Hi !
I also use Nginx between the outside world and the Kibana Server;
I am trying to create a granular access control for users. What I want to do is to filter on the request body just like you do so that users only have access to their data or their dashboard. I am having some trouble using Lua (never used this language before). Do any of you two have an example script to retrieve data in the request body and to use an if condition for response (200 or 403).
Something like :
ngx.req.read_body()
local args = ngx.req.get_post_args()
if ($remote_user == "user" and args[1] == dashboard1 then
ngx.status = 403
ngx.say("403 Forbidden: You don't have access to this resource.")
return ngx.exit(403)
end
Thanks !