During the migration, the current https://bugzilla.wikimedia.org will be set in read-only mode at old-bugzilla.wikimedia.org until further notice.
This is unrelated to redirecting bugzilla.wikimedia.org/* URLs to Phabricator (T65).
People should still be able to view tickets, but not edit anything (no comments, no new accounts, no other changes), preferably by not allowing anybody to log in anymore via browser or via API.
I found http://toolsmiths.blogspot.com/2008/05/making-bugzilla-read-only.html and if I understand correctly, the author's recommendation is:
1) Remove "Open for bug entry" on editproducts.cgi (to not allow creating new tickets).
2) Create a group called "Canstilledit" and make admins members.
3) Use "Edit Group Access Controls" on editproducts.cgi to check the "Canedit" boolean for only that new group "Canstilledit", so "this product will be read-only for any users who are not members of all of the groups with Canedit selected" which would be that one new group.
4) Set "announcehtml" on editparams.cgi to inform everybody that Bugzilla is read-only, that all reports are now in Phabricator, and that there will be an intentional error when trying to edit any tickets in the read-only Bugzilla instance. Potentially mention that Search still works but is obviously not updated, and that people can find the parameters for their searches via "Edit Search" in Bugzilla so they could try to manually emulate that search via [[ https://phabricator.wikimedia.org/maniphest/query/advanced/ | Phabricator's advanced search ]] if similar options are available. Also see T40 for the redirects part.
I've also asked on https://groups.google.com/forum/#!topic/mozilla.support.bugzilla/aUzv2vNLduo if there are better recommendations.
There is no way to tell Bugzilla "make all tickets read-only which have status RESOLVED" or such. Only option is to make certain products in Bugzilla read-only via the workaround explained above.