Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 4622 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Are their other evaluations happening on API access other than IP ACL?

NetDan

I'm writing a small app for the iPhone to manage my Sophos XG at home but no matter what I do the App gets rejected by the API saying the IP address isn't authorized. The weird thing is the iOS Simulator uses the IP address of the Mac it's running on (which is in the API ACL list). To make it even weirder if I call the API from Safari on the Mac or even Safari on the iPhone simulator the API works fine.

And the App is working because it gets a correctly formulated response back from the API.

<?xml version="1.0" encoding="UTF-8"?>

<Response APIVersion="1700.1">

<Status code="534">API operations are not allowed from the requester IP address.</Status>

</Response>

The only thing I can think of is there is some other check that Sophos is doing against the HTTP header that my app isn't setting.

Anyone have any ideas?



This thread was automatically locked due to age.
Parents
  • 0

    NetDam,

    did you enable the API from Backup & Firmware > API > Allowed IP?

    Thanks

  • 0 in reply to lferrara

    Yep. That's what is weird about it. The Macbook IP address is in the allowed IP list (ACL) and API access from a browser on the Mac and a browser on the iOS Simulator both work. And I'm testing these using a cut and paste from my Xcode debug log of the URL my app is calling so it's the same exact API call from the same exact IP address.

    So something other than IP address is being evaluated (and rejected) and returning the same status code as an unauthorized IP.

    Unfortunately, I can't seem to find any logging regarding the API in the XG.

Reply
  • 0 in reply to lferrara

    Yep. That's what is weird about it. The Macbook IP address is in the allowed IP list (ACL) and API access from a browser on the Mac and a browser on the iOS Simulator both work. And I'm testing these using a cut and paste from my Xcode debug log of the URL my app is calling so it's the same exact API call from the same exact IP address.

    So something other than IP address is being evaluated (and rejected) and returning the same status code as an unauthorized IP.

    Unfortunately, I can't seem to find any logging regarding the API in the XG.

Children
No Data