Skip to content

Request Filtering for forwarding

By default, the Gateway is configured to forward every requests to Elasticsearch. It uses a punchlet which accept every requests.

The configuration file of the gateway can be modified to forbid some requests with another punchlet.

Configure an another punchlet

In the gateway configuration file, you can modify default punchlet path to another one.

1
2
3
4
forwarding:
  enabled: true
  punchlet:
    url: "file://PATH_TO_YOUR_PUNCHLET"

Requirements

Input sent to the punchlet

The punchlet configured receives some request informations :

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
{
    "request": {
        "headers": {
            "host": "localhost:4242",
            "connection": "keep-alive",
            "cache-control": "no-cache",
            "accept-encoding": "gzip, deflate, br",
            "user-agent": "PostmanRuntime/7.24.1",
        },
        "method": "GET",
        "url": "/v1/mytenant/es/es_search/my_index*"
    },
    "tenant": "mytenant",
    "metrics": {
        "node" : {
            "localhost:9200": {
                ...
            }
        },
        "shard": {
            "localhost:9200": {
                ...
            }
        }
    }
}
  • request.headers:

    Map containing all request headers

  • request.method:

    HTTP Method of the request

  • request.url:

    URL of the request

  • tenant:

    Tenant name

  • metrics.node

    Elasticsearch node metrics for each node configured in the gateway configuration file.

  • metrics.shard

    Elasticsearch shard metrics for each node configured in the gateway configuration file.

Returned data

The punchlet has to return at least two fields :

  • allow: Boolean

    Request will be forwarded or not

  • reason: String : "Forbidden request"

    Reason why the request has been forbidden.

Example
1
2
3
4
5
6
7
8
{
  // Our punchlet intelligence
  ...

  // Our result
  [allow] = false;
  [reason] = "Wildcard in url"
}