On Monday, 30 November 2020 at 05:43:10 UTC Selvam Elangovan wrote: > however we could still access the endpoint 9100 withhost name in > webbrowser. >
Certainly. node_exporter acts either as a HTTP endpoint or a HTTPS endpoint, depending on whether you've enabled TLS on it or not, and therefore *can* be accessed from a browser. When connecting from a browser, you'd use either http://example.com:9100/ or https://example.com:9100/ depending on how you configured node_exporter. Only one of these will work. > > I understand that Strict-Transport-Security is used on web server to > redirect the http to https by inserting that information in header so that > the client connect using https instead of http. > But if you've configured node_exporter as a HTTP server, there's no HTTPS service to redirect *to*. node_exporter only does one or the other. How I can justify this with security scanner? > By documenting this as a false positive in your analysis of the scanner report. -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/e25b2a56-52f8-4afa-b572-9b955a965690n%40googlegroups.com.
