Limit public access to the dump1090 page only?

I was contemplating embedding my dump1090 radar image in my webpage.
I only want the dump1090 page visible.
As I want it as lightweight as possible, I was thinking of just using the lighttpd itself.

My LAN is X.Y.Z

I've made this so far:
$HTTP["remoteip"] !~ "X.Y.Z\.|127.0.0.1" {
url.access-deny = ( "" )
$HTTP["url"] =~ "^/dump1090/gmap\.html$" {
url.access-deny = ("disable")
}
}
It surely opens up for the LAN, and only allows access to the dump1090/gmap.html
However the gmap.html doesn't show the data, and reports it can't fetch data.
I guess I need to open up for more files, but I'm not really an expert on lighttpd and which files dump1090 uses.

I could get it shown by doing:
$HTTP["remoteip"] !~ "Z.Y.Z\.|127.0.0.1" {
url.access-deny = ( "" )
$HTTP["url"] =~ "/dump1090/" {
url.access-deny = ("disable")
}
}
But is that safe?

I then thought, hey, I'll change the root for non-local to make it prettier:
$HTTP["remoteip"] !~ "X.Y.Z\.|127.0.0.1" {
alias.url += (
"/" => "/usr/share/dump1090-mutability/html/",
"/data" => "/run/dump1090-mutability/"
)
}
But that just gives me problems.

Any ideas on if the first part (limit access) is ok, and how to get the last part (prettyfying it) working?