Using API on api/haproxy/settings/addAcl ==> "result": "failed"

Started by filmar, August 16, 2022, 02:10:50 AM

Previous topic - Next topic
Hello,

I work a day to find a way to POST a new ACL via the API of HAProxy.

Can anyone can help me to know the exact format of JSON I have to create ?

I am using C#. There is my code :

                var url = this.haproxy.Client.BaseUrl + this.haproxy.BaseUrl + this.baseUrl + "/addAcl";

                var acl = new
                {
                    acl = new
                    {
                        name = name,
                        expression = "hdr_sub",
                        hdr_sub = name,
                        negate = "0"
                    }
                };


                var serializerSettings = new JsonSerializerSettings();
                serializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();
                var json = JsonConvert.SerializeObject(acl, serializerSettings);

                var response = await this.haproxy.Client.httpClient.PostAsJsonAsync(url, json, cancellationToken);


I tried a lot of format, but I always got "result": "failed" from OpnSense.

Thank you for your help !

We need this API to be running because we want to implement OpnSense in our Azure Environment.

Thank you for the anwser.

Hi!
i think you can start at https://docs.opnsense.org/development/api.html#introduction for prerequisites
and use browser dev.console to find out query details and fields
for HAProxy acl post request looks like:

{"acl":{"name":"NewACL","description":"API Check","expression":"hdr","negate":"0","caseSensitive":"0","hdr_beg":"","hdr_end":"","hdr":"opnsense.org","hdr_reg":"","hdr_sub":"","path_beg":"","path_end":"","path":"","path_reg":"","path_dir":"","path_sub":"","cust_hdr_beg_name":"","cust_hdr_beg":"","cust_hdr_end_name":"","cust_hdr_end":"","cust_hdr_name":"","cust_hdr":"","cust_hdr_reg_name":"","cust_hdr_reg":"","cust_hdr_sub_name":"","cust_hdr_sub":"","url_param":"","url_param_value":"","ssl_c_verify_code":"","ssl_c_ca_commonname":"","src":"","src_bytes_in_rate_comparison":"gt","src_bytes_in_rate":"","src_bytes_out_rate_comparison":"gt","src_bytes_out_rate":"","src_conn_cnt_comparison":"gt","src_conn_cnt":"","src_conn_cur_comparison":"gt","src_conn_cur":"","src_conn_rate_comparison":"gt","src_conn_rate":"","src_http_err_cnt_comparison":"gt","src_http_err_cnt":"","src_http_err_rate_comparison":"gt","src_http_err_rate":"","src_http_req_cnt_comparison":"gt","src_http_req_cnt":"","src_http_req_rate_comparison":"gt","src_http_req_rate":"","src_kbytes_in_comparison":"gt","src_kbytes_in":"","src_kbytes_out_comparison":"gt","src_kbytes_out":"","src_port_comparison":"gt","src_port":"","src_sess_cnt_comparison":"gt","src_sess_cnt":"","nbsrv":"","nbsrv_backend":"","ssl_fc_sni":"","ssl_sni":"","ssl_sni_sub":"","ssl_sni_beg":"","ssl_sni_end":"","ssl_sni_reg":"","allowedUsers":"","allowedGroups":"","custom_acl":""}}

Hello Fright,

Thank you very much for your time to answer me !

I tried your json format, but still have the same error.

There is the formatted json string I send to OpnSense via API :


{"acl":{"name":"test","description":"","expression":"hdr","negate":"0","caseSensitive":"0","hdr_beg":"","hdr_end":"","hdr":"test.test.com","hdr_reg":"","hdr_sub":"","path_beg":"","path_end":"","path":"","path_reg":"","path_dir":"","path_sub":"","cust_hdr_beg_name":"","cust_hdr_beg":"","cust_hdr_end_name":"","cust_hdr_end":"","cust_hdr_name":"","cust_hdr":"","cust_hdr_reg_name":"","cust_hdr_reg":"","cust_hdr_sub_name":"","cust_hdr_sub":"","url_param":"","url_param_value":"","ssl_c_verify_code":"","ssl_c_ca_commonname":"","src":"","src_bytes_in_rate_comparison":"gt","src_bytes_in_rate":"","src_bytes_out_rate_comparison":"gt","src_bytes_out_rate":"","src_conn_cnt_comparison":"gt","src_conn_cnt":"","src_conn_cur_comparison":"gt","src_conn_cur":"","src_conn_rate_comparison":"gt","src_conn_rate":"","src_http_err_cnt_comparison":"gt","src_http_err_cnt":"","src_http_err_rate_comparison":"gt","src_http_err_rate":"","src_http_req_cnt_comparison":"gt","src_http_req_cnt":"","src_http_req_rate_comparison":"gt","src_http_req_rate":"","src_kbytes_in_comparison":"gt","src_kbytes_in":"","src_kbytes_out_comparison":"gt","src_kbytes_out":"","src_port_comparison":"gt","src_port":"","src_sess_cnt_comparison":"gt","src_sess_cnt":"","nbsrv":"","nbsrv_backend":"","ssl_fc_sni":"","ssl_sni":"","ssl_sni_sub":"","ssl_sni_beg":"","ssl_sni_end":"","ssl_sni_reg":"","allowedUsers":"","allowedGroups":"","custom_acl":""}}


The OpnSense return me 200 "OK", but when I read the Content response I got this :


{"result":"failed"}


from c# PostAsJsonAsync:


var response = await this.haproxy.Client.httpClient.PostAsJsonAsync(url, json, cancellationToken);


I can read the HaProxy configuration without problem via API, but I cannot create new content.

You have been able to insert new ACL by this way ?

Thank you !

Hi!
QuoteYou have been able to insert new ACL by this way ?
checked the api a couple of times but didn't use C# (curl, py)
and can't help with the code (understand C# only with google  ::))
but I don't see the authorization headers in your request. I would start with this..

Hello,

After long road, I was able to make it working in C#.

There is the solution :


                var url = this.haproxy.Client.BaseUrl + this.haproxy.BaseUrl + this.baseUrl + "/addAcl";

                var model = new
                {
                    acl = new
                    {
                        negate = "0",
                        name = name,
                        expression = "hdr_end"
                    }
                };

                var response = await this.haproxy.Client.httpClient.PostAsync(url, JsonContent.Create(model));


Please, notice that I have created classes to manage OpnSense "haproxy", "Client", etc...

not sure I fully understand, especially from the code snippet, but I'm glad it works )

Hi,
Try to add an ACL in haproxy using API, the operation was successful but when I checked the haproxy.conf file I don't find the acl I added using API.
Any idea how to refresh the file or to check if my ACL has been added successfully