Skip to main content
EdwardY
Staff
Staff
August 22, 2023

Technical Tip: REST API Execution Through Bash Shell Scripting

  • August 22, 2023
  • 0 replies
  • 1530 views
Description This article describes how to execute REST API via bash shell scripts.
Scope FortiDDOS-F.
Solution

The following examples apply to modules of Blocklist, Address Service, SPP ACL, and Config Backup Restore:

 

  1. Upload Blocklist file:
  • Create an upload_ipv4_blocklist.txt file containing a list of IPv4 addresses under the current directory.
  • Type the following shell command where username and password as well as host IP address are variable parameters according to the actual FortiDDoS environment.

 

epoch_time=`date +%s`;token=`curl -d '{"username":"admin", "password":"fortinet"}' -H "Content-Type: application/json" -X POST https://172.30.153.219/api/user/login --insecure 2>/dev/null | sed -r 's/.*token\"\:\"(.*)\"}/\1\n/'`;curl -k -H "Authorization: Bearer $token" -H "Cookie: last_access_time=$epoch_time" -F "filename=@upload_ipv4_blocklist.txt" https://172.30.153.219/api/upload/ipv4_blocklist_file

 

  1. Download the Blocklist file:
  • Type the following shell command where username and password as well as host IP address are variable parameters according to the actual FortiDDoS environment.
  • All blocklisted IPv4 addresses will be stored in the download_ipv4_blocklist.txt file in the current directory.

 

epoch_time=`date +%s`;token=`curl -d '{"username":"admin", "password":"fortinet"}' -H "Content-Type: application/json" -X POST https://172.30.153.219/api/user/login --insecure 2>/dev/null | sed -r 's/.*token\"\:\"(.*)\"}/\1\n/'`;curl -k -H "Authorization: Bearer $token" -H "Cookie: last_access_time=$epoch_time" -X GET https://172.30.153.219/api/download/ipv4_blocklist_file -o download_ipv4_blocklist.txt

 

  1.  Add a single address in the Blocklist file:
  • Type the following shell command where username and password as well as host IP address are variable parameters according to the actual FortiDDoS environment.
  • No matter there is an existing blocklist file uploaded or not, the IP in the payload will be added.

 

epoch_time=`date +%s`;token=`curl -d '{"username":"admin", "password":"fortinet"}' -H "Content-Type: application/json" -X POST https://172.30.153.219/api/user/login --insecure 2>/dev/null | sed -r 's/.*token\"\:\"(.*)\"}/\1\n/'`;curl -k -H "Authorization: Bearer $token" -H "Cookie: last_access_time=$epoch_time" -d '{"ip":"1.1.1.1"}' -H "Content-Type: application/json" https://172.30.153.219/api/append/ipv4_blocklist_file?vdom

 

     4. Delete a single address in the Blocklist file:

  • Type the following shell command where username and password as well as host IP address are variable parameters according to the actual FortiDDoS environment.
  • The IP address to delete in the payload is variable according to the user’s environment.

 

epoch_time=`date +%s`;token=`curl -d '{"username":"admin", "password":"fortinet"}' -H "Content-Type: application/json" -X POST https://172.30.153.219/api/user/login --insecure 2>/dev/null | sed -r 's/.*token\"\:\"(.*)\"}/\1\n/'`;curl -k -H "Authorization: Bearer $token" -H "Cookie: last_access_time=$epoch_time" -d '{"ip":"1.1.1.1"}' -H "Content-Type: application/json" https://172.30.153.219/api/delete/ipv4_blocklist_file?vdom

     

     5. Clear addresses:

  • Type the following shell command where username and password as well as host IP address are variable parameters according to the actual FortiDDoS environment.
  • The payload is empty so by using [] as a placeholder no matter what condition that there are IP addresses existing or not.

 

epoch_time=`date +%s`;token=`curl -d '{"username":"admin", "password":"fortinet"}' -H "Content-Type: application/json" -X POST https://172.30.153.219/api/user/login --insecure 2>/dev/null | sed -r 's/.*token\"\:\"(.*)\"}/\1\n/'`;curl -k -H "Authorization: Bearer $token" -H "Cookie: last_access_time=$epoch_time" -d '[]' -H "Content-Type: application/json" https://172.30.153.219/api/reset/ipv4_blocklist_file?vdom

 

     6. New Blocklist IPv4 entry:

  • Type the following shell command where username and password as well as host IP address are variable parameters according to the actual FortiDDoS environment.
  • The IP address in the payload is what the user wants to create in the blocklist with the entry name in mkey parameter.

