Request security

    Request security makes it possible to limit requests from the Grafana server, and it targets requests that are generated by users.

    For example:

    • Data source metric queries
    • Alert notifications

    Note: Although request security works with backend plugins, you can create a backend plugin that bypasses this security.

    You can limit requests based on a hostname, an IP address, or both.

    Allow list

    If there is at least one entry on the list, then any request to a hostname or IP address not on the list is denied.

    For example:

    Drop headers and cookies

    Example: