ADC NITRO APIs

botprofile_ipreputation_binding

Binding object showing the ipreputation that can be bound to botprofile.

Properties

(click to see Operations )

Name Data Type Permissions Description
bot_ipreputation <Boolean> Read-write IP reputation binding. For each category, only one binding is allowed. To update the values of an existing binding, user has to first unbind that binding, and then needs to bind again with the new values.
category <String> Read-write IP Repuation category. Following IP Reuputation categories are allowed: *IP_BASED - This category checks whether client IP is malicious or not. *BOTNET - This category includes Botnet C;C channels, and infected zombie machines controlled by Bot master. *SPAM_SOURCES - This category includes tunneling spam messages through a proxy, anomalous SMTP activities, and forum spam activities. *SCANNERS - This category includes all reconnaissance such as probes, host scan, domain scan, and password brute force attack. *DOS - This category includes DOS, DDOS, anomalous sync flood, and anomalous traffic detection. *REPUTATION - This category denies access from IP addresses currently known to be infected with malware. This category also includes IPs with average low Webroot Reputation Index score. Enabling this category will prevent access from sources identified to contact malware distribution points. *PHISHING - This category includes IP addresses hosting phishing sites and other kinds of fraud activities such as ad click fraud or gaming fraud. *PROXY - This category includes IP addresses providing proxy services. *NETWORK - IPs providing proxy and anonymization services including The Onion Router aka TOR or darknet. *MOBILE_THREATS - This category checks client IP with the list of IPs harmful for mobile devices. *WINDOWS_EXPLOITS - This category includes active IP address offering or distributig malware, shell code, rootkits, worms or viruses. *WEB_ATTACKS - This category includes cross site scripting, iFrame injection, SQL injection, cross domain injection or domain password brute force attack. *TOR_PROXY - This category includes IP address acting as exit nodes for the Tor Network. *CLOUD - This category checks client IP with list of public cloud IPs. *CLOUD_AWS - This category checks client IP with list of public cloud IPs from Amazon Web Services. *CLOUD_GCP - This category checks client IP with list of public cloud IPs from Google Cloud Platform. *CLOUD_AZURE - This category checks client IP with list of public cloud IPs from Azure. *CLOUD_ORACLE - This category checks client IP with list of public cloud IPs from Oracle. *CLOUD_IBM - This category checks client IP with list of public cloud IPs from IBM. *CLOUD_SALESFORCE - This category checks client IP with list of public cloud IPs from Salesforce.

Possible values = IP, BOTNETS, SPAM_SOURCES, SCANNERS, DOS, REPUTATION, PHISHING, PROXY, NETWORK, MOBILE_THREATS, WINDOWS_EXPLOITS, WEB_ATTACKS, TOR_PROXY, CLOUD, CLOUD_AWS, CLOUD_GCP, CLOUD_AZURE, CLOUD_ORACLE, CLOUD_IBM, CLOUD_SALESFORCE
bot_iprep_enabled <String> Read-write Enabled or disabled IP-repuation binding.

Default value: OFF

Possible values = ON, OFF
name <String> Read-write Name for the profile. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.), pound (#), space ( ), at (@), equals (=), colon (:), and underscore (_) characters. Cannot be changed after the profile is added. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my profile" or 'my profile').

Minimum length = 1

Maximum length = 31
bot_bind_comment <String> Read-write Any comments about this binding.

Minimum length = 1
logmessage <String> Read-write Message to be logged for this binding.

Minimum length = 1
bot_iprep_action <String[]> Read-write One or more actions to be taken if bot is detected based on this IP Reputation binding. Only LOG action can be combinded with DROP, RESET, REDIRECT or MITIGATION action.

Default value: NONE

Possible values = NONE, LOG, DROP, REDIRECT, RESET, MITIGATION
__count <Double> Read-write count parameter

Operations

(click to see Properties )

  • ADD
  • DELETE
  • GET
  • GET (ALL)
  • COUNT

Some options that you can use for each operations:

  • Getting warnings in response: NITRO allows you to get warnings in an operation by specifying the 'warning' query parameter as 'yes'. For example, to get warnings while connecting to the NetScaler appliance, the URL is as follows:

    http:// <netscaler-ip-address> /nitro/v1/config/login?warning=yes

    If any, the warnings are displayed in the response payload with the HTTP code '209 X-NITRO-WARNING'.