 

epoch_time=`date +%s`;token=`curl -d '{"username":"admin", "password":"fortinet"}' -H "Content-Type: application/json" -X POST https://172.30.153.219/api/user/login --insecure 2>/dev/null | sed -r 's/.*token\"\:\"(.*)\"}/\1\n/'`;curl -k -H "Authorization: Bearer $token" -H "Cookie: last_access_time=$epoch_time" -d '{"status":"enable","mkey":"1","ip-address":"1.1.1.1"}' -H "Content-Type: application/json" https://172.30.153.219/api/ddos_global_ipv4_blocklist

 

     7. Delete Blocklist IPv4 entry:

  • Type the following shell command where username and password as well as host IP address are variable parameters according to the actual FortiDDoS environment.
  • The mkey is the name of the entry that the user wants to delete, therefore it is necessary to have that entry in the blocklist at first.

 

epoch_time=`date +%s`;token=`curl -d '{"username":"admin", "password":"fortinet"}' -H "Content-Type: application/json" -X POST https://172.30.153.219/api/user/login --insecure 2>/dev/null | sed -r 's/.*token\"\:\"(.*)\"}/\1\n/'`;curl -k -H "Authorization: Bearer $token" -H "Cookie: last_access_time=$epoch_time" -H "Content-Type: application/json" -X DELETE https://172.30.153.219/api/ddos_global_ipv4_blocklist?mkey=1

 

     8. Merge Blocklist IPv4 entries:

  • Type the following shell command where username and password as well as host IP address are variable parameters according to the actual FortiDDoS environment.
  • The payload is empty so by using [] as a placeholder no matter what condition that there are IP addresses selected or not.

 

epoch_time=`date +%s`;token=`curl -d '{"username":"admin", "password":"fortinet"}' -H "Content-Type: application/json" -X POST https://172.30.153.219/api/user/login --insecure 2>/dev/null | sed -r 's/.*token\"\:\"(.*)\"}/\1\n/'`;curl -k -H "Authorization: Bearer $token" -H "Cookie: last_access_time=$epoch_time" -d '[]' -H "Content-Type: application/json" https://172.30.153.219/api/merge/ipv4_blocklist_file?vdom

 

     9. Address and Service new IPv4 address entry:

  • Type the following shell command where username and password as well as host IP address are variable parameters according to the actual FortiDDoS environment.
  • The ip-netmask in the payload is what the user wants to create for the new IPv4 address entry.

 

epoch_time=`date +%s`;token=`curl -d '{"username":"admin", "password":"fortinet"}' -H "Content-Type: application/json" -X POST https://172.30.153.219/api/user/login --insecure 2>/dev/null | sed -r 's/.*token\"\:\"(.*)\"}/\1\n/'`;curl -k -H "Authorization: Bearer $token" -H "Cookie: last_access_time=$epoch_time" -d '{"type":"ip-netmask","ip-netmask":"1.0.0.0/8","ip-min":"0.0.0.0","ip-max":"255.255.255.255","mkey":"IPv4_addr1","country":"ZZ"}' -H "Content-Type: application/json" https://172.30.153.219/api/system_address4

 

     10. Address and Service new IPv6 address entry:

  • Type the following shell command where username and password as well as host IP address are variable parameters according to the actual FortiDDoS environment.
  • The ip6-netmask in the payload is what the user wants to create for the new IPv6 address entry.

 

epoch_time=`date +%s`;token=`curl -d '{"username":"admin", "password":"fortinet"}' -H "Content-Type: application/json" -X POST https://172.30.153.219/api/user/login --insecure 2>/dev/null | sed -r 's/.*token\"\:\"(.*)\"}/\1\n/'`;curl -k -H "Authorization: Bearer $token" -H "Cookie: last_access_time=$epoch_time" -d '{"type":"ip6-network","ip6-network":"2001::1/64","ip6-min":"::","ip6-max":"FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF","mkey":"IPv6_addr1","country":"ZZ"}' -H "Content-Type: application/json" https://172.30.153.219/api/system_address6

 

     11. Address and Service delete IPv4 address entry:

  • Type the following shell command where username and password as well as host IP address are variable parameters according to the actual FortiDDoS environment.
  • The mkey is the entry name that the user wants to delete, therefore it is necessary to have this IPv4 address entry at first.

 

epoch_time=`date +%s`;token=`curl -d '{"username":"admin", "password":"fortinet"}' -H "Content-Type: application/json" -X POST https://172.30.153.219/api/user/login --insecure 2>/dev/null | sed -r 's/.*token\"\:\"(.*)\"}/\1\n/'`;curl -k -H "Authorization: Bearer $token" -H "Cookie: last_access_time=$epoch_time" -H "Content-Type: application/json" -X DELETE https://172.30.153.219/api/system_address4?mkey=IPv4_addr1

 

     12. Address and Service delete IPv6 address entry:

  • Type the following shell command where username and password as well as host IP address are variable parameters according to the actual FortiDDoS environment.
  • The mkey is the entry name that the user wants to delete, therefore it is necessary to have this IPv6 address entry at first.

