Skip to content

Request Filtering for forwarding

By default, the Gateway is configured to forward every requests to Elasticsearch. It uses a punchlet which accept every requests.

The configuration file of the gateway can be modified to forbid some requests with another punchlet.


  • enabled: Boolean

    Enable forwarding feature

  • punchlet: String

    Protocol and path to the punchlet Two protocols are supported :

    file:// : to get punchlet from filesystem

    ppresource:// : to get punchlet from Punch resources manager

  • reload: String

    Cron to schedule punchlet refresh

  • allow_if_missing: Boolean (default : false)

    Allow or forbid all forwarding requests


  enabled: true
  punchlet: ppresource://punchlet/forwarding.punchlet
  reload : "0 * * * * *"


Input sent to the punchlet

The punchlet configured receives some request informations :

    "request": {
        "headers": {
            "host": "localhost:4242",
            "connection": "keep-alive",
            "cache-control": "no-cache",
            "accept-encoding": "gzip, deflate, br",
            "user-agent": "PostmanRuntime/7.24.1",
        "method": "GET",
        "url": "/v1/mytenant/es/es_search/my_index*"
    "tenant": "mytenant",
    "metrics": {
        "node" : {
            "localhost:9200": {
        "shard": {
            "localhost:9200": {

  • request.headers:

    Map containing all request headers

  • request.method:

    HTTP Method of the request

  • request.url:

    URL of the request

  • tenant:

    Tenant name

  • metrics.node

    Elasticsearch node metrics for each node configured in the gateway configuration file.

  • metrics.shard

    Elasticsearch shard metrics for each node configured in the gateway configuration file.

Returned data

The punchlet has to return at least two fields :

  • allow: Boolean

    Request will be forwarded or not

  • reason: String : "Forbidden request"

    Reason why the request has been forbidden.

  // Our punchlet intelligence

  // Our result
  [allow] = false;
  [reason] = "Wildcard in url"