We cannot enable this in on-prem / ESS Kibana in 8.x as it would be a breaking change, however we should remove this configuration in 9.0 so we can enforce internal API restrictions in all environments.
We also need to add a KB to communicate the change with Support.
Opening this issue as a reminder for whenever 9.0 rolls around.
For our serverless offering we introduced a mechanism to prevent access to internal-only APIs by setting
server.restrictInternalApis: true
.We cannot enable this in on-prem / ESS Kibana in 8.x as it would be a breaking change, however we should remove this configuration in 9.0 so we can enforce internal API restrictions in all environments.
We also need to add a KB to communicate the change with Support. Opening this issue as a reminder for whenever 9.0 rolls around.