I’m working with the raw HTTP input (Graylog 6.1.5) to test it as a webhook receiver from an application. The input does work, I’m able to send to http://graylog-server:9876/raw and see the message appear.
I’d like to try to force the authorization header to be used as well so that there’s at least something that prevents anyone on site from sending to it. I set the authorization header to: ‘testheader’ and the token to ‘12345’ just to keep it simple. However, whether or not I use the -H option to curl, the message still appears in graylog.
Is it putting something in the authorization header field supposed to prevent that?