From 549293d2b181d7a99678e78219884ca55feba32a Mon Sep 17 00:00:00 2001
From: Thomas Neirynck <thomas@elastic.co>
Date: Wed, 17 Aug 2016 15:09:12 -0400
Subject: [PATCH 1/2] Bind Kibana server to localhost

This is a breaking change. The default behaviour will now be that
connections from remote users will be rejected.
---
 config/kibana.yml                     | 6 ++++--
 docs/kibana-yml.asciidoc              | 2 +-
 docs/settings.asciidoc                | 2 +-
 src/server/config/__tests__/config.js | 2 +-
 src/server/config/schema.js           | 2 +-
 5 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/config/kibana.yml b/config/kibana.yml
index 7358fd5b06a36..0da5cdfbab779 100644
--- a/config/kibana.yml
+++ b/config/kibana.yml
@@ -1,8 +1,10 @@
 # Kibana is served by a back end server. This setting specifies the port to use.
 # server.port: 5601
 
-# This setting specifies the IP address of the back end server.
-# server.host: "0.0.0.0"
+# Specifies the public host name to which the Kibana server will bind.
+# The default is 'localhost', which usually means remote machines will not be able to connect.
+# To allow connections from remote users, set this parameter to IP or the DNS-name of the machine that is running Kibana.
+# server.host: "localhost"
 
 # Enables you to specify a path to mount Kibana at if you are running behind a proxy. This setting
 # cannot end in a slash.
diff --git a/docs/kibana-yml.asciidoc b/docs/kibana-yml.asciidoc
index 0a4e2a20d5a9a..2a5e7fc86dde2 100644
--- a/docs/kibana-yml.asciidoc
+++ b/docs/kibana-yml.asciidoc
@@ -1,7 +1,7 @@
 .Kibana Configuration Settings
 [horizontal]
 `server.port:`:: *Default: 5601* Kibana is served by a back end server. This setting specifies the port to use.
-`server.host:`:: *Default: "0.0.0.0"* This setting specifies the IP address of the back end server.
+`server.host:`:: *Default: "localhost"* This setting specifies the host of the back end server.
 `server.basePath:`:: Enables you to specify a path to mount Kibana at if you are running behind a proxy. This setting
 cannot end in a slash (`/`).
 `server.maxPayloadBytes:`:: *Default: 1048576* The maximum payload size in bytes for incoming server requests.
diff --git a/docs/settings.asciidoc b/docs/settings.asciidoc
index 51ae6716105b0..8b9ee99997458 100644
--- a/docs/settings.asciidoc
+++ b/docs/settings.asciidoc
@@ -295,7 +295,7 @@ deprecated[4.2, The names of several Kibana server properties changed in the 4.2
 +
 *alias*: `host` deprecated[4.2]
 +
-*default*: `"0.0.0.0"`
+*default*: `"localhost"`
 
 `elasticsearch.url` added[4.2]:: The Elasticsearch instance where the indices you want to query reside.
 +
diff --git a/src/server/config/__tests__/config.js b/src/server/config/__tests__/config.js
index cf43ce256f585..0dc60f98f6004 100644
--- a/src/server/config/__tests__/config.js
+++ b/src/server/config/__tests__/config.js
@@ -54,7 +54,7 @@ describe('lib/config/config', function () {
       it('should allow keys in the schema', function () {
         let config = new Config(schema);
         let run = function () {
-          config.set('test.client.host', 'http://0.0.0.0');
+          config.set('test.client.host', 'http://localhost');
         };
         expect(run).to.not.throwException();
       });
diff --git a/src/server/config/schema.js b/src/server/config/schema.js
index cf6790b82ea46..074ccec05b579 100644
--- a/src/server/config/schema.js
+++ b/src/server/config/schema.js
@@ -34,7 +34,7 @@ module.exports = () => Joi.object({
 
   server: Joi.object({
     name: Joi.string().default(os.hostname()),
-    host: Joi.string().hostname().default('0.0.0.0'),
+    host: Joi.string().hostname().default('localhost'),
     port: Joi.number().default(5601),
     maxPayloadBytes: Joi.number().default(1048576),
     autoListen: Joi.boolean().default(true),

From e702c6d4047a6baf7ebfb43a3c5486d6411ba7f3 Mon Sep 17 00:00:00 2001
From: Thomas Neirynck <thomas@elastic.co>
Date: Wed, 24 Aug 2016 16:02:54 -0400
Subject: [PATCH 2/2] Improve doc

---
 config/kibana.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/kibana.yml b/config/kibana.yml
index 0da5cdfbab779..6535dcbee6a6a 100644
--- a/config/kibana.yml
+++ b/config/kibana.yml
@@ -1,9 +1,9 @@
 # Kibana is served by a back end server. This setting specifies the port to use.
 # server.port: 5601
 
-# Specifies the public host name to which the Kibana server will bind.
+# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
 # The default is 'localhost', which usually means remote machines will not be able to connect.
-# To allow connections from remote users, set this parameter to IP or the DNS-name of the machine that is running Kibana.
+# To allow connections from remote users, set this parameter to a non-loopback address.
 # server.host: "localhost"
 
 # Enables you to specify a path to mount Kibana at if you are running behind a proxy. This setting