Security

Reply
Highlighted

Best way to update rules in RPZ zone

TSun
Techie
Posts: 11
19956     0

Hi there,

 

I'm now working on populating rules into RPZ zone. I try to schedule updating the rules in the zone, which every time I delete all the previous rules and then insert the new ones. I use the 'csv_import' function in WAPI to do both delete and insert function.

 

However when the number of the rules is quite large, the performance may be a issue to do it like this. And So I wonder is there a better way to update the rules, since there maybe many duplicate rules I don't have to delete and re-insert again ('overwrite' and 'merge' seems not the proper behavior in csv import methods)?

 

Thanks!

Re: Best way to update rules in RPZ zone

Adviser
Posts: 85
19957     0

WAPI currently does not have any way to update RPZ objects, you may be forced to use PAPI, to which you can then use the Infoblox:Smiley Very HappyNS::RPZRecord object to insert, delete, change records within your local RPZ.

 

Not sure when WAPI will include support for this object type, but eventually things will trickle down. I agree though that manipulating rules via CSV isn't the best way to go about this if you have a large number of rules that are constantly changing. 

 

Perhaps someone else has a better idea?

Re: Best way to update rules in RPZ zone

Adviser
Posts: 131
19957     0

@jchik wrote:

 

Perhaps someone else has a better idea?


The only other thing I can think of is to switch from using a local response policy zone to using a remote policy zone. Then stand up a basic instance of the BIND server and have it be the master for the response policy zone, designating one of the Infoblox grid members as the lead secondary for the zone.

 

If you do this then updating the response policy zone basically amounts to updating the BIND zone file and then notifying the BIND server to pick up the changes. This could be done programmatically if desired. One downside is that either the program or the people updating the file would have to deal with the "raw" RPZ text format, and problems could occur if incorrectly-formatted data were added to the file.

 

-- Frank

Re: Best way to update rules in RPZ zone

Adviser
Posts: 131
19957     0

I should add that on balance I think the best approach to this is to try out the Perl API. I love the Web API but this is one of those areas it is not equipped to handle (at least not yet).

 

-- Frank

 

Re: Best way to update rules in RPZ zone

RLangston
Techie
Posts: 13
19957     0

Basically, there are a few choices here:

 

1.  Use the Perl API as mentioned

2.  Use the GUI to import a CSV file

3.  Use the WAPI API to import a CSV.  This is a bit convoluted, but you would make a CSV file and then use the API to upload that file.

 

Support for using the WAPI API to send these type of updates directly - without the CSV - will be supported "in the very near future" but I can't be more specific.

 

Re: Best way to update rules in RPZ zone

[ Edited ]
airhead
Techie
Posts: 3
19957     0

Thanks for your thoughts on this one!

I'm currently making a script that downloads regular host-lists of ad servers which it converts to a RPZ CSV-file. 

I kinda get stuck on uploading the CSV-file to the IB appliance, I was hoping that you guys could help me on this one Smiley Happy

 

The following commands are based of the API guide section ‘Uploading a file to the appliance’: https://192.168.1.6/wapidoc/additional/sample.html

CI009:~ root$ curl -k1 -u adminSmiley Tongueassword -X POST 'https://192.168.1.6/wapi/v2.2/fileop?_function=uploadinit'

{

    "token": "eJydkE1PwzAMhu/+I+OyZunWj3EbGpOQ0EAbnK02yYalNjFJirZ/TwKCCzcOiV7bj9/EVsrxFb05\nQ7qUsyH6SUXngSXcKLIn1w/uUjhr8olXNgG2XezwYE7AJSjEfqIhkkUETSoCL+FG8wqOM3Nh8leM\nNJoZcAU7uVo1y7pcV7Jo2qauKgnhOJv8kMp1aniLkcOtEHJdFrJuC1nUIudQU/pcxBMNBskJb96R\n9Pz1+fFps53LxaIRNLLz30Qya7Iv6aTaZPsXT4V1RnSaJGm5SJQIaezubEQc+X+vSvnjicYqp8me\nc7ZM5ncP+yyXv8Do9FdL3tN287LBw/0uxxWEeGBZ5x3KJhWp7xjJ8hTxw/hAzmashX3oi09z34vn\n",

    "url": "https://192.168.1.6/http_direct_file_io/req_id-UPLOAD-1007/import_file"

}

 

 

