[RADIATOR] Prometheus statistics output

Tarko Tikan tarko at lanparty.ee
Wed Jun 24 15:06:19 UTC 2020


hey,

>> <ServerHTTP>
>>    PageNotFoundHook file:"stats.pl"
>> </ServerHTTP>
> 
> That's an interesting idea. As you mentioned below, ServerHTTP has a 
> number of setting to control login and login privileges. I would check 
> those and possible restrict with host based, and/or, other firewalls the 
> access to port configured for ServerHTTP.

I didn't find any drawbacks after going through the code. We will roll 
with "DefaultPrivilegeLevel 0" and no AuthBy statements at all.

Only downside/issue I found is if you access /login directly and post 
the login form (that creates internal radius request), the whole 
ServerHTTP will stay in a state where every request gets redirected to 
/login (including the PageNotFoundHook). This obviously makes the 
/metrics endpoint useless.

In our case it's not a big issue because ServerHTTP is reachable from 
very limited sources (but includes 127.0.0.1) and it doesn't influence 
the actual radius service. Missing metrics we catch via monitoring 
anyway. So I didn't investigate further.

-- 
tarko


More information about the radiator mailing list