Got feedback or spotted a mistake?

Leave a comment at the end of this page or email contact@krishagni.com

How to block specific API at Apache level?

Owned by Paresh Patil (Deactivated)
Last updated: Sept 11, 2020 by Krishna Waidande (Unlicensed)
1 min read

Block access to the public API calls.

Open the Apache’s configuration file and add below code snippet in the <VirtualHost> directive.

The below configuration is example to block access to unauthorised API calls of institute, sites and users module.

RewriteEngine On RewriteCond %{HTTP:X-OS-API-TOKEN} ^$ RewriteCond %{HTTP:Cookie} !^osAuthToken RewriteRule .*?(institutes|sites|users) - [F] #If URL is like https://test.openspecimen.org/os-test then configuration changes as below. RewriteEngine On RewriteCond %{HTTP:X-OS-API-TOKEN} ^$ RewriteCond %{HTTP:Cookie} !^osAuthToken RewriteRule .*?os-test.*?(institutes|sites|users) - [F]

 

Block all the URLs except the specimen catalog URL.

<VirtualHost *:80> ServerName <domain name> ProxyPass / ajp://localhost:8009/openspecimen/ ProxyPassReverse / ajp://localhost:8009/openspecimen/ ....... ....... RewriteEngine On RewriteRule ^/fonts/ - [L] RewriteRule ^/styles/ - [L] RewriteRule ^/images/ - [L] RewriteRule ^/modules/ - [L] RewriteRule ^/plugin-ui-resources/ - [L] RewriteRule ^/rest/ng/(specimen-catalogs|user-otp-details|external-dashboards|config-settings) - [L] RewriteRule ^/rest/ng/.*$ - [F] </VirtualHost>


Block all URLs except participant.

<VirtualHost> ..... RewriteEngine On RewriteCond %{REQUEST_URI} ^/<instance-name>/rest/ng/participants/\d+$ RewriteRule ^.*$ - [F] </VirtualHost> Example: <VirtualHost> ..... RewriteEngine On RewriteCond %{REQUEST_URI} ^/openspecimen-test/rest/ng/participants/\d+$ RewriteCond %{REQUEST_URI} ^/openspecimen-production/rest/ng/participants/\d+$ RewriteRule ^.*$ - [F] </VirtualHost>

Once the configuration is done. Restart the Apache server.

Got feedback or spotted a mistake?

Leave a comment at the end of this page or email contact@krishagni.com