This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How can I only allow specific source address to insert XML-API request

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How can I only allow specific source address to insert XML-API request

SampleWu
L0 Member

‎08-08-2013 07:37 PM

Hi, all,

As title, everybody can ask PA and insert the URI to do what they want PA to do if people have the plaintext key and correct URI request.

I want to limit the request to only permitted source address, but I cannot find any app-id about it, how can I do?

Thanks,

Sample Wu

Labels:
0 Likes Likes
4 REPLIES 4

UhMayYeah
L5 Sessionator

‎08-08-2013 11:22 PM

XML API request on PA interface would be treated as general admin web access ,identified as web-browsing.

If there is a particular data plane interface that is used for XML-API requests ,you could configure Permitted IP through Interface-Management Profile or create an intra-zone rule allowing only a single address for Web-browsing .

Other option would be to create  a Custom- HTTP based app for XML api.

0 Likes Likes

Chatri
L3 Networker

‎08-08-2013 11:22 PM

The interface that you are using to log in to the API browser or to put in the API request, you set up an interface management profile on that interface and  specify permitted Ip addresses on it.

That should help you achieve what you are trying to achieve.

0 Likes Likes

mbutt
L5 Sessionator

‎08-10-2013 04:36 PM

For dataplane ports create a management profile by going to Network ---->interface management--->

select the services you want and allow permitted ip addresses.

Capture.JPG

Now apply to the interface you are interested on by going to network ---->interfaces

Capture.JPG

To permit certain ip address on management interface you can go to Device--> setup -> management->management interface settings.

select the services you want and allow permitted ip addresses.

Capture.JPG

Hope this helps.

Thanks

SampleWu
L0 Member

‎08-10-2013 05:49 PM

Hi, Nadir, Chatri, and mbutt,

I'm appreciated about your replies, it's helpful.

Besides this way, do we have another way to control who can use the XML-API request ? just like an app-id ?

I want to control it by service port number, but it cannot be.

Because the service port number are tcp/80, tcp/443, or tcp/4443, so that I cannot limit it and seprate the Admin's management and XML-API request.

Is it possible to create an app-id is about XML-API request ?

Thanks,

Sample Wu

0 Likes Likes
  • 2613 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks