Block all API calls

Issue

It has been observed a lot of threads and slow requests like

"Handling GET /job/FOLDER1/job/JOB1/api/json from 192.168.1.130 : RequestHandlerThread[#2246]" Id=614605 ...
...

It would great to have a way to filter out the number of requests which are processed by Jenkins, so the load can be reduced.

Environment

CloudBees CI (CloudBees Core) on modern cloud platforms - Managed controller
CloudBees CI (CloudBees Core) on modern cloud platforms - Operations Center
CloudBees CI (CloudBees Core) on traditional platforms - Client controller
CloudBees CI (CloudBees Core) on traditional platforms - Operations Center
CloudBees Jenkins Enterprise - Managed controller
CloudBees Jenkins Enterprise - Operations center
Jenkins LTS
CloudBees Request Filter Plugin

Resolution

Install the CloudBees Request Filter Plugin and add one of the following rules in Manage Jenkins > Configure System to get the desired behavior:

Block all the api requests excepting those which use the `tree` parameter (Recommended)

.*\/api\/(python|json|xml)+(?!.+tree=.+).*

Block all the api requests which do not use parameters

.*\/api\/(python|json|xml)

Block all the api requests including those which use `tree` and `depth` parameters

.*\/api\/(python|json|xml).*

This article is part of our Knowledge Base and is provided for guidance-based purposes only. The solutions or workarounds described here are not officially supported by CloudBees and may not be applicable in all environments. Use at your own discretion, and test changes in a safe environment before applying them to production systems.