Here's the deal. When you do a curl for the endpoint services/server/info on a search head, it includes information like the license key and it doesn't require any auth. no token, no user:pass, nothing.
All other endpoints require auth, but not the info one. I would like to disable or at least mask certain fields, but I can't see any where in the docs where it is even mentioned other than a description of the endpoint.
Hi,
I am experiencing the same issue, can you let me know where I need to put restriction in RestMapconf so that the server-info endpoint is not accessible
[admin:server-info]
requireAuthentication = true
[admin:server-info-alias]
requireAuthentication = true