How to bloack /api calls to get content data.

7 views

Skip to first unread message

Saurabh Tripathi

unread,

Dec 6, 2017, 12:29:49 AM12/6/17

to dot...@googlegroups.com

Hi Everyone,

I just want to know that is there any way to restrict /api call to get content data for all content types without updating content type view permission or to restrict all /api calls coming from a domain.

I would like to block all /api call coming from a domain(example.com) but all calls from the same server (localhost:8080) would respond.

How can i achive this ? Please suggest.

For example:

If I hit the URL as (http://example.com/api/content/render/false/query/+contentType:{ContentType}/user/ad...@dotcms.com/password/admin), it should not respond with content type data

and

if hit the URL on the server as (http://localhost:8080/api/content/render/false/query/+contentType:{ContentType}/user/ad...@dotcms.com/password/admin), it should respond with content type data.

Thanks

Sent from the dotCMS Users Group mailing list archive at Nabble.com.

Xander Steinmann

unread,

Dec 6, 2017, 3:05:00 AM12/6/17

to dotCMS User Group

Hi Saurabh,

You could add an Apache/nginx in front of the dotCMS (with which you could also block by IP or something) or you could add a filter in a static plugin.

Kind regards,

Xander

Reply all

Reply to author

Forward

0 new messages