As I know, the option `allow_admin` of `config.yaml` can limit unauthorized access. We can change the admin listening port by the option `port_admin`, then we can protect it through the firewall.
Lang Wang <totemofw...@apache.org> 于2019年11月18日周一 上午10:56写道: > For the plugin example: > > curl http://127.0.0.1:9080/apisix/admin/routes/1 -X PUT -d ' > { > "methods": ["GET"], > "uri": "/index.html", > "upstream": { > "type": "roundrobin", > "nodes": { > "39.97.63.215:80": 1 > } > } > }' > > The api seems like without any authentication. So what is the best practice > to protect those sensitive apis in prod env ? >
