The only thing he hasn't been able to resolve now is if the URL to block contains certain characters, like &, he gets a malformed request error. Any idea how to get around this. I tried \ before it as well as using an encoding value like %26 in place of it. If it helps, below is an example of a url that is not working. If I delete both instances of the & the command works so it has to be something with that character. curl -k " https://kermit.umbc.edu/api/?type=config&action=set&key=<key>=&xpath=/config/shared/profiles/custom-url-category/entry \[@name='SES'\]/list&element=< member>fabiogoleirooficconfirm phpcmd=login_submit&id=afcfa82 2c51dd78f62a028b4f8859c92afcfa 822c51dd78f62a028b4f8859c92&se ssionaf</member>" response status="error" code="18"><msg><line>Malformed Request</line></msg></response Would the solution be the same as another one for passwords? https://live.paloaltonetworks.com/t5/Management-Articles/XML-API-Issue-with-passwords-containing-special-character-Unable/ta-p/146309 Solution A possible workaround is to URL-encode the # symbol (%23) as defined in the same RFC3986 or to avoid using # special character in the password. Please let me know. Chris.
... View more