Kibana 4.1.2 Blocking Post and Put requests


I'm trying to design some Kibana dashboards for my team, but I don't want them editing the dashboard or deleting them.
My Kibana is currently situated behind Nginx and only accessible on localhost. What would happen if Nginx blocked all PUT and POST requests? I could only see those requests being useful to edit dashboards. Am I missing something?

I don't want to use Shield for ... reasons.

Sorry if this is a silly question.

Kind regards,


You could block requests going directly to KB, but not from KB>ES as that'd probably catch queries.

After some experimentation I figured that blocking all POST/PUT requests blocked pretty much everything. To fix this I managed to use NGINX to block URL's with the regexp comparators. Note how the code is extremely dirty (almost disgustingly so) due to NGINX's bad implementation of an if directive.

In Nginx.conf:

if ($request_uri ~ ^/elasticsearch/.kibana/dashboard/.) {
set $test K;
if ($request_uri !~ ^/elasticsearch/.kibana/dashboard/_search.
) {
set $test "${test}K";
if ($test = KK){
return 403;

This blocks all requests to permanently change/delete the dashboard saved on the server, but still allows opening all available ones or temporarily change dashboards to then export/import them.