Welcome! Log In Create A New Profile

Advanced

HTTP Authentication through database

October 22, 2015 04:05AM
Greetings,

I recently stumbled onto Nginx while researching a way to protect my Elasticsearch server without using Elastic Shield.
My setup has a Windows Server box containing a webserver which has Kibana deployed on port 8080. The box also runs Elasticsearch as a service which listens to port 9200. The Kibana webapplication is protected by a filter which checks the HTTP-request header for the user-id and checks a database if this user-id is allowed to access Kibana.

Unfortunatly, Kibana has to send queries and requests to Elasticsearch from the user's browser. Hence Elasticsearch has to be accessible for the user. This allows unauthorized users to send REST-requests to the Elasticsearch server, making this a potential security threat.

My solution to this problem would be to implement Nginx as a reverse proxy on the box, forcing the HTTP-requests to pass Nginx before being allowed to access Elasticsearch, which would then only accessible on the box's localhost. The authentication would be processed by Nginx's http_auth_request_module, but I don't quite understand how to implement a service to which I redirect this auth request to.

I found this StackOverflow page to be the most insightful: http://stackoverflow.com/questions/25340630/how-can-i-set-up-an-automatic-authentication-layer-in-nginx
, but it still doesn't explain how to actually implement the authentication service.

My preferred way of writing this service would be through Java and wrapping it as a service. I understand that the service should return the HTTP-code 200 if the authentication is succesful and something else if it isn't. I'd like to process the HTTP-request in the same way I processed the HTTP-request in the filter I used to validate Kibana-users.

Any tips to get me started on writing a Java-application that would act as an authentication service?

If this isn't possible in Java, is there a way to do it in Perl or Python?

Thanks
Subject Author Posted

HTTP Authentication through database

JaminVP October 22, 2015 04:05AM

Re: HTTP Authentication through database

lhmwzy October 22, 2015 04:24AM

Re: HTTP Authentication through database

itpp2012 October 22, 2015 04:45AM

Re: HTTP Authentication through database

JaminVP October 22, 2015 08:17AM

Re: HTTP Authentication through database

itpp2012 October 22, 2015 09:00AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 80
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready