Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 29 subscribers
  • Views 13747 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Create FIrewall Policy - HTTPBased response 501

Luke Milby

Hi All!

Im working with the Sophos XG 1700.1 API looking to create an HTTPBased Firewall policy.

I seem to be running into an issue when making the request. 
response from the request:
<?xml version="1.0" encoding="UTF-8"?>\n<Response APIVersion="1700.1">\n  <Login>\n    <status>Authentication Successful</status>\n  </Login>\n  <SecurityPolicy transactionid="">\n    <Status code="501">Configuration parameters validation failed.</Status>\n    <InvalidParams/>\n  </SecurityPolicy>\n</Response>\

request:
/webconsole/APIController?reqxml=<Request><Login><Username>admin</Username><Password>notpassword</Password></Login><Set operation="add"><SecurityPolicy><Name>HTTPBased Policy</Name><Position>top</Position><Description>HTTP Based Policy</Description><Status>Disable</Status><IPFamily>IPv4</IPFamily><PolicyType>HTTPBased</PolicyType><HTTPBasedPolicy><HostedAddress>10.0.0.10</HostedAddress><HTTPS>Disable</HTTPS><RedirectHTTP>Disable</RedirectHTTP><ListenPort>80</ListenPort><Domains><Domain>derp.com</Domain></Domains><AllowFrom><Address>Test Server</Address></AllowFrom><Exceptions><Exception><path>/</path><op>or</op><source>Any IPv4</source><skip_threats_filter_categories>protocol_violations</skip_threats_filter_categories><skip_threats_filter_categories>protocol_anomalies</skip_threats_filter_categories><skip_threats_filter_categories>request_limits</skip_threats_filter_categories><skipav>1</skipav><skipbadclients>1</skipbadclients><skipcookie>1</skipcookie><skipform>1</skipform><skipurl>1</skipurl></Exception></Exceptions><ProtocolSecurity /><CompressionSupport>Disable</CompressionSupport><RewriteHTML>Disable</RewriteHTML><RewriteCookies>Disable</RewriteCookies><PassHostHeader>Disable</PassHostHeader></HTTPBasedPolicy><IntrusionPrevention>None</IntrusionPrevention><TrafficShapingPolicy>None</TrafficShapingPolicy><SourceSecurityHeartbeat>Disable</SourceSecurityHeartbeat><MinimumSourceHBPermitted /><DestSecurityHeartbeat>Disable</DestSecurityHeartbeat><MinimumDestinationHBPermitted /></SecurityPolicy></Set></Request>

If anyone could help that would be awesome!

thanks,

Luke




This thread was automatically locked due to age.
Parents
  • 0

    Luke, 

    Were you able to get this to work? I recently started playing with the API and I have been able to successfully create firewall rules. If you want I can post the code here. 

  • 0 in reply to Joe Plunkett

    IPInfoSec said:

    Luke, 

    Were you able to get this to work? I recently started playing with the API and I have been able to successfully create firewall rules. If you want I can post the code here. 

     

    So I'm able to create firewall policies. The only issue I'm having is create a HTTPBased policy. In the API documentation you need to select a Policy type e.g User/Network/HTTPBased/NonHTTPBased/PublicNonHTTPPolicy. I can create all of these except for an HTTPBased. Just looking for minimum requirements or what I'm missing to make a valid request.

  • 0 in reply to Luke Milby

    Luke,

    I understand now. That is strange. Are you passing all these parameters into the browser or through a separate xml file? 

  • 0 in reply to Joe Plunkett

    IPInfoSec said:

    Luke,

    I understand now. That is strange. Are you passing all these parameters into the browser or through a separate xml file? 

     

     

    Using Python to make the request. I have Python build the URL that will be passed in the request. The URL contains all the XML and is what I posted in the request section.

  • 0 in reply to Luke Milby

    I would pass the XML as a separate file - If the XML request in the URL is too long it will fail out. Below is a function that I built in Python to do this - Give it a try with all the XML in a separate file:  Note to use this you only need to change the 'ip_address' variable and the 'xml_files' variable

     import requests

xml_files = ['myFile1.xml', 'myFile2.xml']  # Add xml files here
ip_address = '10.10.10.10'

def api_call(api_ip, xml_doc):
    api_url = r'https://{}:4444/webconsole/APIController?'.format(api_ip)
    payload = {'reqxml' : (None, open(xml_doc, 'rb'))}
    r = requests.post(api_url, files=payload, verify=False)
    print(r.text)

for file in xml_files:
    api_call(api_ip=ip_address, xml_doc=file)
  • 0 in reply to Joe Plunkett

    Thanks, Ill give this a shot and see how it goes.

Reply Children
No Data