DEV Community

Cover image for Ensure services like Elasticsearch are not accessible from outside using Postman monitoring
Romain Norberg
Romain Norberg

Posted on

Ensure services like Elasticsearch are not accessible from outside using Postman monitoring

You will find below a technique to receive alerts if one of your services is exposed by mistake on the internet. It is a solution among many others, it has the merit of being quickly implemented and at lower cost.

Obviously it's strongly advised to trust a system administrator or to check the security section of documentation of the implemented services.


In this example we'll take ElasticSearch. By default the service is not be accessed from outside but if we are wrong in the configuration it's quite easy for your data to be exposed.

For example, anyone can do this request:

curl -X GET "<your-webserver-url-or-ip>:9200/?pretty"

  "name" : "elastic-server",
  "cluster_name" : "my_cluster",
  "cluster_uuid" : "nabrNvU7S9uPhU5SYiEEjg",
  "version" : {
    "number" : "7.7.0",
    "build_flavor" : "default",
  "tagline" : "You Know, for Search"

... and fetchs all your data easily


Postman is a collaboration platform for API development. Postman's features simplify each step of building an API and streamline collaboration so you can create better APIs—faster. (API Client, Automated Testing, Design & Mock and more)

Postman (fresh install)
Alt Text


Create collection

Create a new collection named "Monitoring"
Alt Text

Create and save new request

By clicking on the [+] button, create a new request with GET method and url:
Alt Text

Save request to Monitoring collection
Alt Text

Add test(s)

Add following code to "Test" tab:

pm.sendRequest("http://<your-webserver-url-or-ip>:9200/", function (err) {

Alt Text

Click "Send" button to run your request. If the test is ✅ green it's ok but if it's 🔴 red there is a problem.

In the case where the test fail, your server has responded to the request or hasn't refused the connection.

Change the code like below, run, and open the Postman console (view> show Postman Console) to see the result:

pm.sendRequest("http://<your-webserver-url-or-ip>:9200/", function (err, reponse) {

Here a failing test with my local ElasticSearch server running and exposed locally on port 9209

Alt Text

Configure Monitoring

Postman API Monitoring allows you to review your API responses, availability, and performance with each run so you can ensure that your API is always healthy.

More: (and documentation:

Add new Monitoring
Alt Text

Select "Use collection from this workspace", select our collection "Monitoring" and click "Next"
Alt Text

Give a name to your Monitor and configure (Schedule, Environment, ...)
Alt Text

On this tab, click on "Show additional preferences" and check to receive email notifications for run failures and errors. Add 1 or more emails. And click "Create"
Alt Text

And voila! 🎉 Your Monitor is up and running

Web dashboard

By clicking on the '>' button of our new Collection, you have access to the "Monitor" tab
Alt Text

Click on your new Monitor in the list below tabs to open web dashboard

After several hours, or days (it all depends on the chosen schedule), you will have the test results and the performance details

Alt Text

I hope you found this tutorial useful or helped you learn more about Postman

Don't hesitate to send me your comments or tips. As indicated above it's an easy solution to implement but it should not be the only one on your server or IT infrastructure.

Discussion (0)