cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

2251
Views
0
Helpful
4
Replies
babiojd01
Beginner

curl no longer working against asa 9.6.4(36)

I upgraded some ASA firewalls to 9.6.4(34) and (36) and I can no longer execute commands on them to retrieve info via curl. I tried adding a user agent string but that does not help. What has changed in the OS? I receive a 400 error.

1 ACCEPTED SOLUTION

Accepted Solutions
balaji.bandi
VIP Master

400 is bad request, what you trying to achieve here ?

 

 

You can allow non-browser-based HTTPS clients to access HTTPS services on the ASA. By default, ASDM, CSM, and REST API are allowed. Many specialty clients (for example, python libraries, curl, and wget) do not support Cross-site request forgery (CSRF) token-based authentication, so you need to specifically allow these clients to use the ASA basic authentication method. For security purposes, you should only allow required clients.

New/Modified commands: http server basic-auth-client

New/Modified screens.

Configuration > Device Management > Management Access > HTTP Non-Browser Client Support

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

View solution in original post

4 REPLIES 4
balaji.bandi
VIP Master

400 is bad request, what you trying to achieve here ?

 

 

You can allow non-browser-based HTTPS clients to access HTTPS services on the ASA. By default, ASDM, CSM, and REST API are allowed. Many specialty clients (for example, python libraries, curl, and wget) do not support Cross-site request forgery (CSRF) token-based authentication, so you need to specifically allow these clients to use the ASA basic authentication method. For security purposes, you should only allow required clients.

New/Modified commands: http server basic-auth-client

New/Modified screens.

Configuration > Device Management > Management Access > HTTP Non-Browser Client Support

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

View solution in original post

Ive tried

curl.exe -s -k "https://user:password@1.1.1.1/exec/show+ver"

curl.exe -u username:password -s -k "https://user:password@1.1.1.1/exec/show+ver"

curl.exe -s -k "https://user:password@1.1.1.1/admin/exec/show+ver"

curl.exe -u username:password -s -k "https://1.1.1.1/admin/exec/show+ver"

curl.exe -u username:password -A user-agent -s -k "https://1.1.1.1/admin/exec/show+ver"

 

The first command in the list used to work up until 9.6.3 so what changed and why can't i retrieve the info anymore?

have you enabled the option i have pointed out earlier, since you mentioned you upgrade, may be (not necessary) disabled.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

Such a great help for those of us who struggle.Thank you.

Create
Recognize Your Peers
Content for Community-Ad