Is it possible to run a script prior to data being added to ES?


I'd like any responses to the HTTP request to be dependent on the client's IP address. That is, if the client has an authorized IP, we want the response to be delivered. However, if the IP is not authorized, we'd like there to be no response.

That's where I believe this script would come in. The script would check the header to validate the IP address.

I'm thinking of writing the script in either c# or python.

This is the way I picture the process to work:

  • client makes an HTTP request
  • script validates IP address
  • if valid, response is allowed
  • if not valid, response is suppressed and email alert is sent

My question is: is this possible?

I've been reading through the docs and I'm getting lost amongst the processors, the pipeline, and endpoints. :frowning: I saw a mention that python was deprecated for ES5.0, so maybe using python is out.

Web development is not my strength, so my apologies if this question is nonsensical.

Thank you.

(Mark Walkom) #2

This is usually something that would need to happen before it hits ES.

You could use the Security with Alerting to send the email. Otherwise you can build your own.


Thanks for the reply.
Sounds like it's not possible to do, within ES.

(Wim Van Leuven) #4

Just proxy your elasticsearch cluster with any proxy supporting server like httpd or nginx? Should be a piece of cake...


I am reading about httpd.

If I understand correctly, I can create a custom module for the apache server. As the server is going through it's processing phases, it will run my custom module. When the custom module runs, it determines whether the IP is authorized. It can then decide whether to allow the http reply? Am I understanding that correctly?

The reply part is where I'm having the most difficulty wrapping my head around this task.

I'd like the request to be logged in ES, regardless of whether the IP address is authorized or not.

Thanks for the reply. Much appreciated.

(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.