This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alexander_Wilke
Advisor
‎2024-03-24 04:44 AM

Custom http Header for Export and HTTPS without authentication (Grafana Mimir Prometheus)

Hello,

I deployed Grafana Mimir which is a scalable Prometheus solution with multi Tenancy Support .

 

To send metrics via Skyline to Mimir in Prometheus Format I have 2 Features I need.

 

1. TLS encrypted Connection but without any authentication. No Basic auth, No Client cert. Only unautheticated but TLS encrypted Traffic.

2. I need to add at least one Custom Header named "X-Scope-OrgId" which is the Indikator for Grafana Mimir to Route These metrics to the correct tenant.

 

https://grafana.com/docs/mimir/latest/manage/secure/authentication-and-authorization/

 

At the moment I send all Skyline metrics to a Prometheus Server and then do remote_write to Grafana Mimir encrypted, without authentication and I add my Custom X-Scope-OrgId http Header.

 

 

Is it possible with the latest Version to add a http Header and If yes how to do it?

 

Same for TLS without any authentication.

 

Regards

 

 

 

 

0 Kudos
5 Replies
Elad_Chomsky
Employee
Employee
‎2024-03-24 11:14 AM

Hi @Alexander_Wilke ,

You can use the following payload template to use a custom header instead of basic authentication. 

{
  "enabled": true,
  "export-targets": {
    "add/remove": [
      {
        "client-auth": {
          "token": {
            "custom-header": {
              "key": "Header",
              "value": "Value"
            }
          }
        },
        "enabled": false,
        "server-auth": {
          "ca-public-key": {
            "type": "PEM-X509",
            "value": "-----BEGIN CERTIFICATE-----BASE64TEXTHERE-----END CERTIFICATE-----"
          }
        },
        "type": "prometheus-remote-write",
        "url": "https://example.com/api/v1/write"
      }
    ]
  }
}

 

0 Kudos
Alexander_Wilke
Advisor
‎2024-03-24 11:53 PM
In response to Elad_Chomsky

Hello @Elad_Chomsky ,

thanks you for your reply. I will give this a try. As an additional question, can this payload be extended bei Basic_Auth username and password? So Username/Password (BasicAuth), TLS and Custom-Header?

0 Kudos
Elad_Chomsky
Employee
Employee
‎2024-03-25 02:24 AM
In response to Alexander_Wilke

Hi @Alexander_Wilke , 

For now it is an exclusive list - so it is only possible to use one, you can open an official RFE request for CheckPoint, and we will try to see how we include it as part of our roadmap. 

0 Kudos
ww1m6
Explorer
‎2024-08-05 02:29 AM
In response to Alexander_Wilke

Did it work ? 

0 Kudos
Alexander_Wilke
Advisor
‎2024-09-15 11:35 PM
In response to ww1m6

No, it did not work for me.

 

I need "Basic Auth" + "TLS" + "Custom Headers" (for Grafana Mimir as Prometheus replacement.). Or best option would be to do a variation of these options. Basic Auth (on/off), TLS (on/off/verify/skip_tls_verify), "Custom Header(s) / Custom values" e.g. (X-Scope-OrgID:"tenant01|tenant02"

 

And as @Elad_Chomsky said it is exclusive - basic auth OR custom header - however it does not seem to work in the needed combination.

 

I asked my Presales to open an RfE for that but not sure if he did already and which progress the RfE has.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events