 

epoch_time=`date +%s`;token=`curl -d '{"username":"admin", "password":"fortinet"}' -H "Content-Type: application/json" -X POST https://172.30.153.219/api/user/login --insecure 2>/dev/null | sed -r 's/.*token\"\:\"(.*)\"}/\1\n/'`;curl -k -H "Authorization: Bearer $token" -H "Cookie: last_access_time=$epoch_time" -H "Content-Type: application/json" -X DELETE https://172.30.153.219/api/system_address6?mkey=IPv6_addr1

 

     13. Create SPP ACL entry with IPv4 address:

  • Type the following shell command where username and password as well as host IP address are variable parameters according to the actual FortiDDoS environment.
  • The mkey is the name of the ACL entry that the user wants to create, and the source-address-v4 is the source IPv4 address bundled to the new entry.
  • The pkey is the name of the SPP which the user wants to create ACL for.

 

epoch_time=`date +%s`;token=`curl -d '{"username":"admin", "password":"fortinet"}' -H "Content-Type: application/json" -X POST https://172.30.153.219/api/user/login --insecure 2>/dev/null | sed -r 's/.*token\"\:\"(.*)\"}/\1\n/'`;curl -k -H "Authorization: Bearer $token" -H "Cookie: last_access_time=$epoch_time" -d '{"mkey":"acl1_v4","status":"enable","action":"reject","ip-version":"IPv4","source-address-v4-type":"addr4","source-address-v4":"IPv4_addr1","service-type":"service","service":"ALL"}' -H "Content-Type: application/json" https://172.30.153.219/api/ddos_spp_rule_child_acl?pkey=default

 

     14. Create SPP ACL entry with IPv6 address:

  • Type the following shell command where username and password as well as host IP address are variable parameters according to the actual FortiDDoS environment.
  • The mkey is the name of the ACL entry that the user wants to create, and the source-address-v6 is the source IPv6 address bundled to the new entry.
  • The pkey is the name of the SPP which the user wants to create ACL for.

 

epoch_time=`date +%s`;token=`curl -d '{"username":"admin", "password":"fortinet"}' -H "Content-Type: application/json" -X POST https://172.30.153.219/api/user/login --insecure 2>/dev/null | sed -r 's/.*token\"\:\"(.*)\"}/\1\n/'`;curl -k -H "Authorization: Bearer $token" -H "Cookie: last_access_time=$epoch_time" -d '{"mkey":"acl1_v6","status":"enable","action":"reject","ip-version":"IPv6","source-address-v6-type":"addr6","source-address-v6":"IPv6_addr1","service-type":"service","service":"ALL"}' -H "Content-Type: application/json" https://172.30.153.219/api/ddos_spp_rule_child_acl?pkey=default

 

     15. Delete SPP ACL entries:

  • Type the following shell command where username and password as well as host IP address are variable parameters according to the actual FortiDDoS environment.
  • The mkeys contain the name of ACL entries that the user wants to delete, while gid is a fixed value '3949' as cmdb table ID, and the pkey is the name of the SPP which the user wants to delete ACLs for.

 

epoch_time=`date +%s`;token=`curl -d '{"username":"admin", "password":"fortinet"}' -H "Content-Type: application/json" -X POST https://172.30.153.219/api/user/login --insecure 2>/dev/null | sed -r 's/.*token\"\:\"(.*)\"}/\1\n/'`;curl -k -H "Authorization: Bearer $token" -H "Cookie: last_access_time=$epoch_time" -d '{"gid":"3949","mkeys":["acl1_v4","acl1_v6"],"pkey":"default"}' -H "Content-Type: application/json" https://172.30.153.219/api/ddos_spp_rule_child_acl/batch_remove?pkey=default

 

     16. Backup configuration:

  • Type the following shell command where username and password as well as host IP address are variable parameters according to the actual FortiDDoS environment.
  • The file backup_config.conf containing all configurations will be saved in the current Linux word path.

 

epoch_time=`date +%s`;token=`curl -d '{"username":"admin", "password":"fortinet"}' -H "Content-Type: application/json" -X POST https://172.30.153.219/api/user/login --insecure 2>/dev/null | sed -r 's/.*token\"\:\"(.*)\"}/\1\n/'`;curl -k -H "Authorization: Bearer $token" -H "Cookie: last_access_time=$epoch_time" -X GET https://172.30.153.219/api/download/config?spp_only=false -o backup_config.conf

 

     17. Restore configuration:

  • Create a restore_config.conf file containing all configurations under the current directory.
  • Type the following shell command where username and password as well as host IP address are variable parameters according to the actual FortiDDoS environment.

 

epoch_time=`date +%s`;token=`curl -d '{"username":"admin", "password":"fortinet"}' -H "Content-Type: application/json" -X POST https://172.30.153.219/api/user/login --insecure 2>/dev/null | sed -r 's/.*token\"\:\"(.*)\"}/\1\n/'`;curl -k -H "Authorization: Bearer $token" -H "Cookie: last_access_time=$epoch_time" -F "filename=@restore_config.conf" https://172.30.153.219/api/upload/config