If you’ve worked with OpenSearch or Elasticsearch and encountered "No 'Basic Authorization' header, send 401 and 'WWW-Authenticate Basic'"
warning in your logs, you’re not alone. This message typically appears when a client makes a request to the cluster but does not include the required Authorization
header. As a result, the server responds with a 401 Unauthorized
status and a WWW-Authenticate
header, signaling the need for basic authentication.
This warning can clutter your logs, especially in development or environments where many unauthenticated requests are being made, such as health checks or misconfigured clients. While harmless in most cases, it’s best to reduce log noise to focus on meaningful warnings or errors.
The Fix: Adjusting Log Levels
To suppress this warning, you can adjust the logging level for the relevant logger. The org.opensearch.security.http
logger handles these warnings. By setting its level to ERROR
, you can ensure that only more critical issues are logged. Here’s how to do it:
PUT /_cluster/settings
{
"persistent": {
"logger": {
"org.opensearch.security.http": "ERROR"
}
}
}
- Endpoint: The
/_cluster/settings
endpoint is used to modify cluster-wide settings. - Persistent Settings: Changes under
persistent
remain in effect across restarts. - Logger Configuration: Setting
logger.org
.opensearch.security.http
toERROR
ensures that only errors (and not warnings) from this logger appear in your logs.
WARN
or adjust it further based on your requirements.The post How to Deal with the Warning: “No ‘Basic Authorization’ header, send 401 and ‘WWW-Authenticate Basic’” appeared first on SOC Prime.