To reduce the risk exposure of the entire MongoDB system, ensure that only trusted hosts have access to MongoDB.
Changed in version 3.6: MongoDB 3.6 removes the deprecated HTTP interface and REST API to MongoDB.
For more information, see MongoDB Configuration Hardening.
To restrict exposure to MongoDB, configure firewalls to control access to MongoDB systems. Use of VPNs can also provide a secure tunnel.
For more information, see Hardening Network Infrastructure.