2022-05-26 10:06:25 -05:00
---
aliases:
2022-12-09 10:36:04 -06:00
- ../../enterprise/request-security/
2022-06-02 11:57:22 -05:00
description: Request security enables you to limit requests from the Grafana server
by targeting requests generated by users, such as data source metric queries and
alert notifications.
Explicitly set all front matter labels in the source files (#71548)
* Set every page to have defaults of 'Enterprise' and 'Open source' labels
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set administration pages to have of 'Cloud', 'Enterprise', and 'Open source' labels
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set administration/enterprise-licensing pages to have 'Enterprise' labels
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set administration/organization-management pages to have 'Enterprise' and 'Open source' labels
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set administration/provisioning pages to have 'Enterprise' and 'Open source' labels
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set administration/recorded-queries pages to have labels cloud,enterprise
* Set administration/roles-and-permissions/access-control pages to have labels cloud,enterprise
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set administration/stats-and-license pages to have labels cloud,enterprise
* Set alerting pages to have labels cloud,enterprise,oss
* Set breaking-changes pages to have labels cloud,enterprise,oss
* Set dashboards pages to have labels cloud,enterprise,oss
* Set datasources pages to have labels cloud,enterprise,oss
* Set explore pages to have labels cloud,enterprise,oss
* Set fundamentals pages to have labels cloud,enterprise,oss
* Set introduction/grafana-cloud pages to have labels cloud
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Fix introduction pages products
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set panels-visualizations pages to have labels cloud,enterprise,oss
* Set release-notes pages to have labels cloud,enterprise,oss
* Set search pages to have labels cloud,enterprise,oss
* Set setup-grafana/configure-security/audit-grafana pages to have labels cloud,enterprise
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set setup-grafana/configure-security/configure-authentication pages to have labels cloud,enterprise,oss
* Set setup-grafana/configure-security/configure-authentication/enhanced-ldap pages to have labels cloud,enterprise
* Set setup-grafana/configure-security/configure-authentication/saml pages to have labels cloud,enterprise
* Set setup-grafana/configure-security/configure-database-encryption/encrypt-secrets-using-hashicorp-key-vault pages to have labels cloud,enterprise
* Set setup-grafana/configure-security/configure-request-security pages to have labels cloud,enterprise,oss
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set setup-grafana/configure-security/configure-team-sync pages to have labels cloud,enterprise
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set setup-grafana/configure-security/export-logs pages to have labels cloud,enterprise
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set troubleshooting pages to have labels cloud,enterprise,oss
* Set whatsnew pages to have labels cloud,enterprise,oss
* Apply updated labels from review
Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com>
Co-authored-by: Isabel <76437239+imatwawana@users.noreply.github.com>
---------
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com>
Co-authored-by: Isabel <76437239+imatwawana@users.noreply.github.com>
2023-07-18 03:10:12 -05:00
labels:
products:
- cloud
- enterprise
- oss
2022-06-02 11:57:22 -05:00
title: Configure request security
weight: 1100
2022-05-26 10:06:25 -05:00
---
2021-02-10 08:01:18 -06:00
2022-06-02 11:57:22 -05:00
# Configure request security
2021-02-10 08:01:18 -06:00
2022-05-25 14:31:49 -05:00
Request security allows you to limit requests from the Grafana server by targeting requests generated by users, such as data source metric queries and alert notifications.
2021-02-10 08:01:18 -06:00
This can be used to limit access to internal systems that the server Grafana runs on can access but that users of Grafana should not be able to access. This feature does not affect traffic from the Grafana users browser.
2023-05-22 15:45:28 -05:00
{{% admonition type="note" %}}
Available in [Grafana Enterprise ]({{< relref "../../introduction/grafana-enterprise" >}} ) version 7.4 and later, and [Grafana Cloud Pro and Advanced ](/docs/grafana-cloud/ ).
{{% /admonition %}}
2022-05-25 14:31:49 -05:00
2023-05-22 15:45:28 -05:00
{{% admonition type="note" %}}
Although request security works with backend plugins, you can create a backend plugin that bypasses this security.
{{% /admonition %}}
2021-02-10 08:01:18 -06:00
## IP and hostname blocking
You can limit requests based on a hostname, an IP address, or both.
### Deny list
Grafana blocks any request to a hostname or IP address on the deny list.
### Allow list
If there is at least one entry on the list, then any request to a hostname or IP address not on the list is denied.
For example:
```toml
[security.egress]
# A list of hostnames or IP addresses separated by spaces for which requests are blocked.
host_deny_list = supersecret.internal 192.168.1.10
# a list of hostnames or IP addresses separated by spaces for which requests will be allowed, all other requests will be blocked
host_allow_list = prometheus.internal
```
## Drop headers and cookies
You can set a list of cookies or headers that are to be dropped from outgoing requests.
Example:
```toml
[security.egress]
# a list of headers that will be stripped from outgoing datasource and alerting requests
header_drop_list = user
# a list of cookies that will be stripped from outgoing datasource requests (case sensitive)
cookie_drop_list = session_id
```
