Add a note on securing RPC endpoints (#1244)

* add a note about securing access to JSON-RPC Signed-off-by: Sally MacFarlane <[email protected]> * recommend auth Signed-off-by: Sally MacFarlane <[email protected]> * Update docs/public-networks/how-to/use-besu-api/json-rpc.md Signed-off-by: Alexandra Tran <[email protected]> Signed-off-by: Sally MacFarlane <[email protected]> Signed-off-by: Alexandra Tran <[email protected]> Co-authored-by: Alexandra Tran <[email protected]>
hyperledger · Jan 11, 2023 · cb0d28b · cb0d28b
1 parent 05aae6c
commit cb0d28b
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 3 deletions.
diff --git a/docs/public-networks/how-to/use-besu-api/index.md b/docs/public-networks/how-to/use-besu-api/index.md
@@ -77,7 +77,7 @@ By default, Besu accepts requests and connections from `localhost` and `127.0.0.
 !!! important
 
     This isn't a permissioning feature.
-    If you want to restrict access to the API, we recommend using the [Besu authentication mechanism](authenticate.md)
+    To restrict access to the API, we recommend using the [Besu authentication mechanism](authenticate.md)
     with username and password authentication or JWT public key authentication.
 
 If your application publishes RPC ports, specify the hostnames when starting Besu.

diff --git a/docs/public-networks/how-to/use-besu-api/json-rpc.md b/docs/public-networks/how-to/use-besu-api/json-rpc.md
@@ -6,6 +6,13 @@ tags:
 
 # Use JSON-RPC over HTTP, WebSocket, and IPC
 
+JSON-RPC APIs allow you to interact with your node. JSON-RPC endpoints are not enabled by default.
+
+!!! caution
+
+    You should secure access to your node's JSON-RPC endpoints. Users with access to your node
+    via JSON-RPC can make calls directly to your node, causing your node to consume resources.
+
 To enable JSON-RPC over HTTP or WebSocket, use the
 [`--rpc-http-enabled`](../../reference/cli/options.md#rpc-http-enabled) and
 [`--rpc-ws-enabled`](../../reference/cli/options.md#rpc-ws-enabled) options.

diff --git a/docs/public-networks/how-to/use-engine-api.md b/docs/public-networks/how-to/use-engine-api.md
@@ -50,7 +50,7 @@ By default, Besu accepts requests and connections from `localhost` and `127.0.0.
 !!! important
 
     This isn't a permissioning feature.
-    If you want to restrict access to the Engine API, we recommend using [authentication](#authentication).
+    To restrict access to the Engine API, we recommend using [authentication](#authentication).
 
 If your application publishes RPC ports, specify the hostnames when starting Besu.
 

diff --git a/docs/public-networks/reference/cli/options.md b/docs/public-networks/reference/cli/options.md
@@ -930,7 +930,7 @@ By default, Besu accepts requests from `localhost` and `127.0.0.1`.
 !!! important
 
     This isn't a permissioning feature.
-    If you want to restrict access to the API, we recommend using the
+    To restrict access to the API, we recommend using the
     [Besu authentication mechanism](../../how-to/use-besu-api/authenticate.md) with username and password
     authentication or JWT public key authentication.