So, I've got this PHP script that calls a REST API with curl. The URL basically looks like this:
https://firewall1/api/?type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='RULENAME']&element=<disabled>no</disabled>&key=APIKEY
The response comes back as a success, but the change is not actually made in the firewall, which seems odd. If I take and run this same URL with command-line curl, it works as expected.
curl -v -k -g "https://firewall1/api/?type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='RuleName']&element=<disabled>no</disabled>&key=APIKEY"
My curl settings look like this:
$failover1 = curl_init($enableFailover1);
$failback1 = curl_init($disableFailover1);
$commit1 = curl_init($commitFW1);
//set curl options
curl_setopt_array($failover1, array(
CURLOPT_SSL_VERIFYHOST => 0,
CURLOPT_SSL_VERIFYPEER => 0,
CURLOPT_POST => TRUE,
CURLOPT_RETURNTRANSFER => TRUE
));
$responseFail1 = curl_exec($failover1);
$responseBack1 = curl_exec($failback1);
$responseCommit1 = curl_exec($commit1);
//failover and take approprate action for errors
if($responseFail1 === FALSE) {
die(curl_error($failover1));
} else {
//do some stuff
}
Running the PHP script returns the same response as the curl command line, but the result is not the same. Is there some header I'm not passing or something I should do to get this working properly? I should also add that it works if I take the URL and paste in a browser and if I pass the command to shell_exec. Thanks for the help!
Response from curl command line:
* Connection #0 to host firewall1 left intact
<response status="success" code="20"><msg>command succeeded</msg></response>
Response from curl in PHP script:
<response status="success" code="20"><msg>command succeeded</msg></response>
Looks like you are omitting the option -g in the PHP call. As I can see below description from manual:
"When this style is used, the -g option must be given to stop curl from interpreting the square brackets as special globbing characters. Link local and site local addresses including a scope identifier, such as fe80::1234%1, may also be used, but the scope portion must be numeric or match an existing network interface on Linux and the percent character must be URL escaped. The previous example in an SFTP URL might look like
:sftp://[fe80::1234%251]/"
https://curl.haxx.se/docs/manual.html
A better option would be to call the overall URL string using PHP shell script execution function shell_exec() in your case. PHP curl is a wrapper library to be used for curl using PHP there may be few options that PHP curl library may not be supporting like -g option in your case which is available in command line.