Global IP Blacklist REST Interface

Data

ip_range

The blacklisted IP range (IPv4 / IPv6). This entry is normalized and always contains the netmask in short form.
ttl

The time-to-life value in seconds. When ttl reaches zero, vWAF automatically deletes the entry from the global IP blacklist.

For more information regarding global IP blacklisting, see Global IP Blacklisting.

Getting a list of global IP blacklist entries

Request

Method GET

URL /blacklistedips/

Arguments –
Response

Return code Arguments Meaning

200 [{ENTRY1}, {ENTRY2}, ...] list successfully returned

401 - no login

403 - not enough rights

500 - internal server error
Example

The following request retrieves a list of all globally blacklisted IP addresses.

$ curl -u admin:admin -H 'Content-Type: application/json' http://127.0.0.1:8087/api/af/2.0/blacklistedips { "__name": "blacklistedips", "__path": "/api/af/2.0/blacklistedips/", "__subnodes": [ "::1-128", "127.0.0.1-32" ], "blacklist": [ { "ip_range": "127.0.0.1/32", "ttl": 6981 }, { "ip_range": "::1/128", "ttl": 300 } ] }

Method	GET
URL	/blacklistedips/
Arguments	–

Return code	Arguments	Meaning
200	[{ENTRY1}, {ENTRY2}, ...]	list successfully returned
401	-	no login
403	-	not enough rights
500	-	internal server error

Getting a global IP blacklist entry

Request

Method GET

URL /blacklistedips/IPRANGE

Arguments –

Method	GET
URL	/blacklistedips/IPRANGE
Arguments	–

Response

Return code	Arguments	Meaning
200	{ ENTRY }	global IP blacklist entry successfully returned
401	-	no login
403	-	not enough rights
404	-	global IP blacklist entry not found
500	-	internal server error

Examples

The following request retrieves the values of the blacklisted IP address "127.0.0.1".

$ curl -u admin:admin -H 'Content-Type: application/json' http://127.0.0.1:8087/api/af/2.0/blacklistedips/127.0.0.1 { "__name": "127.0.0.1", "__path": "/api/af/2.0/blacklistedips/127.0.0.1/", "__subnodes": [], "ip_range": "127.0.0.1/32", "ttl": 7200 }

The following request retrieves the values of the blacklisted IP address "::1/128". A slash can't be part of an object name, so it must be replaced by a hyphen within the URL.

$ curl -u admin:admin -H 'Content-Type: application/json' http://127.0.0.1:8087/api/af/2.0/blacklistedips/::1-128 { "__name": "::1-128", "__path": "/api/af/2.0/blacklistedips/::1-128/", "__subnodes": [], "ip_range": "::1/128", "ttl": 300 }

Adding one or multiple global IP blacklist entries

Request

Method POST

URL /blacklistedips/

Arguments { 'ip_range' : ip_range, 'ttl' : ttl } or:
{ 'ip_range_list' : [{'ip_range': ip_range, 'ttl' : ttl}, …]}

Method	POST
URL	/blacklistedips/
Arguments	{ 'ip_range' : ip_range, 'ttl' : ttl } or: { 'ip_range_list' : [{'ip_range': ip_range, 'ttl' : ttl}, …]}

Response

Return code	Arguments	Meaning
200	-	new global IP blacklist entry successfully added
401	-	no login
403	-	not enough rights
409	-	malformed, conflicting, or missing data
500	-	internal server error

Examples

The following request creates a global IP blacklist entry for the IP address "127.0.0.1" with a ttl of "300". As a result, the old blacklist entry is returned. T0he fact that the returned ttl is larger than 300 is due to the fact that for the given IP address there had already existed an IP blacklist entry with a larger ttl.

$ curl -u admin:admin -H 'Content-Type: application/json' --data '{"ip_range":"127.0.0.1", "ttl": 300}' http://127.0.0.1:8087/api/af/2.0/blacklistedips { "__name": "127.0.0.1", "__path": "/api/af/2.0/blacklistedips/127.0.0.1/", "__subnodes": [], "ip_range": "127.0.0.1/32", "ttl": 6981 }

The following request adds a global IP blacklist entry for the IPv6 address "2a01:4f8:130:8421::145" with a ttl of 300.

$ curl -u admin:admin -H 'Content-Type: application/json' --data '{"ip_range":"::1", "ttl": 300}' http://2a01:4f8:130:8421::145/api/af/2.0/blacklistedips { "__name": "::1", "__path": "/api/af/2.0/blacklistedips/::1/", "__subnodes": [], "ip_range": "::1/128", "ttl": 300 }

The following request adds a global IP blacklist entry for the IPv6 address "2a01:4f8:130:8421::145" with a ttl of 300.

If you want to add multiple entries to the blacklist, you can do so in one or several bulk operations. This is significantly faster than sending a separate request for each entry. We recommend using lists of about 100 to 200 entries each. If, for example, you want to add 1000 entries to the blacklist, instead of sending 1000 requests, send 10 requests, each consisting of a list of 100 entries.

