EDR Cloud IP approving (/api/approvedlist/entries) using CIDR notation fails with 400 Bad Request
Article ID: 291508
Updated On:
Products
Carbon Black Hosted EDR (formerly Cb Response Cloud)
Issue/Introduction
Using the REST API (/api/approvedlist/entries) to add CIDR IP ranges fails with a "400 Bad Request" error. For example:
[root@localhost]# curl -k -X POST "https://FQDN/api/approvedlist/entries" -H "X-Auth-Token:`psql -d cb -p 5002 -t -c 'select auth_token from cb_user where id = 1;'`" -H "Content-Type: application/json" -d "{\"ipaddr\": \"1.2.3.4/24\"}"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>400 Bad Request</title>
<h1>Bad Request</h1>
<p>The browser (or proxy) sent a request that this server could not understand.</p>
Environment
- EDR Server: 7.7.0
- Hosted EDR: 7.7.0
Resolution
Workaround:
1. Insert a new CIDR IP range directly into the Postgres database, replacing <x.x.x.x/y> with your IP range:
3. Restart the cluster to make changes take effect.
1. Insert a new CIDR IP range directly into the Postgres database, replacing <x.x.x.x/y> with your IP range:
psql -d cb -p 5002 -c "insert into nginx_approvedlist (ipaddr) values ('<x.x.x.x/y>');"
2. Repeat step 1 for each IP address or CIDR IP range to be added.3. Restart the cluster to make changes take effect.
/usr/share/cb/cbcluster stop /usr/share/cb/cbcluster start4. You can validate that the IP range was added to the nginx approved list by reviewing this file:
cat /var/cb/nginx/props/nginx.runtime.ipfilters.prop
Additional Information
- The REST API (/api/approvedlist/entries) can still be used with single IP addresses in EDR Server 7.7.0.
- For Hosted EDR customers, please open a case with VMware Carbon Black Technical Support to implement the workaround above on your behalf, until the issue (CB-39972) is fixed in a future release.
Feedback
Yes
No
Powered by
