I've recently started using an Elastic search, Logstash and Kibana to help visualize the logs on my server.
This is working out great, but the only catch is that this is all publicly accessible by accessing them through their ports on my server. e.g example.com:9200 or example.com:5601.
I've found out a way to restrict elastic search to local traffic only, but I need a way to restrict public access to Kibana.
I want to keep it public, so that I can access it but put it in front of some basic authentication using htaccess. I have successfully implemented this, so that if I navigate to kibana.example.com it will ask me for a username and password before going through. However I can still access it directly using example.com:5601 and not be asked for authentication.
Looking around, it seems that iptables are the way to go with this. I tried using sudo iptables -A INPUT -p tcp --dport 5601 -j DROP and this does block all access to the port, but it also blocks the traffic I want to allow when directing through kibana.example.com.
How can I modify the rule above to allow access through kibana.example.com but block access when you try to go to the port directly?
My server runs Debain Jessie and I am using Apache 2.2 as my web server.
