We have implemented an open data portal that allows user to get service URLs from the API menu. We want to promote the use of our map and imagery services through an open data environment. However in the ESRI security documentation for ArcGIS Enterprise 10.5 it is recommended that the server rest directories be disabled to stop scanners and attackers from getting a complete menu of what your product can do.
Disabling the Rest services folder then stops the user being able to use the API links from the open data portal.
I'm a little confused here as to what is best practice. We want users to access our data however want a secure environment.
Any help would be appreciated.