update_ip_restriction_allowlist

This command adds or removes IP addresses from an IP restriction allowlist.

You can create allowlists either from the GUI or by using the enable_disable_ip_restriction API. For more information, see Managing access by IP address.

This API is available in Guardium V11.4 and later.

REST API syntax

This API is available as a REST service with the PUT method. Call this API as follows:
PUT https://[Guardium hostname or IP address]:8443/restAPI/ip_restriction

GuardAPI syntax

update_ip_restriction_allowlist parameter=value

Parameters

Parameter Value type Description
action String Required. Specify whether to add or remove an IP address. Valid values:
  • ADD
  • REMOVE
ips String Required. A list of one or more comma-separated IP addresses to add or remove.
type String Required. Specify whether to update the IP address allowlist for the GUI, for SSH, or both (ALL). Valid values:
  • ALL - Both GUI and SSH
  • GUI
  • SSH
api_target_host String

Specifies the target hosts where the API executes. Valid values:
  • all_managed: execute on all managed units but not the central manager
  • all: execute on all managed units and the central manager
  • group:<group name>: execute on all managed units identified by <group name>
  • host name or IP address of a managed unit: specified from the central manager to execute on a managed unit.  For example, api_target_host=10.0.1.123.
  • host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, api_target_host=10.0.1.123.

IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode.

Examples

This example adds an IP addresss to the GUI allowlist.

>grdapi update_ip_restriction_allowlist action=“ADD” ips=“9.160.142.63" type=“GUI”