incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clement Chen <clement.c...@citrix.com>
Subject Is there anyway to block root admin APIs on WAF?
Date Thu, 25 Oct 2012 22:47:03 GMT
I am wondering whether there is an easy way to block high privilege APIs on WAF. For example,
for security reasons customers might want to block remote access to root admin APIs or limit
access to domain admin APIs to certain IP addresses.

It can be easily done on WAF if we have separate API endpoints for root admin/domain admin/end
user APIs. For example, in case of VMWare vCloud Director, APIs accessible only to system
admins are under http://hostname/cloud/api/1.0/admin/extension and this can be easily blocked
on a WAF.

Our API is not pure REST API and we do not have separate endpoints. Is there any easy way
to block high privilege APIs other than blocking the commands one by one in the WAF?

Thanks.

-Clement

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message