Add in the proxy part the ability to specify which networks (or servers) can request the proxy.
This allows you to define two roles:
pollers: The pollers, generally the prometheus hosts, can scrap target trhorigh the proxy.
targets.: they can only register on the proxy and respond to requests from it.
The feature makes it possible to fill the security hole which allows in the current version two neighboring hosts, even if they cannot communicate directly, to obtain metrics from each other or the list of all hosts known by the proxy.
To enable the feature; add in the command line interface of the pushprox_proxy:
--scrape.pollers-ip 'ipV4/32,netV4#2/net,...
example: start pushproxy proxy and client on same server:
proxy listen on every IP on port 8080 (default), polling only authorized through loopback
client accessible through fqdn "localhost" connected to proxy on server ip (192.168.0.196:8080)
Add in the proxy part the ability to specify which networks (or servers) can request the proxy. This allows you to define two roles:
The feature makes it possible to fill the security hole which allows in the current version two neighboring hosts, even if they cannot communicate directly, to obtain metrics from each other or the list of all hosts known by the proxy.
To enable the feature; add in the command line interface of the pushprox_proxy:
example: start pushproxy proxy and client on same server:
Try to scrap an exporter listening on port 9321 on same server through server ip: reply "403 Forbidden" and in body "Not an authorized poller"
try to scrap httpapi_exporter through loopback ip :
Add the feature to query if a specified fqdn can be found the the fqdn list of knwown hosts two cases:
e.g.: poller role is not defined.
look for fqdn "localhost":
poller role is defined ( 127.0.0.1:8080 only )