Thanks for the quick response and clarification! On Mon, Nov 30, 2020 at 2:01 PM [email protected] <[email protected]> wrote:
> On Monday, 30 November 2020 at 05:43:10 UTC Selvam Elangovan wrote: > >> however we could still access the endpoint 9100 withhost name in >> webbrowser. >> > > Certainly. node_exporter acts either as a HTTP endpoint or a HTTPS > endpoint, depending on whether you've enabled TLS on it or not, and > therefore *can* be accessed from a browser. > > When connecting from a browser, you'd use either http://example.com:9100/ > or https://example.com:9100/ depending on how you configured > node_exporter. Only one of these will work. > > >> >> I understand that Strict-Transport-Security is used on web server to >> redirect the http to https by inserting that information in header so that >> the client connect using https instead of http. >> > > But if you've configured node_exporter as a HTTP server, there's no HTTPS > service to redirect *to*. node_exporter only does one or the other. > > How I can justify this with security scanner? >> > > By documenting this as a false positive in your analysis of the scanner > report. > > -- > You received this message because you are subscribed to the Google Groups > "Prometheus Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/prometheus-users/e25b2a56-52f8-4afa-b572-9b955a965690n%40googlegroups.com > <https://groups.google.com/d/msgid/prometheus-users/e25b2a56-52f8-4afa-b572-9b955a965690n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/CAKhb3rtiZgDu1FVqDJ9GsDzKVuMr-HnDTW10SQ5X_tg5An8e9A%40mail.gmail.com.
