...
Open the Apache’s configuration file and add below code snippet . This configuration provides in the <VirtualHost> directive.
The below configuration is example to block access to public institute and sites API callsunauthorised API calls of institute, sites and users module.
| Code Block |
|---|
|
<VirtualHost *:80>
ServerName <domain name>
ProxyPass / ajp://localhost:8009/openspecimen/
ProxyPassReverse / ajp://localhost:8009/openspecimen/
RewriteEngine On
RewriteCond %{HTTP:X-OS-API-TOKEN} ^$
RewriteCond !^$%{HTTP:Cookie} !^osAuthToken
RewriteRule .*?(institutes|sites|users) - [S=2F]
RewriteRule ^/rest/ng/institutes - [F]
RewriteRule ^/rest/ng/sites - [F]
#If URL is like https://test.openspecimen.org/os-test then configuration changes as below.
RewriteEngine On
RewriteCond %{HTTP:X-OS-API-TOKEN} ^$
RewriteCond %{HTTP:Cookie} !^osAuthToken
RewriteRule .*? - [S=2]
RewriteRule ^/rest/ng/institutes - [F]
RewriteRule ^/rest/ng/sitesos-test.*?(institutes|sites|users) - [F]
...
...
</VirtualHost> |
Block all the URLs except the specimen catalog URL.
| Code Block |
|---|
|
<VirtualHost *:80>
ServerName <domain name>
ProxyPass / ajp://localhost:8009/openspecimen/
ProxyPassReverse / ajp://localhost:8009/openspecimen/
.......
.......
RewriteEngine On
RewriteRule ^/fonts/ - [L]
RewriteRule ^/styles/ - [L]
RewriteRule ^/images/ - [L]
RewriteRule ^/modules/ - [L]
RewriteRule ^/plugin-ui-resources/ - [L]
RewriteRule ^/rest/ng/(specimen-catalogs|user-otp-details|external-dashboards|config-settings) - [L]
RewriteRule ^/rest/ng/.*$ - [F]
</VirtualHost> |
...