Using API on api/haproxy/settings/addAcl ==> "result": "failed"

[filmar]

Hello,

I work a day to find a way to POST a new ACL via the API of HAProxy.

Can anyone can help me to know the exact format of JSON I have to create ?

I am using C#. There is my code :

Code: [Select]

                var url = this.haproxy.Client.BaseUrl + this.haproxy.BaseUrl + this.baseUrl + "/addAcl";

                var acl = new
                {
                    acl = new
                    {
                        name = name,
                        expression = "hdr_sub",
                        hdr_sub = name,
                        negate = "0"
                    }
                };


                var serializerSettings = new JsonSerializerSettings();
                serializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();
                var json = JsonConvert.SerializeObject(acl, serializerSettings);

                var response = await this.haproxy.Client.httpClient.PostAsJsonAsync(url, json, cancellationToken);
I tried a lot of format, but I always got "result": "failed" from OpnSense.

Thank you for your help !

[filmar]

We need this API to be running because we want to implement OpnSense in our Azure Environment.

Thank you for the anwser.

[Fright]

Hi!
i think you can start at https://docs.opnsense.org/development/api.html#introduction for prerequisites
and use browser dev.console to find out query details and fields
for HAProxy acl post request looks like:

Code: [Select]

{"acl":{"name":"NewACL","description":"API Check","expression":"hdr","negate":"0","caseSensitive":"0","hdr_beg":"","hdr_end":"","hdr":"opnsense.org","hdr_reg":"","hdr_sub":"","path_beg":"","path_end":"","path":"","path_reg":"","path_dir":"","path_sub":"","cust_hdr_beg_name":"","cust_hdr_beg":"","cust_hdr_end_name":"","cust_hdr_end":"","cust_hdr_name":"","cust_hdr":"","cust_hdr_reg_name":"","cust_hdr_reg":"","cust_hdr_sub_name":"","cust_hdr_sub":"","url_param":"","url_param_value":"","ssl_c_verify_code":"","ssl_c_ca_commonname":"","src":"","src_bytes_in_rate_comparison":"gt","src_bytes_in_rate":"","src_bytes_out_rate_comparison":"gt","src_bytes_out_rate":"","src_conn_cnt_comparison":"gt","src_conn_cnt":"","src_conn_cur_comparison":"gt","src_conn_cur":"","src_conn_rate_comparison":"gt","src_conn_rate":"","src_http_err_cnt_comparison":"gt","src_http_err_cnt":"","src_http_err_rate_comparison":"gt","src_http_err_rate":"","src_http_req_cnt_comparison":"gt","src_http_req_cnt":"","src_http_req_rate_comparison":"gt","src_http_req_rate":"","src_kbytes_in_comparison":"gt","src_kbytes_in":"","src_kbytes_out_comparison":"gt","src_kbytes_out":"","src_port_comparison":"gt","src_port":"","src_sess_cnt_comparison":"gt","src_sess_cnt":"","nbsrv":"","nbsrv_backend":"","ssl_fc_sni":"","ssl_sni":"","ssl_sni_sub":"","ssl_sni_beg":"","ssl_sni_end":"","ssl_sni_reg":"","allowedUsers":"","allowedGroups":"","custom_acl":""}}


[filmar]

Hello Fright,

Thank you very much for your time to answer me !

I tried your json format, but still have the same error.

There is the formatted json string I send to OpnSense via API :

Code: [Select]

{"acl":{"name":"test","description":"","expression":"hdr","negate":"0","caseSensitive":"0","hdr_beg":"","hdr_end":"","hdr":"test.test.com","hdr_reg":"","hdr_sub":"","path_beg":"","path_end":"","path":"","path_reg":"","path_dir":"","path_sub":"","cust_hdr_beg_name":"","cust_hdr_beg":"","cust_hdr_end_name":"","cust_hdr_end":"","cust_hdr_name":"","cust_hdr":"","cust_hdr_reg_name":"","cust_hdr_reg":"","cust_hdr_sub_name":"","cust_hdr_sub":"","url_param":"","url_param_value":"","ssl_c_verify_code":"","ssl_c_ca_commonname":"","src":"","src_bytes_in_rate_comparison":"gt","src_bytes_in_rate":"","src_bytes_out_rate_comparison":"gt","src_bytes_out_rate":"","src_conn_cnt_comparison":"gt","src_conn_cnt":"","src_conn_cur_comparison":"gt","src_conn_cur":"","src_conn_rate_comparison":"gt","src_conn_rate":"","src_http_err_cnt_comparison":"gt","src_http_err_cnt":"","src_http_err_rate_comparison":"gt","src_http_err_rate":"","src_http_req_cnt_comparison":"gt","src_http_req_cnt":"","src_http_req_rate_comparison":"gt","src_http_req_rate":"","src_kbytes_in_comparison":"gt","src_kbytes_in":"","src_kbytes_out_comparison":"gt","src_kbytes_out":"","src_port_comparison":"gt","src_port":"","src_sess_cnt_comparison":"gt","src_sess_cnt":"","nbsrv":"","nbsrv_backend":"","ssl_fc_sni":"","ssl_sni":"","ssl_sni_sub":"","ssl_sni_beg":"","ssl_sni_end":"","ssl_sni_reg":"","allowedUsers":"","allowedGroups":"","custom_acl":""}}

The OpnSense return me 200 "OK", but when I read the Content response I got this :

Code: [Select]

{"result":"failed"}

from c# PostAsJsonAsync:

Code: [Select]

var response = await this.haproxy.Client.httpClient.PostAsJsonAsync(url, json, cancellationToken);

I can read the HaProxy configuration without problem via API, but I cannot create new content.

You have been able to insert new ACL by this way ?

Thank you !

[Fright]

Hi!

You have been able to insert new ACL by this way ?

checked the api a couple of times but didn't use C# (curl, py)
and can't help with the code (understand C# only with google  )
but I don't see the authorization headers in your request. I would start with this..

[filmar]

Hello,

After long road, I was able to make it working in C#.

There is the solution :

Code: [Select]

                var url = this.haproxy.Client.BaseUrl + this.haproxy.BaseUrl + this.baseUrl + "/addAcl";

                var model = new
                {
                    acl = new
                    {
                        negate = "0",
                        name = name,
                        expression = "hdr_end"
                    }
                };

                var response = await this.haproxy.Client.httpClient.PostAsync(url, JsonContent.Create(model));

Please, notice that I have created classes to manage OpnSense "haproxy", "Client", etc...

[Fright]

not sure I fully understand, especially from the code snippet, but I'm glad it works )

[ibrahim.djadir]

Hi,
Try to add an ACL in haproxy using API, the operation was successful but when I checked the haproxy.conf file I don't find the acl I added using API.
Any idea how to refresh the file or to check if my ACL has been added successfully