qbox-ip-rules.png#asset:502

Since launching our new dedicated clusters, the most common feature request has been IP-based access rules. Originally, we only offered HTTP Basic authentication and SSL for securing an Elasticsearch instance. Although those features provided enough security for some applications, many still needed more rigid control.

Last week, we rolled out the first pass at our “IP Whitelisting” feature. Now, when either creating or editing a Qbox cluster, you’ll see a field to provide a list of allowed IPs. It’s completely optional, with all traffic allowed by default. Rules apply to all ports on all nodes — both HTTP and Transport. Subsequently, users can now access Elasticsearch with the native Java Transport API. The Transport port is blocked by default for security, but is opened when at least one IP is whitelisted.