Grot (@grafanabot)
d335b326e8
Update cascading front matter to use sequence form (#67094)
* Update cascading front matter to use sequence form
The map form does not override the sequence form that is used in the website repository to specify the default labels.
For more information, refer to https://github.com/grafana/writers-toolkit/pull/234.
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Remove useless alias
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Update labels for pages noted in code review
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Move all product labeling to the project index file
All changes can be made in a single place.
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Move all individual page product labels to project index file
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Shorten YAML
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Add newlines to aid readability
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Document front matter ordering
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Rewrite labels for breaking-changes pages
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* updated labels for whats new and breaking changes
---------
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: Isabel <76437239+imatwawana@users.noreply.github.com>
(cherry picked from commit f29b058927)
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
2.1 KiB
aliases, description, title, weight
| aliases | description | title | weight | |
|---|---|---|---|---|
|
Request security enables you to limit requests from the Grafana server by targeting requests generated by users, such as data source metric queries and alert notifications. | Configure request security | 1100 |
Configure request security
Request security allows you to limit requests from the Grafana server by targeting requests generated by users, such as data source metric queries and alert notifications.
This can be used to limit access to internal systems that the server Grafana runs on can access but that users of Grafana should not be able to access. This feature does not affect traffic from the Grafana users browser.
{{% admonition type="note" %}} Available in [Grafana Enterprise]({{< relref "../../introduction/grafana-enterprise" >}}) version 7.4 and later, and Grafana Cloud Pro and Advanced. {{% /admonition %}}
{{% admonition type="note" %}} Although request security works with backend plugins, you can create a backend plugin that bypasses this security. {{% /admonition %}}
IP and hostname blocking
You can limit requests based on a hostname, an IP address, or both.
Deny list
Grafana blocks any request to a hostname or IP address on the deny list.
Allow list
If there is at least one entry on the list, then any request to a hostname or IP address not on the list is denied.
For example:
[security.egress]
# A list of hostnames or IP addresses separated by spaces for which requests are blocked.
host_deny_list = supersecret.internal 192.168.1.10
# a list of hostnames or IP addresses separated by spaces for which requests will be allowed, all other requests will be blocked
host_allow_list = prometheus.internal
Drop headers and cookies
You can set a list of cookies or headers that are to be dropped from outgoing requests.
Example:
[security.egress]
# a list of headers that will be stripped from outgoing datasource and alerting requests
header_drop_list = user
# a list of cookies that will be stripped from outgoing datasource requests (case sensitive)
cookie_drop_list = session_id