URL Drilldown global allow-list user docs (#88574)

* docs: ✏️ improve disalbe url drillown text * docs: ✏️ add external URL service docs to URL drilldown * docs: ✏️ typo * docs: update docs
2021-01-18 17:38:35 +01:00 · 2021-01-18 17:38:35 +01:00 · b4820a7f79
parent 898385c2e2
commit b4820a7f79
1 changed files with 17 additions and 1 deletions
--- a/docs/user/dashboard/drilldowns.asciidoc
+++ b/docs/user/dashboard/drilldowns.asciidoc
@ -50,13 +50,29 @@ The <<url-template-variables,variables>> you use to create a <<url_templating-la

 For example, *Single click* has `{{event.value}}` and *Range selection* has `{{event.from}}` and `{{event.to}}`.

-To disable URL drilldowns on your {kib} instance, disable the plugin:
+To disable URL drilldowns on your {kib} instance, add the following line to `kibana.yml` config file:

 ["source","yml"]
 -----------
 url_drilldown.enabled: false
 -----------

+URL drilldown also respects the global *External URL* service, which can be used to deny/allow external URLs.
+By default all external URLs are allowed. To configure external URL policies you need to use `externalUrl.policy` setting in `kibana.yml`, for example:
+
+["source","yml"]
+-----------
+externalUrl.policy:
+  - allow: false
+    host: danger.example.com
+  - allow: true
+    host: example.com
+    protocol: https
+-----------
+
+The above rules allow external URLs only to `example.com` domain with `https` scheme, except for `danger.example.com` sub-domain,
+which is denied even when `https` scheme is used.
+
 [float]
 [[dashboard-drilldown-supported-panels]]
 === Supported panels