/
How to block specific API at Apache level?
Got feedback or spotted a mistake?
Leave a comment at the end of this page or email contact@krishagni.com
How to block specific API at Apache level?
- Paresh Patil (Deactivated)
- Krishna Waidande (Unlicensed)
- Prayuja Teli (Unlicensed)
Owned by Paresh Patil (Deactivated)
Block access to the public API calls.
Open the Apache’s configuration file and add below code snippet in the <VirtualHost> directive.
The below configuration is example to block access to unauthorised API calls of institute, sites and users module.
RewriteEngine On
RewriteCond %{HTTP:X-OS-API-TOKEN} ^$
RewriteCond %{HTTP:Cookie} !^osAuthToken
RewriteRule .*?(institutes|sites|users) - [F]
#If URL is like https://test.openspecimen.org/os-test then configuration changes as below.
RewriteEngine On
RewriteCond %{HTTP:X-OS-API-TOKEN} ^$
RewriteCond %{HTTP:Cookie} !^osAuthToken
RewriteRule .*?os-test.*?(institutes|sites|users) - [F]
Block all the URLs except the specimen catalog URL.
<VirtualHost *:80>
ServerName <domain name>
ProxyPass / ajp://localhost:8009/openspecimen/
ProxyPassReverse / ajp://localhost:8009/openspecimen/
.......
.......
RewriteEngine On
RewriteRule ^/fonts/ - [L]
RewriteRule ^/styles/ - [L]
RewriteRule ^/images/ - [L]
RewriteRule ^/modules/ - [L]
RewriteRule ^/plugin-ui-resources/ - [L]
RewriteRule ^/rest/ng/(specimen-catalogs|user-otp-details|external-dashboards|config-settings) - [L]
RewriteRule ^/rest/ng/.*$ - [F]
</VirtualHost>
Block all URLs except participant.
<VirtualHost>
.....
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/<instance-name>/rest/ng/participants/\d+$
RewriteRule ^.*$ - [F]
</VirtualHost>
Example:
<VirtualHost>
.....
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/openspecimen-test/rest/ng/participants/\d+$
RewriteCond %{REQUEST_URI} ^/openspecimen-production/rest/ng/participants/\d+$
RewriteRule ^.*$ - [F]
</VirtualHost>Once the configuration is done. Restart the Apache server.
, multiple selections available,
Related content
HTTP 405: Requests from origin server not allowed.
HTTP 405: Requests from origin server not allowed.
More like this
How to lock/unlock participant fields?
How to lock/unlock participant fields?
More like this
Configure derivative and aliquot page
Configure derivative and aliquot page
More like this
Customize Screens (JSON)
Customize Screens (JSON)
More like this
Anonymize Participant
Anonymize Participant
More like this
Catalog: View and Process Request
Catalog: View and Process Request
More like this
Got feedback or spotted a mistake?
Leave a comment at the end of this page or email contact@krishagni.com