[[modules-http]] == HTTP The http module allows to expose *elasticsearch* APIs over HTTP. The http mechanism is completely asynchronous in nature, meaning that there is no blocking thread waiting for a response. The benefit of using asynchronous communication for HTTP is solving the http://en.wikipedia.org/wiki/C10k_problem[C10k problem]. When possible, consider using http://en.wikipedia.org/wiki/Keepalive#HTTP_Keepalive[HTTP keep alive] when connecting for better performance and try to get your favorite client not to do http://en.wikipedia.org/wiki/Chunked_transfer_encoding[HTTP chunking]. [float] === Settings The following are the settings that can be configured for HTTP: [cols="<,<",options="header",] |======================================================================= |Setting |Description |`http.port` |A bind port range. Defaults to `9200-9300`. |`http.max_content_length` |The max content of an HTTP request. Defaults to `100mb` |`http.max_initial_line_length` |The max length of an HTTP URL. Defaults to `4kb` |`http.compression` |Support for compression when possible (with Accept-Encoding). Defaults to `false`. |`http.compression_level` |Defines the compression level to use. Defaults to `6`. |`http.cors.enabled` |Enable or disable cross-origin resource sharing, i.e. whether a browser on another origin can do requests to Elasticsearch. Defaults to `true`. |`http.cors.allow-origin` |Which origins to allow. Defaults to `*`, i.e. any origin. If you prepend and append a `/` to the value, this will be treated as a regular expression, allowing you to support HTTP and HTTPs. for example using `/https?:\/\/localhost(:[0-9]+)?/` would return the request header appropriately in both cases. |`http.cors.max-age` |Browsers send a "preflight" OPTIONS-request to determine CORS settings. `max-age` defines how long the result should be cached for. Defaults to `1728000` (20 days) |`http.cors.allow-methods` |Which methods to allow. Defaults to `OPTIONS, HEAD, GET, POST, PUT, DELETE`. |`http.cors.allow-headers` |Which headers to allow. Defaults to `X-Requested-With, Content-Type, Content-Length`. |`http.cors.allow-credentials` | Whether the `Access-Control-Allow-Credentials` header should be returned. Note: This header is only returned, when the setting is set to `true`. Defaults to `false` |======================================================================= It also uses the common <>. [float] === Disable HTTP The http module can be completely disabled and not started by setting `http.enabled` to `false`. This make sense when creating non <> which accept HTTP requests, and communicate with data nodes using the internal <>.