Skip to content

Request Filtering for forwarding

By default, the Gateway is configured to forward every requests to Elasticsearch. It uses a punchlet which accept every requests.

The configuration file of the gateway can be modified to forbid some requests with another punchlet.

Configuration

  • enabled: Boolean

    Enable forwarding feature

  • punchlet: String

    Protocol and path to the punchlet Two protocols are supported :

    file:// : to get punchlet from filesystem

    ppresource:// : to get punchlet from Punch resources manager

  • reload: String

    Cron to schedule punchlet refresh

  • allow_if_missing: Boolean (default : false)

    Allow or forbid all forwarding requests

Example

forwarding:
  enabled: true
  punchlet: ppresource://punchlet/forwarding.punchlet
  reload : "0 * * * * *"

Requirements

Input sent to the punchlet

The punchlet configured receives some request informations :

{
    "request": {
        "headers": {
            "host": "localhost:4242",
            "connection": "keep-alive",
            "cache-control": "no-cache",
            "accept-encoding": "gzip, deflate, br",
            "user-agent": "PostmanRuntime/7.24.1",
        },
        "method": "GET",
        "url": "/v1/mytenant/es/es_search/my_index*"
    },
    "tenant": "mytenant"
}

  • request.headers:

    Map containing all request headers

  • request.method:

    HTTP Method of the request

  • request.url:

    URL of the request

  • tenant:

    Tenant name

Returned data

The punchlet has to return at least two fields :

  • allow: Boolean

    Request will be forwarded or not

  • reason: String : "Forbidden request"

    Reason why the request has been forbidden.

Example
{
  // Our punchlet intelligence
  ...

  // Our result
  [allow] = false;
  [reason] = "Wildcard in url"
}