williamstein
commented
1 year ago Precisely what page are you referring to?
Closed vdtoorn closed 1 year ago
williamstein
commented
1 year ago Precisely what page are you referring to?
vdtoorn
commented
1 year ago I'm referring to the https://my_url/metrics page
williamstein
commented
1 year ago OK, thanks for the clarification -- it's the page with data used by prometheus monitoring. There's currently no way to disable that page, which comes from our prometheus monitoring support. I've created an issue
https://github.com/sagemathinc/cocalc/issues/6095
to make it something that is disabled by default, and can optionally be enabled by an admin. It should really just be off by default. I'll close this issue here when the above issue is fixed and a new version of cocalc-docker with it merged is available.
Thanks for reporting this.
vdtoorn
commented
1 year ago Great, thanks for the fast response!
williamstein
commented
1 year ago Now fixed! Go here to see the new default: https://cocalc.sagemath.org/metrics
vdtoorn
commented
1 year ago Impressive speed! Op 1 sep. 2022 22:15 schreef William Stein @.***>: Now fixed! Go here to see the new default: https://cocalc.sagemath.org/metrics
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: @.***>
The institution I work in alerted me to the fact that you can see the 'metrics' page as a security concern, because hackers may use it as a starting point for further research. They reference:
https://hackerone.com/reports/1026196
as relevant to this alert.
Is it possible to switch off the metrics page in Cocalc docker?