View Source

Block access to the public API calls.

Open the Apache’s configuration file and add below code snippet in the <VirtualHost> directive.

The below configuration is example to block access to unauthorised API calls of institute, sites and users module.

  RewriteEngine On
  RewriteCond %{HTTP:X-OS-API-TOKEN} ^$
  RewriteCond %{HTTP:Cookie} !^osAuthToken
  RewriteRule .*?(institutes|sites|users) - [F]
  
  #If URL is like https://test.openspecimen.org/os-test then configuration changes as below.
  RewriteEngine On
  RewriteCond %{HTTP:X-OS-API-TOKEN} ^$
  RewriteCond %{HTTP:Cookie} !^osAuthToken
  RewriteRule .*?os-test.*?(institutes|sites|users) - [F]

Block all the URLs except the specimen catalog URL.

<VirtualHost *:80>
  ServerName <domain name>
  ProxyPass / ajp://localhost:8009/openspecimen/
  ProxyPassReverse / ajp://localhost:8009/openspecimen/
  .......
  .......

  RewriteEngine On  
  RewriteRule ^/fonts/ - [L]
  RewriteRule ^/styles/ - [L]
  RewriteRule ^/images/ - [L]
  RewriteRule ^/modules/ - [L]
  RewriteRule ^/plugin-ui-resources/ - [L]
  RewriteRule ^/rest/ng/(specimen-catalogs|user-otp-details|external-dashboards|config-settings) - [L]
  RewriteRule ^/rest/ng/.*$ - [F]
</VirtualHost>

Block all URLs except participant.

<VirtualHost>
  .....
  RewriteEngine On 
  RewriteCond %{REQUEST_URI} ^/<instance-name>/rest/ng/participants/\d+$
  RewriteRule ^.*$ - [F]
</VirtualHost>
 
Example: 
<VirtualHost>
 .....
 RewriteEngine On 
 RewriteCond %{REQUEST_URI} ^/openspecimen-test/rest/ng/participants/\d+$
 RewriteCond %{REQUEST_URI} ^/openspecimen-production/rest/ng/participants/\d+$
 RewriteRule ^.*$ - [F] 
</VirtualHost>

Once the configuration is done. Restart the Apache server.