Kiu/VictoriaMetrics
Kiu/VictoriaMetrics
1
0
Fork 0
mirror of https://github.com/VictoriaMetrics/VictoriaMetrics.git synced 2024-12-15 00:13:30 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

docs: rm mention of default values for security HTTP headers

Browse Source 
The headers, their corresponding flags are mentioned at
https://docs.victoriametrics.com/#security

Signed-off-by: hagen1778 <roman@victoriametrics.com>
(cherry picked from commit a64b37cf24)
This commit is contained in:
hagen1778 2023-10-30 11:46:17 +01:00
parent ed8fc04898
commit 14b1997659
No known key found for this signature in database
GPG Key ID: 3BF75F3741CA9640
1 changed files with 0 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/Cluster-VictoriaMetrics.md
View File

@ -271,7 +271,6 @@ General security recommendations:
- It is recommended using distinct auth tokens for distinct [tenants](#multitenancy) in order to reduce potential damage in case of compromised auth token for some tenants. - It is recommended using distinct auth tokens for distinct [tenants](#multitenancy) in order to reduce potential damage in case of compromised auth token for some tenants.
- Prefer using lists of allowed [API endpoints](#url-format), while disallowing access to other endpoints when configuring auth proxy in front of `vminsert` and `vmselect`. - Prefer using lists of allowed [API endpoints](#url-format), while disallowing access to other endpoints when configuring auth proxy in front of `vminsert` and `vmselect`.
This minimizes attack surface. This minimizes attack surface.
- All http-serving components also respond with reasonable default headers for HSTS, CSP and Frame-Options, configurable with flags.
See also [security recommendation for single-node VictoriaMetrics](https://docs.victoriametrics.com/#security) See also [security recommendation for single-node VictoriaMetrics](https://docs.victoriametrics.com/#security)
and [the general security page at VictoriaMetrics website](https://victoriametrics.com/security/). and [the general security page at VictoriaMetrics website](https://victoriametrics.com/security/).