CI009:~ root$ curl -k1 -u adminSmiley Tongueassword -F name=policy_result.csv -F filedata=@policy_result.csv 'https://192.168.1.6/http_direct_file_io/req_id-UPLOAD-1007/import_file'

 

CI009:~ root$ curl -k1 -u adminSmiley Tongueassword -X POST 'https://192.168.1.6/wapi/v2.2/fileop?_function=setfiledest' \

> -H "Content-Type: application/json" -d '{ "dest_path": "/policy_result.csv", "type": "TFTP_FILE", \

> "token": "eJydkE1PwzAMhu/+I+OyZunWj3EbGpOQ0EAbnK02yYalNjFJirZ/TwKCCzcOiV7bj9/EVsrxFb05\nQ7qUsyH6SUXngSXcKLIn1w/uUjhr8olXNgG2XezwYE7AJSjEfqIhkkUETSoCL+FG8wqOM3Nh8leM\nNJoZcAU7uVo1y7pcV7Jo2qauKgnhOJv8kMp1aniLkcOtEHJdFrJuC1nUIudQU/pcxBMNBskJb96R\n9Pz1+fFps53LxaIRNLLz30Qya7Iv6aTaZPsXT4V1RnSaJGm5SJQIaezubEQc+X+vSvnjicYqp8me\nc7ZM5ncP+yyXv8Do9FdL3tN287LBw/0uxxWEeGBZ5x3KJhWp7xjJ8hTxw/hAzmashX3oi09z34vn\n" }'

{ "Error": "AdmConProtoError: JSON Decoding: Expecting property name: line 1 column 58 (char 58)",

  "code": "Client.Ibap.Proto.JSONDecoding",

  "text": "JSON Decoding: Expecting property name: line 1 column 58 (char 58)"

}

 

CI009:~ root$

 

 

So the token part is a bit unclear for me, could you shine some light on this? 

Thanks in advance for helping me out guys.

 

 

 

Re: Best way to update rules in RPZ zone

kmehta Employee
Employee
Posts: 8
19957     0

Thanks for sharing this!  I'll ping a few people to help you resolve the issue.

 

e

Re: Best way to update rules in RPZ zone

airhead
Techie
Posts: 3
19957     0

I've opened a support case in the mean time. I'll touch base with you guys when I have the answer Smiley Happy.

 

 

Re: Best way to update rules in RPZ zone

[ Edited ]
airhead
Techie
Posts: 3
19957     0

Hi guys,

 

See the solution here below Smiley Happy!

 

 ________________________________
< Long life is in store for you. >
 --------------------------------
   \
    \
        .--.
       |o_o |
       |:_/ |
      //   \ \
     (|     | )
    /'\_   _/`\
    \___)=(___/

