/
How to block specific API at Apache level?
Got feedback or spotted a mistake?
Leave a comment at the end of this page or email contact@krishagni.com
How to block specific API at Apache level?
- Paresh Patil (Deactivated)
- Krishna Waidande (Unlicensed)
- Prayuja Teli (Unlicensed)
Owned by Paresh Patil (Deactivated)
Block access to the public API calls.
Open the Apache’s configuration file and add below code snippet in the <VirtualHost> directive.
The below configuration is example to block access to unauthorised API calls of institute, sites and users module.
RewriteEngine On
RewriteCond %{HTTP:X-OS-API-TOKEN} ^$
RewriteCond %{HTTP:Cookie} !^osAuthToken
RewriteRule .*?(institutes|sites|users) - [F]
#If URL is like https://test.openspecimen.org/os-test then configuration changes as below.
RewriteEngine On
RewriteCond %{HTTP:X-OS-API-TOKEN} ^$
RewriteCond %{HTTP:Cookie} !^osAuthToken
RewriteRule .*?os-test.*?(institutes|sites|users) - [F]
Block all the URLs except the specimen catalog URL.
<VirtualHost *:80>
ServerName <domain name>
ProxyPass / ajp://localhost:8009/openspecimen/
ProxyPassReverse / ajp://localhost:8009/openspecimen/
.......
.......
RewriteEngine On
RewriteRule ^/fonts/ - [L]
RewriteRule ^/styles/ - [L]
RewriteRule ^/images/ - [L]
RewriteRule ^/modules/ - [L]
RewriteRule ^/plugin-ui-resources/ - [L]
RewriteRule ^/rest/ng/(specimen-catalogs|user-otp-details|external-dashboards|config-settings) - [L]
RewriteRule ^/rest/ng/.*$ - [F]
</VirtualHost>
Block all URLs except participant.
<VirtualHost>
.....
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/<instance-name>/rest/ng/participants/\d+$
RewriteRule ^.*$ - [F]
</VirtualHost>
Example:
<VirtualHost>
.....
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/openspecimen-test/rest/ng/participants/\d+$
RewriteCond %{REQUEST_URI} ^/openspecimen-production/rest/ng/participants/\d+$
RewriteRule ^.*$ - [F]
</VirtualHost>Once the configuration is done. Restart the Apache server.
, multiple selections available,
Related content
Security Headers
Security Headers
More like this
HTTP 405: Requests from origin server not allowed.
HTTP 405: Requests from origin server not allowed.
More like this
How to check blocked port of server.
How to check blocked port of server.
More like this
How to change the default OpenSpecimen login page?
How to change the default OpenSpecimen login page?
More like this
Proxying and Load Balancing OpenSpecimen
Proxying and Load Balancing OpenSpecimen
More like this
Configure Apache
Configure Apache
More like this
Got feedback or spotted a mistake?
Leave a comment at the end of this page or email contact@krishagni.com