Disable Alpha endpoints via commandline flags

Experience Report for Feature Request

The problem is that we go through all the effort to set up poor man’s auth and use GraphQL endpoints instead of the native Dgraph endpoints, but the native endpoints are still available and unprotected.

What you wanted to do

Easily Disable the DQL endpoints via flags such as:

--disable-dql-all
--disable-dql-alter
--disable-dql-mutate
--disable-dql-query
etc...

What you actually did

Set up a reverse proxy to block the DQL endpoints

Why that wasn’t great, with examples

I think its clear and there are many posts and comments spread all over… in short, the endpoints should be shut down, not blocked by an external strategy.

Side note: Actually, I would much prefer that @auth directives would be respected by DQL, and that the core team revisits the ACL as enterprise only feature decision. But until then, those of us who choose self-hosted with poor man’s auth will be happy for an easy way to disable DQL and go for GQL only.

Any external references to support your case

1 Like

@LGalatin I think this is useful. Especially for those who will use GraphQL only. I’ll accept(to the backlog) it.

This option already exists. See https://dgraph.io/docs/deploy/dgraph-administration/#restricting-mutation-operations

2 Likes