As an AAI developer, I would like to have a configuration option to block requests to certain REST APIs. The "Request Blocking" configuration could be used to configure an HAProxy ACL that blocks incoming requests based on various criteria. For example, requests can be blocked based on certain patterns within the URL path.

As of 30th January 2022, AAI does not have a feature by which access to some of the REST APIS could be restricted. ie, all the REST APIs are accessible by default. This could cause problems in some environments. For example, in an environment where there are one million-plus pnfs stored in the AAI data store, inadvertent invocation of GET all pnfs API could cause the aai-resources component to become unstable and crash due to an OOM (Out-Of-Memory) error.

Implementing a request blocking feature by leveraging HAProxy ACLs could enable developers to restrict any such API requests which cause the application to crash due to resource constraints.

Acceptance Criteria:

• The request blocking feature has to be disabled by default.
• Provide a provision to configure any custom HAProxy ACL expressions via values.yaml file.