Can the Swagger UI Pages and API endpoints exposed by PMM v2.x be disabled for use or access (i.e. these API endpoints should only be accessible by the PMM app components as a server-to-server communication, and not called manually by user or via Swagger UI), as they pose an additional attack surface area for malicious users from security standpoint?
May I know how can we do so?
Reference: API - Percona Monitoring and Management
Thank you!
Swagger can be disabled in /etc/nginx/conf.d/pmm.conf. Be aware that files in /etc are replaced in certain upgrade situations so anything you change in there should be part of your post-upgrade checks to make sure something isn’t re-enabled if there is a significant enough change in nginx version.
You could also do this to the API but many of these API’s are leveraged by pmm-client for adding nodes, polling for status etc so may break things. It may be better to limit access to ip ranges instead of disabling.
Unanswered | Unsolved | Solved
MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright © 2006 - 2021 Percona LLC. All rights reserved.