Hi Everyone,
I was looking at our Special:Version page, and got to thinking about
api.php [1] and rest.php.[2] I don't believe anyone on our team is
using the APIs, and I would like to disable them to reduce attack
surface. Or disable them on external interfaces (or maybe allow on
localhost/127.0.0.1).
I see api.php can be disabled via $wgEnableAPI.[1] But I don't see a
similar option for rest.php.[2]
I have two questions. First, is it possible to disable api.php and
rest.php in practice? Or restrict them to internal interfaces only?
Second, what option controls rest.php?
And maybe a third question, can we rename api.php and rest.php tosay,
api.php.unused and rest.php.unused? Will that produce ill effects?
Thanks in advance.
[1] https://www.mediawiki.org/wiki/Manual:Api.php
[2] https://www.mediawiki.org/wiki/Manual:Rest.php
_______________________________________________
MediaWiki-l mailing list -- mediawiki-l@lists.wikimedia.org
To unsubscribe send an email to mediawiki-l-leave@lists.wikimedia.org
https://lists.wikimedia.org/postorius/lists/mediawiki-l.lists.wikimedia.org/
I was looking at our Special:Version page, and got to thinking about
api.php [1] and rest.php.[2] I don't believe anyone on our team is
using the APIs, and I would like to disable them to reduce attack
surface. Or disable them on external interfaces (or maybe allow on
localhost/127.0.0.1).
I see api.php can be disabled via $wgEnableAPI.[1] But I don't see a
similar option for rest.php.[2]
I have two questions. First, is it possible to disable api.php and
rest.php in practice? Or restrict them to internal interfaces only?
Second, what option controls rest.php?
And maybe a third question, can we rename api.php and rest.php tosay,
api.php.unused and rest.php.unused? Will that produce ill effects?
Thanks in advance.
[1] https://www.mediawiki.org/wiki/Manual:Api.php
[2] https://www.mediawiki.org/wiki/Manual:Rest.php
_______________________________________________
MediaWiki-l mailing list -- mediawiki-l@lists.wikimedia.org
To unsubscribe send an email to mediawiki-l-leave@lists.wikimedia.org
https://lists.wikimedia.org/postorius/lists/mediawiki-l.lists.wikimedia.org/