Closed vdtoorn closed 1 year ago
Precisely what page are you referring to?
I'm referring to the https://my_url/metrics page
OK, thanks for the clarification -- it's the page with data used by prometheus monitoring. There's currently no way to disable that page, which comes from our prometheus monitoring support. I've created an issue
https://github.com/sagemathinc/cocalc/issues/6095
to make it something that is disabled by default, and can optionally be enabled by an admin. It should really just be off by default. I'll close this issue here when the above issue is fixed and a new version of cocalc-docker with it merged is available.
Thanks for reporting this.
Great, thanks for the fast response!
Now fixed! Go here to see the new default: https://cocalc.sagemath.org/metrics
Impressive speed! Op 1 sep. 2022 22:15 schreef William Stein @.***>: Now fixed! Go here to see the new default: https://cocalc.sagemath.org/metrics
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: @.***>
The institution I work in alerted me to the fact that you can see the 'metrics' page as a security concern, because hackers may use it as a starting point for further research. They reference:
https://hackerone.com/reports/1026196
as relevant to this alert.
Is it possible to switch off the metrics page in Cocalc docker?