raising an issue or even submitting a pull request yourself, > but I do not see this issue as being very important. That is just my guess. > > -- > Ivan > > > On Thu, Dec 19, 2013 at 2:52 PM, Josh Harrison <[email protected]<javascript:> > > wrote: > >> To clarify, when I go to http://localhost:9200, I want to get back >> >> { >> "ok" : true, >> "status" : 200, >> "name" : "Stem Cell", >> "tagline" : "You Know, for Search" >> } >> >> >> Not >> >> { >> "ok" : true, >> "status" : 200, >> "name" : "Stem Cell", >> "version" : { >> "number" : "0.90.5", >> "build_hash" : "c8714e8e0620b62638f660f6144831792b9dedee", >> "build_timestamp" : "2013-09-17T13:09:46Z", >> "build_snapshot" : false, >> "lucene_version" : "4.4" >> }, >> "tagline" : "You Know, for Search" >> } >> >> >> I poked around in the code and the only code place I fine "You Know, for >> Search" is >> >> https://github.com/elasticsearch/elasticsearch/blob/c20d4bb69ed29cf11a747f0fdc40ce4237f79ce4/src/main/java/org/elasticsearch/rest/action/main/RestMainAction.java >> There doesn't appear to be an explicit flag that would allow me to >> suppress that, but perhaps that's somewhere else? My IT folks are in a >> tizzy that version information is being displayed, saying it's a major >> security risk. Sigh. >> Honestly, if it doesn't break something else, I wouldn't mind if there >> was just a way to turn off that default response entirely. That'd do it too. >> >> >> On Thursday, December 19, 2013 12:50:29 PM UTC-8, Ivan Brusic wrote: >> >>> From what I can tell from the code, it appears that you can disable >>> returning the version field. >>> >>> -- >>> Ivan >>> >>> >>> On Thu, Dec 19, 2013 at 12:27 PM, Josh Harrison <[email protected]>wrote: >>> >>>> The subject says it all pretty much, is it possible to turn off the >>>> reporting of version data in response to GET http://localhost:9200? >>>> Thanks, >>>> Josh >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "elasticsearch" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/elasticsearch/7962249a-610f-4ee6-9496-a1cf14df8d95% >>>> 40googlegroups.com. >>>> For more options, visit https://groups.google.com/groups/opt_out. >>>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "elasticsearch" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/elasticsearch/dbd5cd20-6b39-46f8-bab8-b6c37de21c26%40googlegroups.com >> . >> >> For more options, visit https://groups.google.com/groups/opt_out. >> > > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/1cd01174-f23c-4edd-854f-31a5975e01f4%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
