incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chiradeep Vittal <Chiradeep.Vit...@citrix.com>
Subject Re: Is there anyway to block root admin APIs on WAF?
Date Fri, 26 Oct 2012 16:53:20 GMT
This sounds like an excellent idea. Could you raise an enhancement
request. 
I do remember someone talking about moving all admin level APIs to a
separate webapp.
Alex?

On 10/25/12 3:47 PM, "Clement Chen" <clement.chen@citrix.com> wrote:

>I am wondering whether there is an easy way to block high privilege APIs
>on WAF. For example, for security reasons customers might want to block
>remote access to root admin APIs or limit access to domain admin APIs to
>certain IP addresses.
>
>It can be easily done on WAF if we have separate API endpoints for root
>admin/domain admin/end user APIs. For example, in case of VMWare vCloud
>Director, APIs accessible only to system admins are under
>http://hostname/cloud/api/1.0/admin/extension and this can be easily
>blocked on a WAF.
>
>Our API is not pure REST API and we do not have separate endpoints. Is
>there any easy way to block high privilege APIs other than blocking the
>commands one by one in the WAF?
>
>Thanks.
>
>-Clement


Mime
View raw message