Disable Alpha endpoints via commandline flags

gotjoshua · September 30, 2020, 6:53pm

Experience Report for Feature Request

The problem is that we go through all the effort to set up poor man’s auth and use GraphQL endpoints instead of the native Dgraph endpoints, but the native endpoints are still available and unprotected.

What you wanted to do

Easily Disable the DQL endpoints via flags such as:

--disable-dql-all
--disable-dql-alter
--disable-dql-mutate
--disable-dql-query
etc...

What you actually did

Set up a reverse proxy to block the DQL endpoints

Why that wasn’t great, with examples

I think its clear and there are many posts and comments spread all over… in short, the endpoints should be shut down, not blocked by an external strategy.

Side note: Actually, I would much prefer that @auth directives would be respected by DQL, and that the core team revisits the ACL as enterprise only feature decision. But until then, those of us who choose self-hosted with poor man’s auth will be happy for an easy way to disable DQL and go for GQL only.

Any external references to support your case

MichelDiz · September 30, 2020, 7:36pm

@LGalatin I think this is useful. Especially for those who will use GraphQL only. I’ll accept(to the backlog) it.

This option already exists. See https://dgraph.io/docs/deploy/admin/

Topic		Replies	Views
Authentication for admin endpoints Dev graphql , eng , auth , admin	10	2396	October 11, 2021
Intermittent 401 Access Denied for DQL in Strict Mode Dgraph Cloud / Slash GraphQL	2	447	April 28, 2021
New user of Dgraph : "unauthorized ip address: 192.168.65.3", Dgraph	3	547	August 24, 2021
What is the endpoint of a namespace on a dedicated server? Dgraph Cloud kind:question , dgraph	9	1071	October 5, 2022
Make EE features optional on UI (hide or disable ACL login) Ratel status:accepted , ticket:created	4	664	August 28, 2020