We are using elasticsearch 1.7.5 and evaluating searchguard 1.7. We would like to lock down the REST interface using LDAP and allow applications that use the transport interface to be unauthenticated. I tried setting searchguard.transport_auth.enabled: false while also turning on LDAP auth to be used for REST. When my apps make a connection I get a RuntimeException Unauthenticated request (SEARCHGUARD_UNAUTH_REQ) for action that comes from AbstractActionFilter. Is this a bug?