Open the Apache’s configuration file and add below code snippet in the <VirtualHost> directive.
The below configuration is example to block access to unauthorised API calls of institute, sites and users module.
RewriteEngine On RewriteCond %{HTTP:X-OS-API-TOKEN} ^$ RewriteCond %{HTTP:Cookie} !^osAuthToken RewriteRule .*?(institutes|sites|users) - [F] #If URL is like https://test.openspecimen.org/os-test then configuration changes as below. RewriteEngine On RewriteCond %{HTTP:X-OS-API-TOKEN} ^$ RewriteCond %{HTTP:Cookie} !^osAuthToken RewriteRule .*?os-test.*?(institutes|sites|users) - [F] |
<VirtualHost *:80> ServerName <domain name> ProxyPass / ajp://localhost:8009/openspecimen/ ProxyPassReverse / ajp://localhost:8009/openspecimen/ ....... ....... RewriteEngine On RewriteRule ^/fonts/ - [L] RewriteRule ^/styles/ - [L] RewriteRule ^/images/ - [L] RewriteRule ^/modules/ - [L] RewriteRule ^/plugin-ui-resources/ - [L] RewriteRule ^/rest/ng/(specimen-catalogs|user-otp-details|external-dashboards|config-settings) - [L] RewriteRule ^/rest/ng/.*$ - [F] </VirtualHost> |
<VirtualHost> ..... RewriteEngine On RewriteCond %{REQUEST_URI} ^/<instance-name>/rest/ng/participants/\d+$ RewriteRule ^.*$ - [F] </VirtualHost> Example: <VirtualHost> ..... RewriteEngine On RewriteCond %{REQUEST_URI} ^/openspecimen-test/rest/ng/participants/\d+$ RewriteCond %{REQUEST_URI} ^/openspecimen-production/rest/ng/participants/\d+$ RewriteRule ^.*$ - [F] </VirtualHost> |
Once the configuration is done. Restart the Apache server.