I’d like to restrict one of my services as much as possible and not show the index.html, disable the UI and all other features that allow to browse the code, show definitions of the service etc.
Basically, I want only the routes I defined in my ServiceModel to be accessible and nothing else at all.
Is there a setting for this? If not, what is the easiest way to achieve this?
Right now, I manually delete the index.html file in my publish folder. I’ve tried excluding it from the publish process by adding this to my project with no luck:
Always
False
If there are other settings you can think of to restrict access (or to improve security) please let me know.
I set “DebugMode”: false and “DetailedErrors”: false in my appsettings and I disabled the following features in my AppHost.Config:
You will likely want to remove the UiFeature and a few others using:
Plugins.RemoveAll(x => x is UiFeature);
Eg
Plugins.RemoveAll(x => x is RequestInfoFeature or
UiFeature or MetadataFeature or NativeTypesFeature or
RequestInfoFeature or SvgFeature);
I think this should cover the built in features routes, however if you are registering additional plugins, they may also register routes as a part of their functionality.
That works but the index.html is still loading. I’d like to keep it in development but not in production if you have any suggestion. Otherwise I’ll keep on deleting it manually.
Can you give me an example of index.html you mean? I’m not sure I follow. It might be more related to your publish step, eg you should be able to exclude files if you are using dotnet publish. If it is in the wwwroot folder, I think it will get included by default.
When using the web template in the main project in wwwroot\index.html is generated and that always get published. I’m trying to keep it and only disable all the ui features in production and not publish this page.