Version: SG FLX
Community

Custom inter-node traffic evaluator

If the provided methods of listing the DNs of node certificates or adding an OID to the certificates does not work for you, you can implement your own class to identify inter-cluster traffic. It must implement the following interface:

com.floragunn.searchguard.transport.InterClusterRequestEvaluator

And provide a single argument constructor that takes a

org.elasticsearch.common.settings.Settings

as argument. For example:

public final class MyInterClusterRequestEvaluator
  implements InterClusterRequestEvaluator {
    
    public MyInterClusterRequestEvaluator(final Settings settings) {
    ...
    }

    @Override
    public boolean isInterClusterRequest(
       TransportRequest request,
       X509Certificate[] localCerts,
       X509Certificate[] peerCerts,
       final String principal) {
       ...
    }
}

Make sure the class is on the classpath, and configure your custom implementation in elasticsearch.yml:

searchguard.cert.intercluster_request_evaluator_class: ...


Not what you were looking for? Try the search.