Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 2548 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RESTful-API UPDATE reverse_proxy location

4Syno

Hello,

I'm using the Sophos UTM9 Home Edition, to secure my owncloud. Configured is this through integrated WAF.

This works quite nice, I miss only fail2ban here.

So to add fail2ban I used the RESTful-API:

https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.ashx

So fare I got everything up and running.

Using “PATCH“ api/objects/reverse_proxy/location/REF_RevLoc

2 Problems: access_control can only handle Network and Hosts. So I can’t use Groups to update the block list. That makes everything more complicate.

In case fail2ban finds an failed login the update command overwrites all existing IP’s under Site-Path-routing:

curl -X PATCH --header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'X-Restd-Err-Ack: all' \
--header 'X-Restd-Lock-Override: yes' \
--header 'Authorization: Basic access_token' -d \
'{"access_control":"1","allowed_networks":["REF_NetworkAny"],"auth_profile":"","backend":["REF_RevBacWEBHost"],"be_path":"","comment":"","denied_networks":["'"$DN"'"],"hot_standby":false,"name":"ProxyN","path":"/subtree","status":true,"stickysession_id":"ROUTEID","stickysession_status":false,"websocket_passthrough":true}' \
'https://my.fw/api/objects/reverse_proxy/location/REF_RevLocProxyN' > /dev/null

Did I miss something here, is there an variable to keep existing values?

Someone else has facing this situation?

I really appreciate any help you can provide.



This thread was automatically locked due to age.
Parents
  • 0

    Hallo and welcome to the UTM Community!

    In fact, the UTM's Intrusion Prevention system should make fail2ban redundant, so I doubt that anyone here will be able to help you with this.

    Cheers - Bob
    PS Moved this thread to the Web Server Security forum.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • +1 in reply to BAlfson

    Hi Bob,

    thanks for your feedback. I got it up and running; Finished this a couple of hours ago :)

    The action config from fail2ban are working like a shell, sh not bash!

    So the tricky part was the script for me, that keeps existing ban ip's and new ip's in one shut (curl -X PATCH) up and running.

    What are the object limitations of the access_control field?

  • 0 in reply to 4Syno

    "Object limitations of the access_control field?"  Keine Ahnung !

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hab etliche fake Adressen erzeugt und eingetragen. So viele werden es hoffentlich nie werden, dann zieht man eh besser den Stecker :D

Reply Children
No Data
Unfiltered HTML