This sounds like an excellent idea. Could you raise an enhancement request. I do remember someone talking about moving all admin level APIs to a separate webapp. Alex?
On 10/25/12 3:47 PM, "Clement Chen" <clement.c...@citrix.com> wrote: >I am wondering whether there is an easy way to block high privilege APIs >on WAF. For example, for security reasons customers might want to block >remote access to root admin APIs or limit access to domain admin APIs to >certain IP addresses. > >It can be easily done on WAF if we have separate API endpoints for root >admin/domain admin/end user APIs. For example, in case of VMWare vCloud >Director, APIs accessible only to system admins are under >http://hostname/cloud/api/1.0/admin/extension and this can be easily >blocked on a WAF. > >Our API is not pure REST API and we do not have separate endpoints. Is >there any easy way to block high privilege APIs other than blocking the >commands one by one in the WAF? > >Thanks. > >-Clement
