Restrict access of elasticsearch

I built a simple web interface with a search box where users can type quires. However I want to block users from seeing or accessing directly to port 9200 which ES listens to, so no user can retrieve information from ES without going through the interface, nor can modify the index in any way, through the interface or not. Right now when I type localhost:9200 or, I can see the entire ES indices (http://localhost:9200/_cat/indices?v). Any suggestion on how to do it? Thanks.

You can either proxy it with nginx/apache, or build some restriction stuff into your app.
Or you can use Shield, which is a commercial plugin we have released.