How to hide the metrics information endpoint (https://dataverse_domain/metrics)
24 views
Skip to first unread message
edwin law
Feb 9, 2026, 4:12:57 AM (yesterday) Feb 9
to Dataverse Users Community
Hi everyone
We found that the endpoint (https://dataverse_domain/metrics) is publicly accessible (see screen captures below) and would like to implement measures to restrict unauthorized access.
Some info. about our Dataverse platform installation:
- Dataverse 6.8
- Red Hat Enterprise 9.7
- Payara Glassfish 6.2025.3
We have tried the method below, but the page is still accessible.
- Use Apache's /var/www/html/.htaccess to deny access
<Location "/metrics">
Order deny, allow
Deny from all
</Location>
Modify the Apache configuration file /etc/httpd/conf/httpd.conf
<Directory /var/www/html>
AllowOverride All
</Directory>
Any solutions and advice? Many thanks.
Best regards
Edwin
Paul Boon
Feb 9, 2026, 10:40:51 AM (22 hours ago) Feb 9
to dataverse...@googlegroups.com
Hi, to avoid confusion, these are the payara metrics and not the Dataverse metrics API.
I just looked into our deployment code and discovered this fragment:
```
I just looked into our deployment code and discovered this fragment:
```
# Do not expose Payara metrics
<Location /metrics>
Require all denied
</Location>
```
Hope this will help
From: dataverse...@googlegroups.com <dataverse...@googlegroups.com> on behalf of edwin law <edwin...@gmail.com>
Sent: Monday, February 9, 2026 10:12 AM
To: Dataverse Users Community <dataverse...@googlegroups.com>
Subject: [Dataverse-Users] How to hide the metrics information endpoint (https://dataverse_domain/metrics)
Sent: Monday, February 9, 2026 10:12 AM
To: Dataverse Users Community <dataverse...@googlegroups.com>
Subject: [Dataverse-Users] How to hide the metrics information endpoint (https://dataverse_domain/metrics)
--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-commu...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/dataverse-community/6c213d92-8b32-4ddf-a35e-5d567c7179fdn%40googlegroups.com.
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-commu...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/dataverse-community/6c213d92-8b32-4ddf-a35e-5d567c7179fdn%40googlegroups.com.
edwin law
12:46 AM (8 hours ago) 12:46 AM
to Dataverse Users Community
Hi Paul
1. The Path & Config file: /etc/http/conf/httpd.conf
Many thanks for sharing your side's setup for hiding the Payara metrics page.
We have tried modifying the configuration files as follows and then restarting the Apache server. However, the metrics page is still accessible. What steps are we missing? Or, can we simply remove that page from the Dataverse application? Thanks.
1. The Path & Config file: /etc/http/conf/httpd.conf
2. The Path & Config file: /etc/http/conf/httpd.conf (for the virtual host setting)
Paul Boon
2:26 AM (7 hours ago) 2:26 AM
to dataverse...@googlegroups.com
Hi Edwin,
The only thing I can see is that we have all our 'rules' in the `<VirtualHost *:443>` block just below the one for port 80.
Otherwise, I cannot help you on this. My knowledge of this Apache httpd configuration is very limited.
But there should be a solution.
Good luck, Paul
From: dataverse...@googlegroups.com <dataverse...@googlegroups.com> on behalf of edwin law <edwin...@gmail.com>
Sent: Tuesday, February 10, 2026 6:46 AM
Subject: Re: [Dataverse-Users] How to hide the metrics information endpoint (https://dataverse_domain/metrics)
To view this discussion visit
https://groups.google.com/d/msgid/dataverse-community/e7f45966-63d6-4a4c-91da-5120cb8e9f75n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages