Version: 7.x-51.0.0

Custom inter-node traffic evaluator

If the provided methods of listing the DNs of node certificates or adding an OID to the certificates does not work for you, you can implement your own class to identify inter-cluster traffic. It must implement the following interface:


And provide a single argument constructor that takes a


as argument. For example:

public final class MyInterClusterRequestEvaluator
  implements InterClusterRequestEvaluator {
    public MyInterClusterRequestEvaluator(final Settings settings) {

    public boolean isInterClusterRequest(
       TransportRequest request,
       X509Certificate[] localCerts,
       X509Certificate[] peerCerts,
       final String principal) {

Make sure the class is on the classpath, and configure your custom implementation in elasticsearch.yml:

searchguard.cert.intercluster_request_evaluator_class: ...

Not what you were looking for? Try the search.