  • Authenticated access for individual NITRO operations: NITRO allows you to logon to the NetScaler appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,

    To do this, you must specify the username and password in the request header of the NITRO request as follows:

    X-NITRO-USER: <username>

    X-NITRO-PASS: <password>

    Note: In such cases, make sure that the request header DOES not include the following:

    Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

*Note: * Mandatory parameters are marked in red and placeholder content is marked in green

add

URL: http:// <netscaler-ip-address /nitro/v1/config/botprofile_ipreputation_binding HTTP Method: PUT

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Content-Type:application/json

Request Payload:

{
"botprofile_ipreputation_binding":{
<b>"name":<String_value>,
</b>"bot_ipreputation":<Boolean_value>,
"category":<String_value>,
"bot_iprep_enabled":<String_value>,
"bot_iprep_action":<String[]_value>,
"logmessage":<String_value>,
"bot_bind_comment":<String_value>
}}

<!--NeedCopy-->

Response: HTTP Status Code on Success: 201 Created

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

delete

URL: http:// <netscaler-ip-address> /nitro/v1/config/botprofile_ipreputation_binding/ name_value<String> Query-parameters: args http:// <netscaler-ip-address> /nitro/v1/config/botprofile_ipreputation_binding/ name_value<String> ? args=bot_ipreputation: <Boolean_value> ,category: <String_value>

HTTP Method: DELETE

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Response: HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

get

URL: http:// <netscaler-ip-address> /nitro/v1/config/botprofile_ipreputation_binding/ name_value<String> Query-parameters: filter http:// <netscaler-ip-address> /nitro/v1/config/botprofile_ipreputation_binding/ name_value<String> ? filter=property-name1:property-value1,property-name2:property-value2

Use this query-parameter to get the filtered set of botprofile_ipreputation_binding resources configured on NetScaler.Filtering can be done on any of the properties of the resource.

pagination http:// <netscaler-ip-address> /nitro/v1/config/botprofile_ipreputation_binding/ name_value<String> ? pagesize=#no;pageno=#no

Use this query-parameter to get the botprofile_ipreputation_binding resources in chunks.

HTTP Method: GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Accept:application/json

Response: HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

Response Header:

Content-Type:application/json

Response Payload:

{  "botprofile_ipreputation_binding": [ {
"bot_ipreputation":<Boolean_value>,
"category":<String_value>,
"bot_iprep_enabled":<String_value>,
"name":<String_value>,
"bot_bind_comment":<String_value>,
"logmessage":<String_value>,
"bot_iprep_action":<String[]_value>
}]}

<!--NeedCopy-->

get (all)

URL: http:// <netscaler-ip-address> /nitro/v1/config/botprofile_ipreputation_binding HTTP Method: GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Accept:application/json

Query-parameters: bulkbindings http:// <netscaler-ip-address> /nitro/v1/config/botprofile_ipreputation_binding? bulkbindings=yes

NITRO allows you to fetch bindings in bulk.

Note: get (all) method can be used only in conjuction with bulkbindings query parameter.

Response: HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

Response Header:

Content-Type:application/json

Response Payload:

{  "botprofile_ipreputation_binding": [ {
"bot_ipreputation":<Boolean_value>,
"category":<String_value>,
"bot_iprep_enabled":<String_value>,
"name":<String_value>,
"bot_bind_comment":<String_value>,
"logmessage":<String_value>,
"bot_iprep_action":<String[]_value>
}]}

<!--NeedCopy-->

count

URL: http:// <netscaler-ip-address> /nitro/v1/config/botprofile_ipreputation_binding/ name_value<String> ? count=yes HTTP Method: GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Accept:application/json

Response: HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

Response Header:

Content-Type:application/json

Response Payload:

{"botprofile_ipreputation_binding": [ { "__count": "#no"} ] }

<!--NeedCopy-->
botprofile_ipreputation_binding