Block access to the public API calls.
Open the Apache’s configuration file and add below code snippet. This configuration provides example to block access to public institute and sites API calls.
<VirtualHost *:80> ServerName <domain name> ProxyPass / ajp://localhost:8009/openspecimen/ ProxyPassReverse / ajp://localhost:8009/openspecimen/ RewriteEngine On RewriteCond %{HTTP:X-OS-API-TOKEN} !^$ RewriteRule .? - [S=2] RewriteRule ^/rest/ng/institutes - [F] RewriteRule ^/rest/ng/sites - [F] RewriteCond %{HTTP:Cookie} ^osAuthToken RewriteRule .? - [S=2] RewriteRule ^/rest/ng/institutes - [F] RewriteRule ^/rest/ng/sites - [F] ... ... </VirtualHost>
Block all the URLs except the specimen catalog URL.
<VirtualHost *:80> ServerName <domain name> ProxyPass / ajp://localhost:8009/openspecimen/ ProxyPassReverse / ajp://localhost:8009/openspecimen/ ....... ....... RewriteEngine On RewriteRule ^/fonts/ - [L] RewriteRule ^/styles/ - [L] RewriteRule ^/images/ - [L] RewriteRule ^/modules/ - [L] RewriteRule ^/plugin-ui-resources/ - [L] RewriteRule ^/rest/ng/(specimen-catalogs|user-otp-details|external-dashboards|config-settings) - [L] RewriteRule ^/rest/ng/.*$ - [F] </VirtualHost>
Block all URLs except participant.
<VirtualHost> ..... RewriteEngine On RewriteCond %{REQUEST_URI} ^/<instance-name>/rest/ng/participants/\d+$ RewriteRule ^.*$ - [F] </VirtualHost> Example: <VirtualHost> ..... RewriteEngine On RewriteCond %{REQUEST_URI} ^/openspecimen-test/rest/ng/participants/\d+$ RewriteCond %{REQUEST_URI} ^/openspecimen-production/rest/ng/participants/\d+$ RewriteRule ^.*$ - [F] </VirtualHost>
Once the configuration is done. Restart the Apache server.