root@raspberrypi:~/ib_automate/nextstep/bblox# bash -x bblox.sh 
+ ibimportapi
++ curl -k1 -u admin:password -X POST 'https://192.168.1.6/wapi/v2.2/fileop?_function=uploadinit'
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   495    0   495    0     0   1171      0 --:--:-- --:--:-- --:--:--  1178
+ APIAUTH_RAW='{
    "token": "eJydkDFPwzAQhff7I2VpXKdJmrIVlUpIqKAW5lNiu+WkxD5sB7X/HhsECxuDred7n599p5TjK3pz\nhrQpZ0P0k4rOA0u4UWRPrh/cpXDW5BWvbAJsu9jhwZyAS1CI/URDJIsImlQEXsKN5gqOM3Nh8leM\nNJoZcA07WdVyXbVtvSqasmrrBsJxNvkhuU3i32LkcCuEXJeFbNpCFo3INdSU/hbxRINBcsKbdyQ9\nf31+fNps53KxkIJGdv6bSGGrnEs6qTbF/sWTsc6ITo0kLReJEiF13Z2NiCP/71UpfzLRWOU02XOu\nlin87mGf5fIXGJ3+upLHtN28bPBwv8vnGkI8sGzyCOUqmdR3jGR5ivhhfCBnM9bCPvTFJwPKi6c=\n", 
    "url": "https://192.168.1.6/http_direct_file_io/req_id-UPLOAD-1001/import_file"
}'
+ echo 'This is your RAW API information:' '{' '"token":' '"eJydkDFPwzAQhff7I2VpXKdJmrIVlUpIqKAW5lNiu+WkxD5sB7X/HhsECxuDred7n599p5TjK3pz\nhrQpZ0P0k4rOA0u4UWRPrh/cpXDW5BWvbAJsu9jhwZyAS1CI/URDJIsImlQEXsKN5gqOM3Nh8leM\nNJoZcA07WdVyXbVtvSqasmrrBsJxNvkhuU3i32LkcCuEXJeFbNpCFo3INdSU/hbxRINBcsKbdyQ9\nf31+fNps53KxkIJGdv6bSGGrnEs6qTbF/sWTsc6ITo0kLReJEiF13Z2NiCP/71UpfzLRWOU02XOu\nlin87mGf5fIXGJ3+upLHtN28bPBwv8vnGkI8sGzyCOUqmdR3jGR5ivhhfCBnM9bCPvTFJwPKi6c=\n",' '"url":' '"https://192.168.1.6/http_direct_file_io/req_id-UPLOAD-1001/import_file"' '}'
This is your RAW API information: { "token": "eJydkDFPwzAQhff7I2VpXKdJmrIVlUpIqKAW5lNiu+WkxD5sB7X/HhsECxuDred7n599p5TjK3pz\nhrQpZ0P0k4rOA0u4UWRPrh/cpXDW5BWvbAJsu9jhwZyAS1CI/URDJIsImlQEXsKN5gqOM3Nh8leM\nNJoZcA07WdVyXbVtvSqasmrrBsJxNvkhuU3i32LkcCuEXJeFbNpCFo3INdSU/hbxRINBcsKbdyQ9\nf31+fNps53KxkIJGdv6bSGGrnEs6qTbF/sWTsc6ITo0kLReJEiF13Z2NiCP/71UpfzLRWOU02XOu\nlin87mGf5fIXGJ3+upLHtN28bPBwv8vnGkI8sGzyCOUqmdR3jGR5ivhhfCBnM9bCPvTFJwPKi6c=\n", "url": "https://192.168.1.6/http_direct_file_io/req_id-UPLOAD-1001/import_file" }
++ echo '{' '"token":' '"eJydkDFPwzAQhff7I2VpXKdJmrIVlUpIqKAW5lNiu+WkxD5sB7X/HhsECxuDred7n599p5TjK3pz\nhrQpZ0P0k4rOA0u4UWRPrh/cpXDW5BWvbAJsu9jhwZyAS1CI/URDJIsImlQEXsKN5gqOM3Nh8leM\nNJoZcA07WdVyXbVtvSqasmrrBsJxNvkhuU3i32LkcCuEXJeFbNpCFo3INdSU/hbxRINBcsKbdyQ9\nf31+fNps53KxkIJGdv6bSGGrnEs6qTbF/sWTsc6ITo0kLReJEiF13Z2NiCP/71UpfzLRWOU02XOu\nlin87mGf5fIXGJ3+upLHtN28bPBwv8vnGkI8sGzyCOUqmdR3jGR5ivhhfCBnM9bCPvTFJwPKi6c=\n",' '"url":' '"https://192.168.1.6/http_direct_file_io/req_id-UPLOAD-1001/import_file"' '}'
++ grep '"token"'
++ tr -s ' '
++ cut -d ' ' -f 3
++ tr -d '"'
++ tr -d ,
+ TOKEN_ID='eJydkDFPwzAQhff7I2VpXKdJmrIVlUpIqKAW5lNiu+WkxD5sB7X/HhsECxuDred7n599p5TjK3pz\nhrQpZ0P0k4rOA0u4UWRPrh/cpXDW5BWvbAJsu9jhwZyAS1CI/URDJIsImlQEXsKN5gqOM3Nh8leM\nNJoZcA07WdVyXbVtvSqasmrrBsJxNvkhuU3i32LkcCuEXJeFbNpCFo3INdSU/hbxRINBcsKbdyQ9\nf31+fNps53KxkIJGdv6bSGGrnEs6qTbF/sWTsc6ITo0kLReJEiF13Z2NiCP/71UpfzLRWOU02XOu\nlin87mGf5fIXGJ3+upLHtN28bPBwv8vnGkI8sGzyCOUqmdR3jGR5ivhhfCBnM9bCPvTFJwPKi6c=\n'
