RESTful-API UPDATE reverse_proxy location

Question

Hello, 
 I'm using the Sophos UTM9 Home Edition, to secure my owncloud. Configured is this through integrated WAF. 
 This works quite nice, I miss only fail2ban here. 
 So to add fail2ban I used the RESTful-API: 
 https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.ashx 
 So fare I got everything u p and running. 
 Using &ldquo; PATCH&ldquo; api/objects/reverse_proxy/location/REF_RevLoc 
 
 2 Problems: access_control can only handle Network and Hosts. So I can&rsquo;t use Groups to update the block list. That makes everything more complicate. 
 In case fail2ban finds an failed login the update command overwrites all existing IP&rsquo;s under S ite-Path-routing: 
 
 curl -X PATCH --header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'X-Restd-Err-Ack: all' \
--header 'X-Restd-Lock-Override: yes' \
--header 'Authorization: Basic access_token' -d \
'{"access_control":"1","allowed_networks":["REF_NetworkAny"],"auth_profile":"","backend":["REF_RevBacWEBHost"],"be_path":"","comment":"","denied_networks":["'"$DN"'"],"hot_standby":false,"name":"ProxyN","path":"/subtree","status":true,"stickysession_id":"ROUTEID","stickysession_status":false,"websocket_passthrough":true}' \
'https://my.fw/api/objects/reverse_proxy/location/REF_RevLocProxyN' > /dev/null 
 
 Did I miss something here, is there an variable to keep existing values? 
 Someone else has facing this situation? 
 I really appreciate any help you can provide.

4Syno · Accepted Answer

Hi Bob, 
 
 thanks for your feedback. I got it up and running; Finished this a couple of hours ago :) 
 The action config from fail2ban are working like a shell, sh not bash! 
 So the tricky part was the script for me, that keeps existing ban ip's and new ip's in one shut (curl -X PATCH) up and running. 
 
 What are the object limitations of the access_control field?

RESTful-API UPDATE reverse_proxy location

Top Replies