Reject machine-to-machine traffic using custom metadata ACL rules
Reject machine-to-machine traffic using custom metadata ACL rules
- name: ADMIN_GRP
groups_any_of: [ administrators ]
kibana:
access: admin
index: '.kibana_@{acl:current_group}'
metadata:
rejectBasicAuth: trueasync function customMiddleware(req, res, next) {
const rorRequest = req.rorRequest;
const userRequest = rorRequest && (await req.rorRequest.getUserRequestIdentity());
const metadata = userRequest && userRequest.metadata;
const authorizationHeaders = rorRequest && (await rorRequest.getIdentitySessionHeaders());
const headerAuth = authorizationHeaders && authorizationHeaders.get('authorization');
const isBasicAuth = headerAuth && headerAuth.includes('Basic');
if (metadata && metadata.customMetadata && metadata.customMetadata.rejectBasicAuth && isBasicAuth) {
return res.status(401).json({ message: 'Machine to machine communication is not allowed' });
}
return next();
}
Last updated