Restricted IPs

/api/2.0/fo/setup/restricted_ips/

[GET]  [POST]

Manage and update the list of restricted IPs within the user's subscription. Managers only have permission to perform these actions using this API.

Input Parameters

Parameter

Description

action={value}

(Required) One action must be defined

activate - enable or disable the restricted IPs feature

list - download list of all restricted IPs

clear - clear all restricted IPs and de-active this feature

add - add restricted IPs

delete - delete restricted IPs

replace - replace restricted IPs

echo_request={0|1}

(Optional) Specify 1 to view (echo) input parameters in the XML output. By default these are not included.

enable={0|1}

(Optional and valid when action is activate) Enable or disable the restricted IPs list. Set enable=1 to enable the list; set enable=0 to clear any IPs in the list and disable the feature.

ips={value} -or- {CSV raw data upload}

(Optional and valid when action is add, replace or delete)

The hosts you want to add to, remove from or replace in the restricted IPs list. IPs must be specified by using the “ips” parameter (using the POST method) or by uploading CSV raw data (using the GET or POST method). To upload CSV raw data using POST, specify --data-binary <data>.

How to specify IP addresses. One or more IPs/ranges may be specified. Multiple IPs/ranges are comma separated. An IP range is specified with a hyphen (for example, 10.10.30.1-10.10.30.50). CIDR notation is supported.

output_format={CSV|XML}

(Optional and valid when action is list) The list output will be in XML format by default. For CSV format, set output_format=CSV.

 

Sample - Download restricted IPs

API request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d "action=list" "https://qualysapi.qualys.com/api/2.0/fo/setup/restricted_ips/"

XML output

<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE RESTRICTED_IPS_OUTPUT SYSTEM "https://qualysapi.qualys.com/api/2.0/fo/setup/restricted_ips/restricted_ips_output.dtd">

<RESTRICTED_IPS_OUTPUT>

  <RESPONSE>

    <DATETIME>2018-03-22T11:12:56Z</DATETIME>

    <IP_SET>

      <IP_RANGE>10.10.10.1-10.10.10.255</IP_RANGE>

    </IP_SET>

    <STATUS>disabled</STATUS>

  </RESPONSE>

</RESTRICTED_IPS_OUTPUT>

DTD for restricted IPs list

<platform API server>/api/2.0/fo/setup/restricted_ips/restricted_ips_output.dtd

Sample - Replace Restricted IPs (IPs in CIDR notation)

API request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d "action=replace&ips=10.0.0.0/8" "https://qualysapi.qualys.com/api/2.0/fo/setup/restricted_ips/" > output.txt

XML output

<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd">

<SIMPLE_RETURN>

  <RESPONSE>

    <DATETIME>2018-03-22T11:45:00Z</DATETIME>

    <TEXT>Successfully replaced restricted ips</TEXT>

    <ITEM_LIST>

      <ITEM>

        <KEY>STATUS</KEY>

        <VALUE>disabled</VALUE>

      </ITEM>

    </ITEM_LIST>

  </RESPONSE>

</SIMPLE_RETURN>

Sample - Delete Restricted IPs (upload CSV raw data)

CSV file

$ cat file1.csv

10.0.0.1

10.0.0.2-10.0.0.100

API request

curl -H "X-Requested-with:curl" -H "Content-type:text/csv" -u "USERNAME:PASSWORD"

--data-binary "@file1.csv" "https://qualysapi.qualys.com/api/2.0/fo/setup/restricted_ips/?action=delete"

XML output

<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd">

<SIMPLE_RETURN>

  <RESPONSE>

    <DATETIME>2018-03-22T11:45:34Z</DATETIME>

    <TEXT>Successfully deleted restricted ips</TEXT>

    <ITEM_LIST>

      <ITEM>

        <KEY>STATUS</KEY>

        <VALUE>disabled</VALUE>

      </ITEM>

    </ITEM_LIST>

  </RESPONSE>

</SIMPLE_RETURN>

Sample 4 - Activate Restricted IPs feature and enable list

API request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d "action=activate&enable=1" "https://qualysapi.qualys.com/api/2.0/fo/setup/restricted_ips/" > output.txt

XML output

<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd">

<SIMPLE_RETURN>

  <RESPONSE>

    <DATETIME>2018-03-22T11:46:45Z</DATETIME>

    <TEXT>Restricted IPs feature has been enabled successfully</TEXT>

    <ITEM_LIST>

      <ITEM>

        <KEY>STATUS</KEY>

        <VALUE>enabled</VALUE>

      </ITEM>

    </ITEM_LIST>

  </RESPONSE>

</SIMPLE_RETURN>

Sample 5 - Download Restricted IPs List in CSV format

API request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d "action=list&output_format=csv" "https://qualysapi.qualys.com/api/2.0/fo/setup/restricted_ips/"

CSV output

----BEGIN_RESPONSE_BODY_CSV

10.0.0.0

10.0.0.101-10.255.255.255

----END_RESPONSE_BODY_CSV

----BEGIN_RESPONSE_FOOTER_CSV

STATUS

enabled

----END_RESPONSE_FOOTER_CSV

Sample 6 - Clear All Restricted IPs and Disable the feature

API request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d "action=clear" "https://qualysapi.qualys.com/api/2.0/fo/setup/restricted_ips/"

XML output

<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd">

<SIMPLE_RETURN>

  <RESPONSE>

    <DATETIME>2018-03-22T12:04:34Z</DATETIME>

    <TEXT>Successfully cleared restricted ips</TEXT>

    <ITEM_LIST>

      <ITEM>

        <KEY>STATUS</KEY>

        <VALUE>disabled</VALUE>

      </ITEM>

    </ITEM_LIST>

  </RESPONSE>

</SIMPLE_RETURN>