LogalDeveloper/owncast
LogalDeveloper/owncast
0
Fork 0
Code

Explicitly block requests to /debug/vars

Browse Source
This commit is contained in:
Gabe Kangas 2022-12-09 14:10:08 -08:00
parent 5a6f2859d8
commit 75e22c58ef
No known key found for this signature in database
GPG Key ID: 4345B2060657F330
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
router/router.go
View File

@ -373,11 +373,25 @@ func Start() error {
port := config.WebServerPort port := config.WebServerPort
ip := config.WebServerIP ip := config.WebServerIP
// Create a custom mux handler to intercept the /debug/vars endpoint.
// This is a hack because Prometheus enables this endpoint by default
// due to its use of expvar and we do not want this exposed.
h2s := &http2.Server{} h2s := &http2.Server{}
defaultMux := h2c.NewHandler(http.DefaultServeMux, h2s)
m := http.NewServeMux()
m.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path == "/debug/vars" {
w.WriteHeader(http.StatusNotFound)
return
} else {
defaultMux.ServeHTTP(w, r)
}
})
server := &http.Server{ server := &http.Server{
Addr: fmt.Sprintf("%s:%d", ip, port), Addr: fmt.Sprintf("%s:%d", ip, port),
ReadHeaderTimeout: 4 * time.Second, ReadHeaderTimeout: 4 * time.Second,
Handler: h2c.NewHandler(http.DefaultServeMux, h2s), Handler: m,
} }
log.Infof("Web server is listening on IP %s port %d.", ip, port) log.Infof("Web server is listening on IP %s port %d.", ip, port)