Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

API & Integration, DevOps,NetOps,SecOps

Reply

Create a New Zone with Allow Queries from Set of ACEs - WAPI - Curl

New Member
Posts: 2
5085     0

Hi, i'm trying with WAPI to create a new zone in my dns view "internal" with a particular set rules that block any query to that specific domain name.

In the image there's the rules that i want to apply.

This is the command that i'm trying to send but i'm recieving only error response:

 

curl -k -u adminSmiley Tongueassword -H 'content-type: application/json' -X POST "https://"address"/wapi/v2.6/zone_auth" -d fqdn=test.com -d view=internal -d use_allow_query=true -d allow_query={permission=Deny}

 

RESPONSE

{ "Error": "AdmConProtoError: List value expected for field: allow_query",
"code": "Client.Ibap.Proto",
"text": "List value expected for field: allow_query"}

 

Anybody can help me solve this problem?

blockquery.PNG

Re: Create a New Zone with Allow Queries from Set of ACEs - WAPI - Curl

New Member
Posts: 1
5086     0

How is cURL used in a program?

When I see an API say use cURL to do XYZ it confuses me because I’m not sure how’d I use that line in a program. I would use either Ajax to do the call or if I needed a file I’d use PHP cURL (which I’m no expert in) to get the file.

But how do I use the one liner that the site gives me besides what seems to be like testing if the API works. It seems too simple not to use in a program.

cURL would be a one line statement whereas Ajax or PHP is a few lines.

I feel like I’m overthinking it’s purpose. Hopefully this made sense as I’m having a hard time collecting my thoughts into words.

Re: Create a New Zone with Allow Queries from Set of ACEs - WAPI - Curl

Moderator
Moderator
Posts: 287
5086     0

Curl is great for simple examples because it doesn't require all the overhead that perl, python, php, etc. requre just to run a command.

 

When you build a script or an application, your script (probably) won't use curl, but instead will use the libraries of that language.  However the URL or the JSON data sent or received will be exactly the same.

Re: Create a New Zone with Allow Queries from Set of ACEs - WAPI - Curl

Moderator
Moderator
Posts: 287
5086     0

I often create one by hand, and then see what the JSON looks like, to re-create it with a script.

 

Here I request the list of all zones, including our important allow_query fields:

 

curl -k1 -u admin:infoblox -X GET "https://192.168.1.2/wapi/v2.6/zone_auth" -d "_return_fields%2b=use_allow_query,allow_query"

which returns a list of zones including my example:

 

[
...
   {
        "_ref": "zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LmxvY2FsLm5vcGU:nope.local/Internal",
        "allow_query": [
            {
                "_struct": "addressac",
                "address": "Any",
                "permission": "DENY"
            }
        ],
        "fqdn": "nope.local",
        "use_allow_query": true,
        "view": "Internal"
    }
...
]

Now I know how to construct the call to make a new zone:

 

curl -k1 -u admin:infoblox -H 'content-type: application/json' -X POST "https://192.168.1.2/wapi/v2.6/zone_auth" -d \
'{
        "fqdn": "test.com",
        "allow_query": [
            {
                "_struct": "addressac",
                "address": "Any",
                "permission": "DENY"
            }
        ],
        "use_allow_query": true,
        "view": "Internal"
}'

Re: Create a New Zone with Allow Queries from Set of ACEs - WAPI - Curl

New Member
Posts: 2
5086     0

Yes you're right. I'm using curl to solve a structure problem of the API. Then i'll translate into a python requests call.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You