How do you disable the REST API endpoint services/...

jtiner · ‎06-28-2016

Here's the deal. When you do a curl for the endpoint services/server/info on a search head, it includes information like the license key and it doesn't require any auth. no token, no user:pass, nothing.

All other endpoints require auth, but not the info one. I would like to disable or at least mask certain fields, but I can't see any where in the docs where it is even mentioned other than a description of the endpoint.

dominiquevocat · ‎11-14-2016

Have a look at https://docs.splunk.com/Documentation/Splunk/6.5.0/Admin/Restmapconf

asriv11 · ‎12-10-2017

Hi,

I am experiencing the same issue, can you let me know where I need to put restriction in RestMapconf so that the server-info endpoint is not accessible

andrewaalin · ‎10-31-2019

[admin:server-info]
requireAuthentication = true

[admin:server-info-alias]
requireAuthentication = true

How do you disable the REST API endpoint services/server/info?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Splunk Community Badges!

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

Join the Conversation