Block access to the public API calls.
Open the Apache’s configuration file and add below code snippet. This configuration provides example to block access to public institute and sites API calls.
<VirtualHost *:80>
ServerName <domain name>
ProxyPass / ajp://localhost:8009/openspecimen/
ProxyPassReverse / ajp://localhost:8009/openspecimen/
RewriteEngine On
RewriteCond %{HTTP:X-OS-API-TOKEN} !^$
RewriteRule .? - [S=2]
RewriteRule ^/rest/ng/institutes - [F]
RewriteRule ^/rest/ng/sites - [F]
RewriteCond %{HTTP:Cookie} ^osAuthToken
RewriteRule .? - [S=2]
RewriteRule ^/rest/ng/institutes - [F]
RewriteRule ^/rest/ng/sites - [F]
...
...
</VirtualHost>
Block all the URLs except the specimen catalog URL.
<VirtualHost *:80> ServerName <domain name> ProxyPass / ajp://localhost:8009/openspecimen/ ProxyPassReverse / ajp://localhost:8009/openspecimen/ ....... ....... RewriteEngine On RewriteRule ^/fonts/ - [L] RewriteRule ^/styles/ - [L] RewriteRule ^/images/ - [L] RewriteRule ^/modules/ - [L] RewriteRule ^/plugin-ui-resources/ - [L] RewriteRule ^/rest/ng/(specimen-catalogs|user-otp-details|external-dashboards|config-settings) - [L] RewriteRule ^/rest/ng/.*$ - [F] </VirtualHost>
Block all URLs except participant.
<VirtualHost>
.....
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/<instance-name>/rest/ng/participants/\d+$
RewriteRule ^.*$ - [F]
</VirtualHost>
Example:
<VirtualHost>
.....
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/openspecimen-test/rest/ng/participants/\d+$
RewriteCond %{REQUEST_URI} ^/openspecimen-production/rest/ng/participants/\d+$
RewriteRule ^.*$ - [F]
</VirtualHost>
Once the configuration is done. Restart the Apache server.