[distantsounds]

yes, because a 10 line nginx config with basic http auth is too difficult for a sysadmin to set up in conjunction with his systems monitoring tool

stop being obtuse

[dvfjsdhgfv]

It's not that it's too difficult, but we were accustomed to having this functionality built in in similar products in the past, then things changed. When ELK first showed up there was a big wave of attacks on ELK servers because they were completely unsecured and at that time X-Pack Security was a paid add-on, they changed their mind later, some time after an open source solution appeared.

[PixyMisa]

Absolutely. It has to be there, and users have to be forced to configure it at install time.

How many times do we need to repeat this mistake?