Minimal permissions for managing CSF through API token
-
Not sure I understand what you mean. I am trying to unblock an IP in CSF. As I said with full permissions I am able to do that. 0 -
Hello, For instance, how are you authenticating with the API token? Are you using a web browser? What error message do you receive? Thank you. 0 -
You do not have access to ConfigServer Firewall.
If you are logging in as a reseller to access CSF, you must first authorize the reseller user via the following option as "root" in "WHM >> ConfigServer Security & Firewall": CSF >> cPanel Resellers >> Edit Reseller Privs Thank you.0 -
I"m not giving permissions to any reseller. I just create an API token in "Manage API tokens" and use with root as in PHP $api = curl_init(); curl_setopt($api, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($api, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($api, CURLOPT_HEADER, 0); curl_setopt($api, CURLOPT_RETURNTRANSFER, 1); $auth[0] = "Authorization: WHM root:$token"; curl_setopt($api, CURLOPT_HTTPHEADER, $auth); Thanks! 0 -
Hello, I believe this is a limitation of the CSF application itself. For instance, I was able to get it working by authorizing "root" via the following option in "WHM >> ConfigServer Security & Firewall": CSF >> cPanel Resellers >> Edit Reseller Privs EX: root:1:USE,UNBLOCK
I recommend reporting this to ConfigServer directly: Report Bugs (csf) - ConfigServer Community Forum Thank you.0 -
Thanks! I am going to report it as a bug, but I still I don"t get the same message reporting the IP has been unblocked. I get no message! 0 -
Is there any way to create an API token for a simple account? I am thinking of creating a separate user for unblocking IPs 0 -
Is there any way to create an API token for a simple account? I am thinking of creating a separate user for unblocking IPs
You could create a new cPanel user and make it a reseller. You'd then access WHM as the reseller user and browse to "WHM Home " Development " Manage API Tokens" to create a separate API token for the reseller. There's a feature request here you may also want to vote for: root to be able to manage all user's tokens with api_token functions Thank you.0 -
Thanks for your reply! But if that account credentials are taken, new accounts could be created by the bad guys, couldn"t they? Is it possible to create a reseller account with minimum permissions? 0 -
Is it possible to create a reseller account with minimum permissions?
Yes, you can limit access to what the reseller can do at: Edit Reseller Nameservers and Privileges - Version 70 Documentation - cPanel Documentation Thank you.0 -
I haven"t upgraded to version 70 yet, I"m at 68 right now. Can I still do this? 0 -
Hello, Yes, the same feature is available in cPanel version 68. Thank you. 0 -
The CSF support has answered here: Can"t create CSF only permissions for API token used by root - ConfigServer Community Forum They blame the API, maybe you want to look into it or answer them. I have successfully created a reseller account with only CSF permissions 0 -
Hello Miguel, Please keep in mind that we currently only support the use of API tokens with the following features: - WHM API functions.
- DNS Clusters.
- Configuration Clusters
https://127.0.0.1:2087/json-api/listaccts?api.version=1
In particular, note the use of "json-api/listaccts?api.version=1", as that's indicating the use of a WHM API 1 function. In your custom script, you use the following:https://127.0.0.1:2087/cgi/configserver/csf.cgi?action=kill&ip=XXX.XXX.XXX.XXX
Notice how your link is just a direct link that you would use in a web browser as opposed to an actual WHM API 1 function. While this is technically possible with CGI scripts when the application is registered as a plugin with the0 -
So, as a WHM API function, is there any way to accomplish this? 0 -
So, as a WHM API function, is there any way to accomplish this?
Hello, No, we don't provide any direct WHM API 1 functions to manage CSF because CSF is not a feature of cPanel & WHM. It's a third-party application and thus would require it's own separate API. Additionally, note the following quote from CSF on0
Please sign in to leave a comment.
Comments
18 comments