On Sun, Jan 08, 2023 at 05:54:46PM -0700, Shawn Heisey wrote: > On 1/7/23 09:59, Willy Tarreau wrote: > > Also if you want you can show the IP:ports by adding "stats show-legends" > > in your stats section. However, be aware that it will also show server IP > > addresses, configured stickiness cookies etc. Thus only do this if access > > to your stats page is restricted to authorized users only. > > I have auth configured for my stats URI. It's open to the world other than > that. All the addresses are RFC1918, so they aren't useful unless somebody > manages to exploit a vulnerability on my server.
It's a matter of choice. Most users don't want to reveal their internal addresses. For example some might exploit some weaknesses of some of your servers by prepending an x-forwarded-for showing one of such addresses and being allowed to perform some operations that are normally not allowed from outside. Just an example of course, but you get the idea. > I did configure show-legends, and after finally figuring out how the info > was presented (tooltip), I noticed something: It does not indicate whether > the listener is TCP or UDP. The fact that I have "quic" in the name makes > it easy for me to figure it out, but I do think it should indicate protocol. Interesting, you're right. When the first UDP listeners were added, nobody thought about improving the stats output to mention this. But it seems to me that it would be useful. Maybe we should even try to reproduce the format as present on the "bind" line. That's something we need to have a look at. Willy
