使用elasticsearch-6.1.2時,curl與head插件都出現不能查詢數據的異常,具體原因如下
curl -XGET http://localhost:9200/tmdb/_search?pretty -d ' {"query": {"match_all": ""}}'
{
"error" : "Content-Type header [application/x-www-form-urlencoded] is not supported",
"status" : 406
}
此原因時由於ES增加了安全機制,
進行嚴格的內容類型檢查,嚴格檢查內容類型也可以作為防止跨站點請求偽造攻擊的一層保護。
官網解釋
Strict checking of content-type is also useful as a layer of protection against Cross Site Request Forgery attacks.
Because the Elasticsearch REST API uses simple HTTP requests, what’s easy to do with curl, is often easy to do with your web browser. If your internal network allows it, you can point your favourite browser at the /_cluster/settings endpoint on one of your Elasticsearch nodes and see the settings for your cluster.
Unfortunately, if an attacker has the right knowledge about your internal network and Elasticsearch cluster, they can craft a malicious webpage that would use that same technique to perform unwanted updates to your cluster. Web browsers implement a number of security policies that help protect from such attacks, and part of that protection is to place limits on the content-types that may be used when sending data to remote servers.
I mentioned earlier that you can enable strict content-type checking in recent releases of Elasticsearch 5 by enabling the http.content_type.required configuration option. Given the security reasons mentioned above, you should consider whether that is something that would be of value to you right now.
If you’re deploying a brand new Elasticsearch cluster, it’s probably a good idea to require strict content-types from the start. It will be one less thing to worry about when you do upgrade to 6.x, and it gives you an added layer of protection against Cross Site Request Forgery attacks.
If you have an existing Elasticsearch installation, then turning on that setting may be a little trickier - you need to know that all of your clients are sending the correct content-type. But if you can tackle that problem now that will get you one step closer to being able to migrate to Elasticsearch 6 when it is officially available.
es5沒有嚴格檢查的,可以設置參數,以增加安全性
http.content_type.required
添加請求頭即可正常查詢
curl -H "Content-Type: application/json" http://localhost:9200/tmdb/_search?pretty -d ' {"query": {"match_all": {}}}'