+ echo 'This is your TOKEN_ID:' 'eJydkDFPwzAQhff7I2VpXKdJmrIVlUpIqKAW5lNiu+WkxD5sB7X/HhsECxuDred7n599p5TjK3pz\nhrQpZ0P0k4rOA0u4UWRPrh/cpXDW5BWvbAJsu9jhwZyAS1CI/URDJIsImlQEXsKN5gqOM3Nh8leM\nNJoZcA07WdVyXbVtvSqasmrrBsJxNvkhuU3i32LkcCuEXJeFbNpCFo3INdSU/hbxRINBcsKbdyQ9\nf31+fNps53KxkIJGdv6bSGGrnEs6qTbF/sWTsc6ITo0kLReJEiF13Z2NiCP/71UpfzLRWOU02XOu\nlin87mGf5fIXGJ3+upLHtN28bPBwv8vnGkI8sGzyCOUqmdR3jGR5ivhhfCBnM9bCPvTFJwPKi6c=\n'
This is your TOKEN_ID: eJydkDFPwzAQhff7I2VpXKdJmrIVlUpIqKAW5lNiu+WkxD5sB7X/HhsECxuDred7n599p5TjK3pz\nhrQpZ0P0k4rOA0u4UWRPrh/cpXDW5BWvbAJsu9jhwZyAS1CI/URDJIsImlQEXsKN5gqOM3Nh8leM\nNJoZcA07WdVyXbVtvSqasmrrBsJxNvkhuU3i32LkcCuEXJeFbNpCFo3INdSU/hbxRINBcsKbdyQ9\nf31+fNps53KxkIJGdv6bSGGrnEs6qTbF/sWTsc6ITo0kLReJEiF13Z2NiCP/71UpfzLRWOU02XOu\nlin87mGf5fIXGJ3+upLHtN28bPBwv8vnGkI8sGzyCOUqmdR3jGR5ivhhfCBnM9bCPvTFJwPKi6c=\n
++ echo '{' '"token":' '"eJydkDFPwzAQhff7I2VpXKdJmrIVlUpIqKAW5lNiu+WkxD5sB7X/HhsECxuDred7n599p5TjK3pz\nhrQpZ0P0k4rOA0u4UWRPrh/cpXDW5BWvbAJsu9jhwZyAS1CI/URDJIsImlQEXsKN5gqOM3Nh8leM\nNJoZcA07WdVyXbVtvSqasmrrBsJxNvkhuU3i32LkcCuEXJeFbNpCFo3INdSU/hbxRINBcsKbdyQ9\nf31+fNps53KxkIJGdv6bSGGrnEs6qTbF/sWTsc6ITo0kLReJEiF13Z2NiCP/71UpfzLRWOU02XOu\nlin87mGf5fIXGJ3+upLHtN28bPBwv8vnGkI8sGzyCOUqmdR3jGR5ivhhfCBnM9bCPvTFJwPKi6c=\n",' '"url":' '"https://192.168.1.6/http_direct_file_io/req_id-UPLOAD-1001/import_file"' '}'
++ grep req_id-UPLOAD-
++ tr -s -
++ cut -d - -f 3
++ cut -d / -f 1
+ UPLOAD_ID=1001
+ echo 'This is your API UPLOAD_ID:' 1001
This is your API UPLOAD_ID: 1001
+ curl -k1 -u admin:password -F name=./processed/policy_result.csv -F filedata=@./processed/policy_result.csv https://192.168.1.6/http_direct_file_io/req_id-UPLOAD-1001/import_file
+ curl -k1 -u admin:password -X POST 'https://192.168.1.6/wapi/v2.2/fileop?_function=csv_import' -H 'Content-Type: application/json' -d '{"token":"eJydkDFPwzAQhff7I2VpXKdJmrIVlUpIqKAW5lNiu+WkxD5sB7X/HhsECxuDred7n599p5TjK3pz\nhrQpZ0P0k4rOA0u4UWRPrh/cpXDW5BWvbAJsu9jhwZyAS1CI/URDJIsImlQEXsKN5gqOM3Nh8leM\nNJoZcA07WdVyXbVtvSqasmrrBsJxNvkhuU3i32LkcCuEXJeFbNpCFo3INdSU/hbxRINBcsKbdyQ9\nf31+fNps53KxkIJGdv6bSGGrnEs6qTbF/sWTsc6ITo0kLReJEiF13Z2NiCP/71UpfzLRWOU02XOu\nlin87mGf5fIXGJ3+upLHtN28bPBwv8vnGkI8sGzyCOUqmdR3jGR5ivhhfCBnM9bCPvTFJwPKi6c=\n", "on_error":"CONTINUE"}'
{
    "csv_import_task": {
        "_ref": "csvimporttask/b25lLmNzdl9pbXBvcnRfdGFzayQ4:8", 
        "admin_name": "admin", 
        "file_name": "import_file", 
        "file_size": 104, 
        "import_id": 8, 
        "lines_failed": 0, 
        "lines_processed": 0, 
        "lines_warning": 0, 
        "on_error": "CONTINUE", 
        "operation": "INSERT", 
        "separator": "COMMA", 
        "start_time": 1451945260, 
        "status": "PENDING", 
        "update_method": "OVERRIDE"
    }
root@raspberrypi:~/ib_automate/nextstep/bblox# 

