Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RESTful-API UPDATE reverse_proxy location


I'm using the Sophos UTM9 Home Edition, to secure my owncloud. Configured is this through integrated WAF.

This works quite nice, I miss only fail2ban here.

So to add fail2ban I used the RESTful-API:

So fare I got everything up and running.

Using “PATCH“ api/objects/reverse_proxy/location/REF_RevLoc

2 Problems: access_control can only handle Network and Hosts. So I can’t use Groups to update the block list. That makes everything more complicate.

In case fail2ban finds an failed login the update command overwrites all existing IP’s under Site-Path-routing:

curl -X PATCH --header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'X-Restd-Err-Ack: all' \
--header 'X-Restd-Lock-Override: yes' \
--header 'Authorization: Basic access_token' -d \
'{"access_control":"1","allowed_networks":["REF_NetworkAny"],"auth_profile":"","backend":["REF_RevBacWEBHost"],"be_path":"","comment":"","denied_networks":["'"$DN"'"],"hot_standby":false,"name":"ProxyN","path":"/subtree","status":true,"stickysession_id":"ROUTEID","stickysession_status":false,"websocket_passthrough":true}' \
'https://my.fw/api/objects/reverse_proxy/location/REF_RevLocProxyN' > /dev/null 

Did I miss something here, is there an variable to keep existing values?

Someone else has facing this situation?

I really appreciate any help you can provide.

This thread was automatically locked due to age.