Background Information
After discussions on T372753: Decommission cxserver endpoints from RESTBase and investigations on the RESTBase codebase, we realised that cxserver v1 endpoints are not supported anymore and they should be removed from our infrastructure.
What
Like we did for MCS in T328036: MCS decommission (2023) we should block the requests before removing the code.
How
Block the following endpoints:
- POST <domain>/api/rest_v1/transform/html/from/{from}
- POST <domain>/api/rest_v1/transform/html/from/{from}/{provider}
- GET <domain>/api/rest_v1/transform/word/from/{from}/{word}
- GET <domain>/api/rest_v1/transform/word/from/{from}/{word}/{provider}
- GET <domain>/api/rest_v1/page/segments/{title}
- GET <domain>/api/rest_v1/page/segments/{title}/{revision}
- POST <domain>/api/rest_v1/transform/html/from/{from_lang}/to/{to_lang}
- POST <domain>/api/rest_v1/transform/html/from/{from_lang}/to/{to_lang}/{provider}
- GET <domain>/api/rest_v1/transform/word/from/{from_lang}/to/{to_lang}/{word}
- GET <domain>/api/rest_v1/transform/word/from/{from_lang}/to/{to_lang}/{word}/{provider}
- GET <domain>/api/rest_v1/list/pair/{from}/{to}/
- GET <domain>/api/rest_v1/list/tool/{tool}
- GET <domain>/api/rest_v1/list/tool/{tool}/{from}/{to}
- GET <domain>/api/rest_v1/list/languagepairs/
Why is safe to block requests
It's safe to block the requests for the following reasons:
- Looking at the requests data, example here, no relevant clients consume it and the majority of the requests are attempts to exploit the endpoint.
- Clients already had time to migrate cxserver to v2, and there's no appetite to make further communications.
- The endpoints are either not supported or broken