Explicitly block requests to /debug/vars
This commit is contained in:
parent
5a6f2859d8
commit
75e22c58ef
@ -373,11 +373,25 @@ func Start() error {
|
||||
port := config.WebServerPort
|
||||
ip := config.WebServerIP
|
||||
|
||||
// Create a custom mux handler to intercept the /debug/vars endpoint.
|
||||
// This is a hack because Prometheus enables this endpoint by default
|
||||
// due to its use of expvar and we do not want this exposed.
|
||||
h2s := &http2.Server{}
|
||||
defaultMux := h2c.NewHandler(http.DefaultServeMux, h2s)
|
||||
m := http.NewServeMux()
|
||||
m.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.URL.Path == "/debug/vars" {
|
||||
w.WriteHeader(http.StatusNotFound)
|
||||
return
|
||||
} else {
|
||||
defaultMux.ServeHTTP(w, r)
|
||||
}
|
||||
})
|
||||
|
||||
server := &http.Server{
|
||||
Addr: fmt.Sprintf("%s:%d", ip, port),
|
||||
ReadHeaderTimeout: 4 * time.Second,
|
||||
Handler: h2c.NewHandler(http.DefaultServeMux, h2s),
|
||||
Handler: m,
|
||||
}
|
||||
|
||||
log.Infof("Web server is listening on IP %s port %d.", ip, port)
|
||||
|
Loading…
Reference in New Issue
Block a user