 

 

Btw - I might need to upgrade my appliance Smiley Wink  http://imgur.com/VnH5dRp

 

Re: Best way to update rules in RPZ zone

osminm
Techie
Posts: 1
19957     0

Interested in this automating this process as well. Any idea when wapi might support this directly?

Re: Best way to update rules in RPZ zone

PIrala
Techie
Posts: 6
19957     0

We added the support WAPI support for individual RPZ entries in 7.2.x

 

So if the customer wants to do bulk adds/changes/deletes, they should use the method WAPI to do CSV upload (better performance), but if they want to do a series of changes using individual REST calls, they should use WAPI.

 

Examples of the WAPI calls are below.

Note that for general block/passthrough/substitute RPZs instead of record specific RPZs use the CNAME object.

 

I.e.,

record:rpz:cname : DNS Response Policy Zone CNAME record object.

An RPZ CNAME record represents different RPZ rules, depending on the value of the canonical name. The intention of this object is to support QNAME Trigger policy. The QNAME policy trigger applies to requested domain names (QNAME). This record represents Passthru Domain Name Rule, Block Domain
Name (No Such Domain) Rule, Block Domain Name (No Data) Rule and Substitute (Domain Name) Rule.
If canonical name is empty, it is a Block Domain Name(No Such Domain) Rule.
If canonical name is asterisk, it is a Block Domain Name (No Data) Rule.
If canonical name is the same as record name, it is a Passthru Domain Name Rule. If name of object starts with wildcard you must specify special value Œinfoblox-passthru¹ in canonical name in order to create Wildcard Passthru Domain Name Rule, for more details please see the Infoblox Administrator
Guide.
If canonical name is not Block Domain Name (No Such Domain) Rule, Block Domain Name (No Data) Rule, or Passthru Domain Name Rule, it is a substitution rule.

 

A- record:rpz:a
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpz:a -d '{"name":"a.test.com","ipv4addr":"2.2.2.2","rp_zone":"test.com"}'

"record:rpz:a/ZG5zLmJpbmRfYSQuX2RlZmF1bHQuY29tLnRlc3QsYSwyLjIuMi4y:a.test.com/default"

 

AAAA- record:rpz:aaaa
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpz:aaaa -d '{"ipv6addr":"2003::13","name":"aaaa.test.com","rp_zone":"test.com"}'

"record:rpz:aaaa/ZG5zLmJpbmRfYWFhYSQuX2RlZmF1bHQuY29tLnRlc3QsYWFhYSwyMDAzOjoxMw:aaaa.test.com/default"

 

Substitute(IPv4 Address)- record:rpz:a:ipaddress
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpz:a:ipaddress -d '{"name":"3.3.3.0.test.com","ipv4addr":"3.3.3.3","rp_zone":"test.com"}'

"record:rpz:a:ipaddress/ZG5zLmJpbmRfYSQuX2RlZmF1bHQuY29tLnRlc3QscnB6LWlwLjMuMy4zLjAuMzIsMy4zLjMuMw:3.3.3.0.test.com/default"

 

Substitute(IPv6 Address)-record:rpz:aaaa:ipaddress
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpz:aaaa:ipaddress -d '{"ipv6addr":"2003::15","name":"2003::.test.com","rp_zone":"test.com"}'

"record:rpz:aaaa:ipaddress/ZG5zLmJpbmRfYWFhYSQuX2RlZmF1bHQuY29tLnRlc3QscnB6LWlwLjIwMDMuenouMTI4LDIwMDM6OjE1:2003%3A%3A.test.com/default"

 

MX- record:rpz:mx
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpz:mx -d '{"mail_exchanger":"test.com","name": "mx.test.com","preference": 10,"rp_zone":"test.com"}'

