Perfect. you are spot on. Thanks for your inputs. It helps us. Thanks & Regards, Selvam E.
On Tue, 24 Nov 2020, 23:00 [email protected], <[email protected]> wrote: > I'm guessing what's happened is: > 1. You've run an (unnamed) security scanner against node_exporter > 2. The scanner has come back with this message, telling you that > node_exporter should return an STS header. > > I'm saying that the scanner's conclusion is wrong. > > Firstly, node_exporter isn't a web server, and you don't connect to it > with a web browser. > > Secondly, I don't know how you have configured node_exporter, but it can > either serve HTTP (default) or HTTPS (*), on one port that you select. STS > only makes sense for a website which has both HTTP and HTTPS endpoints, > usually on the standard ports 80 and 443. It tells the browser always to > select the HTTPS endpoint, and to remember this fact. > > node_exporter only provides one or the other, so (1) STS is meaningless, > and (2) this is not a vulnerability in node_exporter. > > If you've configured node_exporter on HTTP, then there's no HTTPS port for > STS to prefer. If you've configured node_exporter on HTTPS (and of course > configured prometheus to scrape it on HTTPS), then there's no HTTP port for > STS to stop you using. > > Regards, > > Brian. > > (*) TLS is available in node_exporter 1.0.0+: you need to set --web.config > to point to a file which contains the tlsConfig settings. See > https://github.com/prometheus/node_exporter#tls-endpoint > > A sample web.config file would look like this: > > tlsConfig: > tlsCertPath: /etc/prometheus/ssl/prom_node_cert.pem > tlsKeyPath: /etc/prometheus/ssl/prom_node_key.pem > > -- > You received this message because you are subscribed to the Google Groups > "Prometheus Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/prometheus-users/d9292b98-2cda-418f-a06d-da946c08a39fn%40googlegroups.com > <https://groups.google.com/d/msgid/prometheus-users/d9292b98-2cda-418f-a06d-da946c08a39fn%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/CAKhb3rvGjapt-_a%2Bc2f9zEXUcEcmTg4gQOV6iEocLEVHQ%2BNugw%40mail.gmail.com.
