Block access to the public/ unauthorized API calls.
Open the Apache’s configuration file and add below code snippet. This configuration provides example to block access to public institute and sites API calls.
<VirtualHost *:80>
ServerName <domain name>
ProxyPass / ajp://localhost:8009/openspecimen/
ProxyPassReverse / ajp://localhost:8009/openspecimen/
RewriteEngine On
RewriteCond %{HTTP:X-OS-API-TOKEN} !^$
RewriteRule .? - [S=2]
RewriteRule ^/rest/ng/institutes - [F]
RewriteRule ^/rest/ng/sites - [F]
RewriteCond %{HTTP:Cookie} ^osAuthToken
RewriteRule .? - [S=2]
RewriteRule ^/rest/ng/institutes - [F]
RewriteRule ^/rest/ng/sites - [F]
...
...
</VirtualHost>
Block all the URLs except the specimen catalog URL.
<VirtualHost *:80> ServerName <domain name> ProxyPass / ajp://localhost:8009/openspecimen/ ProxyPassReverse / ajp://localhost:8009/openspecimen/ ....... ....... RewriteEngine On RewriteRule ^/fonts/ - [L] RewriteRule ^/styles/ - [L] RewriteRule ^/images/ - [L] RewriteRule ^/modules/ - [L] RewriteRule ^/plugin-ui-resources/ - [L] RewriteRule ^/rest/ng/(specimen-catalogs|user-otp-details|external-dashboards|config-settings) - [L] RewriteRule ^/rest/ng/.*$ - [F] </VirtualHost>
Block all URLs except participant.
<VirtualHost>
.....
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/<instance-name>/rest/ng/participants/\d+$
RewriteRule ^.*$ - [F]
</VirtualHost>
Example:
<VirtualHost>
.....
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/openspecimen-test/rest/ng/participants/\d+$
RewriteCond %{REQUEST_URI} ^/openspecimen-production/rest/ng/participants/\d+$
RewriteRule ^.*$ - [F]
</VirtualHost>
Once the configuration is done. Restart the Apache server.