How can I only allow specific source address to insert XML-API request

cancel
Showing results for 
Search instead for 
Did you mean: 

How can I only allow specific source address to insert XML-API request

L0 Member

Hi, all,

As title, everybody can ask PA and insert the URI to do what they want PA to do if people have the plaintext key and correct URI request.

I want to limit the request to only permitted source address, but I cannot find any app-id about it, how can I do?

Thanks,

Sample Wu

4 REPLIES 4

L5 Sessionator

XML API request on PA interface would be treated as general admin web access ,identified as web-browsing.

If there is a particular data plane interface that is used for XML-API requests ,you could configure Permitted IP through Interface-Management Profile or create an intra-zone rule allowing only a single address for Web-browsing .

Other option would be to create  a Custom- HTTP based app for XML api.

L3 Networker

The interface that you are using to log in to the API browser or to put in the API request, you set up an interface management profile on that interface and  specify permitted Ip addresses on it.

That should help you achieve what you are trying to achieve.

L5 Sessionator

For dataplane ports create a management profile by going to Network ---->interface management--->

select the services you want and allow permitted ip addresses.

Capture.JPG

Now apply to the interface you are interested on by going to network ---->interfaces

Capture.JPG

To permit certain ip address on management interface you can go to Device--> setup -> management->management interface settings.

select the services you want and allow permitted ip addresses.

Capture.JPG

Hope this helps.

Thanks

L0 Member

Hi, Nadir, Chatri, and mbutt,

I'm appreciated about your replies, it's helpful.

Besides this way, do we have another way to control who can use the XML-API request ? just like an app-id ?

I want to control it by service port number, but it cannot be.

Because the service port number are tcp/80, tcp/443, or tcp/4443, so that I cannot limit it and seprate the Admin's management and XML-API request.

Is it possible to create an app-id is about XML-API request ?

Thanks,

Sample Wu

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!