"record:rpz:mx/ZG5zLmJpbmRfbXgkLl9kZWZhdWx0LmNvbS50ZXN0Lm14LnRlc3QuY29tLjEw:mx.test.com/default"

 

NAPTR- record:rpz:naptr
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpz:naptr -d '{"name":"naptr.test.com","order": 10,"preference": 10,"replacement": ".","rp_zone":"test.com"}'

"record:rpz:naptr/ZG5zLmJpbmRfbmFwdHIkLl9kZWZhdWx0LmNvbS50ZXN0LG5hcHRyLDEwLDEwLCwsLC4:naptr.test.com/default"

 

PTR- record:rpzSmiley Tonguetr
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpzSmiley Tonguetr -d '{"ptrdname":"ptr","rp_zone":"test.com","ipv4addr":"7.7.7.7"}'

"record:rpzSmiley Tonguetr/ZG5zLmJpbmRfcHRyJC5fZGVmYXVsdC5jb20udGVzdC5hcnBhLmluLWFkZHIuNy43LjcuNy5wdHI:7.7.7.7.in-addr.arpa.test.com/default"

 

SRV- record:rpz:srv
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpz:srv -d '{"name":"srv.test.com","port": 22,"priority": 0,"rp_zone":"test.com","target":"test.com","weight": 0}'

"record:rpz:srv/ZG5zLmJpbmRfc3J2JC5fZGVmYXVsdC5jb20udGVzdC9zcnYvMC8wLzIyL3Rlc3QuY29t:srv.test.com/default"

 

TXT- record:rpz:txt
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpz:txt -d '{"name":"txt.test.com","text": "abc","rp_zone":"test.com"}'

"record:rpz:txt/ZG5zLmJpbmRfdHh0JC5fZGVmYXVsdC5jb20udGVzdC50eHQuImFiYyI:txt.test.com/default"

 

Passthru IP Address Rule-record:rpz:cname:ipaddress
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpz:cname:ipaddress -d '{"canonical": "5.5.5.0","name": "5.5.5.0.test.com","rp_zone":"test.com"}'

"record:rpz:cname:ipaddress/ZG5zLmJpbmRfY25hbWUkLl9kZWZhdWx0LmNvbS50ZXN0LnJwei1pcC41LjUuNS4wLjMy:5.5.5.0.test.com/default"

 

Passthru Domain Name-record:rpz:cname
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpz:cname -d '{"canonical":"dn","name": "dn.test.com","rp_zone":"test.com"}'

"record:rpz:cname/ZG5zLmJpbmRfY25hbWUkLl9kZWZhdWx0LmNvbS50ZXN0LmRu:dn.test.com/default"

 

Passthru Client Ip Address Rule-record:rpz:cname:clientipaddress
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpz:cname:clientipaddress -d '{"canonical": "rpz-passthru","name":"10.120.20.42.test.com","rp_zone":"test.com"}'

"record:rpz:cname:clientipaddress/ZG5zLmJpbmRfY25hbWUkLl9kZWZhdWx0LmNvbS50ZXN0LnJwei1jbGllbnQtaXAuMTAuMTIwLjIwLjQyLjMy:10.120.20.42.test.com/default"

 

Block Client IP Address(NoSuchDomain) Rule:record:rpz:cname:clientipaddress
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpz:cname:clientipaddress -d '{"canonical": "","name": "10.120.20.43.test.com","rp_zone":"test.com"}'

"record:rpz:cname:clientipaddress/ZG5zLmJpbmRfY25hbWUkLl9kZWZhdWx0LmNvbS50ZXN0LnJwei1jbGllbnQtaXAuMTAuMTIwLjIwLjQzLjMy:10.120.20.43.test.com/default"

 

Block IP Address(NoSuchDomain) Rule:record:rpz:cname:ipaddress
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpz:cname:ipaddress -d '{"canonical": "","name": "5.5.5.5.test.com","rp_zone":"test.com"}'

"record:rpz:cname:ipaddress/ZG5zLmJpbmRfY25hbWUkLl9kZWZhdWx0LmNvbS50ZXN0LnJwei1pcC41LjUuNS41LjMy:5.5.5.5.test.com/default"

 

Block Domain Name(NoSuchDomain) Rule:record:rpz:cname
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpz:cname -d '{"canonical":"","name": "block_dn.test.com","rp_zone":"test.com"}'

"record:rpz:cname/ZG5zLmJpbmRfY25hbWUkLl9kZWZhdWx0LmNvbS50ZXN0LmJsb2NrX2Ru:block_dn.test.com/default"

 

Block IP Address(NoData) Rule:record:rpz:cname:ipaddress
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpz:cname:ipaddress -d '{"canonical": "*","name": "5.5.5.6.test.com","rp_zone":"test.com"}'

"record:rpz:cname:ipaddress/ZG5zLmJpbmRfY25hbWUkLl9kZWZhdWx0LmNvbS50ZXN0LnJwei1pcC41LjUuNS42LjMy:5.5.5.6.test.com/default"

 

Block Client IP Address (NoData) Rule:record:rpz:cname:clientipaddress
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpz:cname:clientipaddress -d '{"canonical": "*","name": "10.120.20.45.test.com","rp_zone":"test.com"}'

"record:rpz:cname:clientipaddress/ZG5zLmJpbmRfY25hbWUkLl9kZWZhdWx0LmNvbS50ZXN0LnJwei1jbGllbnQtaXAuMTAuMTIwLjIwLjQ1LjMy:10.120.20.45.test.com/default"

 

Block DomainName (NoData) Rule:record:rpz:cname
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n"
https://10.35.131.9/wapi/v2.2.1/record:rpz:cname -d '{"canonical":"*","name": "block_dn2.test.com","rp_zone":"test.com"}'

"record:rpz:cname/ZG5zLmJpbmRfY25hbWUkLl9kZWZhdWx0LmNvbS50ZXN0LmJsb2NrX2RuMg:block_dn2.test.com/default"

 

Substitute Domain Name (Domain Name):record:rpz:cname
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpz:cname -d '{"canonical":"sub_dn","name": "domain.test.com","rp_zone":"test.com"}'

"record:rpz:cname/ZG5zLmJpbmRfY25hbWUkLl9kZWZhdWx0LmNvbS50ZXN0LmRvbWFpbg:domain.test.com/default"

 

Substitute Domain Name (IP Address): record:rpz:cname:ipaddressdn
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpz:cname:ipaddressdn -d '{"canonical": "sub_dn2","name": "9.9.9.9.test.com","rp_zone":"test.com"}'

"record:rpz:cname:ipaddressdn/ZG5zLmJpbmRfY25hbWUkLl9kZWZhdWx0LmNvbS50ZXN0LnJwei1pcC45LjkuOS45LjMy:9.9.9.9.test.com/default"

 

Substitute Domain Name (Client IP Address): record:rpz:cname:clientipaddressdn
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpz:cname:clientipaddressdn -d '{"canonical": "sub_dn3","name":"10.120.20.46.test.com","rp_zone":"test.com"}'

"record:rpz:cname:clientipaddressdn/ZG5zLmJpbmRfY25hbWUkLl9kZWZhdWx0LmNvbS50ZXN0LnJwei1jbGllbnQtaXAuMTAuMTIwLjIwLjQ2LjMy:10.120.20.46.test.com/default"

 

 

Modify/Delete operations are simialr to all objects. Hence listing one example GET object Reference

 

First GET the object reference

curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n" https://10.35.131.9/wapi/v2.2.1/record:rpz:a -X GET

 

Modify
curl -k1 -u admin:infoblox -H "content-type:application/json" -w "\nThe Response Code:%{http_code}\n"https://10.35.131.9/wapi/v2.2.1/record:rpz:a/ZG5zLmJpbmRfYSQuX2RlZmF1bHQuY29tLnRlc3QsYSwyLjIuMi4y -d '{"comment":”update comment"}' -X PUT

"record:rpz:a/ZG5zLmJpbmRfYSQuX2RlZmF1bHQuY29tLnRlc3QsYSwyLjIuMi4y:a.test.com/default"

 

Delete
curl -k1 -u admin:infoblox -H "content-type:application/json" -w “\nThe Response Code:%{http_code}\n"https://10.35.131.9/wapi/v2.2.1/record:rpz:a/ZG5zLmJpbmRfYSQuX2RlZmF1bHQuY29tLnRlc3QsYSwyLjIuMi4y -X DELETE

"record:rpz:a/ZG5zLmJpbmRfYSQuX2RlZmF1bHQuY29tLnRlc3QsYSwyLjIuMi4y:a.test.com/default"

Showing results for 
Search instead for 
Do you mean 

Recommended for You