Question

Block access to /api-doc/, /ws-doc/, and /rest-doc/ from YAML configuration in Mendix On-Premises

0

Hi Mendix Community,I am using Mendix on-premises and I would like to block access to some URLs such as:/api-doc//ws-doc//rest-doc/Is it possible to block or restrict these URLs from the Mendix YAML configuration file?Please note that I do not have a Load Balancer, WAF, IIS, or reverse proxy in front of the application, so I am looking for a solution directly from the Mendix/on-premises configuration side.Any advice or recommended approach would be appreciated.Thank you.

asked 2026-06-03

Saja Ayoub

2 answers

Krishna Kumar S · Answer 1 · 2026-06-03

The YAML configuration does not provide a direct option to block specific application URLs like:

/api-doc/
/ws-doc/
/rest-doc/

Those endpoints are served by the Mendix runtime, so URL-level blocking is normally handled at the infrastructure layer:

reverse proxy (NGINX / IIS / Apache)
load balancer
WAF rules
ingress controller (Kubernetes)

Gurumoorthy J · Answer 2 · 2026-06-03

Hi Saja,

Exposing the Mendix application directly without a web server or web proxy is not a recommended approach and does not align with standard architectural practices. Additionally, the endpoint-blocking requirements you mentioned cannot be implemented without these components in place.

I would recommend reconsidering the architecture for exposing the application to the front end to ensure both security and flexibility in managing access controls.

Even if it is a internal application[ not public facing] having these component to manage traffic is important.

I hope this helps