We use several public routing instances (VRs) on our L3 switches.
The http(s) server is enabled in order to be able to monitor the switch, as some things like transceiver power are not available using SNMP.
Now it looks like all that I can do is create access lists to disallow public access to the HTTP server, but not disable it entirely for the public VRs. The logs are full of background noise trying to connect.
We really don't want to get hacked that way in case this instance of CherryPi(?) (that's what the access denied page says) would be vulnerable somehow.
It doesn't seem professional at all that it's not possible to just specifically enable the http(s) service/API where you need it. (Or at least specifically disable it when you really don't need it.)
Now I don't want to stick my head in the sand and just disable logging. The entire situation doesn't feel right.
I really appreciated this piece. I often think of how much of a time suck and a mental drain diving into comment conversations can be. But sometimes it is worth it. At the end of the day, it's important to assert oneself and to attempt to have discussions about what matters to you.