I think you can use the restmap.conf to disable the restapi e.g. with acceptFrom
acceptFrom=<network_acl> ...
* Lists a set of networks or addresses to allow this endpoint to be accessed
from.
* This shouldn't be confused with the setting of the same name in the
[httpServer] stanza of server.conf which controls whether a host can
make HTTP requests at all
* Each rule can be in the following forms:
1. A single IPv4 or IPv6 address (examples: "10.1.2.3", "fe80::4a3")
2. A CIDR block of addresses (examples: "10/8", "fe80:1234/32")
3. A DNS name, possibly with a '*' used as a wildcard (examples:
"myhost.example.com", "*.splunk.com")
4. A single '*' which matches anything
* Entries can also be prefixed with '!' to cause the rule to reject the
connection. Rules are applied in order, and the first one to match is
used. For example, "!10.1/16, *" will allow connections from everywhere
except the 10.1.*.* network.
* Defaults to "*" (accept from anywhere)
Find the docu here: https://docs.splunk.com/Documentation/Splunk/7.2.4/Admin/Restmapconf
Hope this helps!
... View more