The following example adds 4 entries to the global IP blacklist:

$ cat bulk_post.json { "ip_range_list" : [ {"ip_range" : "127.0.0.1", "ttl" : 3600}, {"ip_range" : "127.0.0.2", "ttl" : 3600}, {"ip_range" : "127.0.0.3", "ttl" : 3600}, {"ip_range" : "127.0.0.4", "ttl" : 3600} ] } $ curl -u admin:admin -X POST --data @bulk_post.json -H "Content-Type: application/json" http://localhost:8087/api/af/latest/blacklistedips/ { "__name": "blacklistedips", "__path": "/api/af/latest/blacklistedips/", "__subnodes": [ "127.0.0.1-32", "127.0.0.2-32", "127.0.0.3-32", "127.0.0.4-32", "excludedips" ], "blacklist": [ { "ip_range": "127.0.0.1/32", "ttl": 3600 }, { "ip_range": "127.0.0.2/32", "ttl": 3600 }, { "ip_range": "127.0.0.3/32", "ttl": 3600 }, { "ip_range": "127.0.0.4/32", "ttl": 3600 } ] }

Changing a global IP blacklist entry

Request

Method PUT

URL /blacklistedips/IPRANGE

Arguments { 'ttl' : ttl }

If the new ttl value is below the old one, the new value is ignored.

If you do a PUT request to a nonexistent ip_range, this ip_range entry is created with the given ttl.

Method	PUT
URL	/blacklistedips/IPRANGE
Arguments	{ 'ttl' : ttl }

Response

Return code	Arguments	Meaning
200	-	IP blacklist entry successfully modified
401	-	no login
403	-	not enough rights
409	-	malformed, conflicting, or missing data
500	-	internal server error

Example

The following request changes the ttl of a global IP blacklist entry to a value of "7200".

$ curl -X PUT -u admin:admin -H 'Content-Type: application/json' --data '{"ttl": 7200}' http://127.0.0.1:8087/api/af/2.0/blacklistedips/127.0.0.1 { "__name": "127.0.0.1", "__path": "/api/af/2.0/blacklistedips/127.0.0.1/", "__subnodes": [], "ip_range": "127.0.0.1/32", "ttl": 7200 }

Deleting a global IP blacklist entry

Request

Method DELETE

URL /blacklistedips/IPRANGE

Arguments –

Method	DELETE
URL	/blacklistedips/IPRANGE
Arguments	–

Response

Return code	Arguments	Meaning
200	-	IP blacklist entry successfully deleted
401	-	no login
403	-	not enough rights
404	-	IP blacklist entry not found
500	-	internal server error

Example

The following request deletes the global IP blacklist entry of the IP address "::1/128."

$ curl -X DELETE -u admin:admin -H 'Content-Type: application/json' http://127.0.0.1:8087/api/af/2.0/blacklistedips/::1-128 {}

Managing ranges of excluded IP addresses

You can also manage ranges of IP addresses that are excluded from the global IP blacklist via the REST interface. To do so, you can reach the list of excluded IP addresses via api/af/2.0/blacklistedips/excludedips/.

Example: Getting a list of excluded IP address ranges

GET http://localhost:8087/api/af/2.0/blacklistedips/excludedips { "__name": "excludedips", "__path": "/api/af/2.0/blacklistedips/excludedips/", "__subnodes": [ "10.10.2.10-32", "10.0.0.0-8", "1.2.3.4-32" ], "whitelist": [ { "ip_range": "1.2.3.4/32" }, { "ip_range": "10.10.2.10/32" }, { "ip_range": "10.0.0.0/8" } ] }

Example: Checking data for one IP address range

GET http://localhost:8087/api/af/2.0/blacklistedips/excludedips/{IPRANGE} Note that IPRANGE in the URL is written in the form IP-prefixlength, not in the form IP/prefixlength. curl example: curl -u admin:admin \ http://localhost:8087/api/af/2.0/blacklistedips/excludedips/1.2.3.4-32 { "__name": "1.2.3.4-32", "__path": "/api/af/2.0/blacklistedips/excludedips/1.2.3.4-32/", "__subnodes": [], "__type": "WhitelistedIPObject", "ip_range": "1.2.3.4/32" }

Example: Adding a range of excluded IP addresses

POST a JSON object with ip_range set to the range of IP addresses that you want to add to the list of excluded IP addresses.

curl example:

$ curl -u admin:admin -H "Content-Type: application/json" \ -data '{"ip_range": "192.168.0.0/16"}' \ http:/localhost:8087/api/af/2.0/blacklistedips/excludedips { "__name": "192.168.0.0-16", "__path": "/api/af/2.0/blacklistedips/excludedips/192.168.0.0-16/", "__subnodes": [], "ip_range": "192.168.0.0/16" }

Example: Deleting a range of excluded IP addresses

$ curl -u admin:admin -H "Content-Type: application/json" \ -data '{"ip_range": "192.168.0.0/16"}' \ http:/localhost:8087/api/af/2.0/blacklistedips/excludedips { "__name": "192.168.0.0-16", "__path": "/api/af/2.0/blacklistedips/excludedips/192.168.0.0-16/", "__subnodes": [], "ip_range": "192.168.0.0/16" }

Note that IPRANGE in the URL is written in the form IP-prefixlength, not in the form IP/prefixlength.

curl example:

curl -X DELETE -u admin:admin \ http://localhost:8087/api/af/2.0/blacklistedips/excludedips/192.168.0.0-16 {}