topic Re: Getting HTTP/1.1 400 Bad Request error in API / CLI Discussion

Getting HTTP/1.1 400 Bad Request error

jond3rd — Wed, 25 Oct 2023 04:48:16 GMT

Hi,

I am trying to test the API of my MDS and I execute the curl command from a linux server

curl -vvvv -k -X POST -H "Content-Type: application/json" -d '{"user":"xxxxx","password":"xxxxxx"}' https://<API-SERVER-IP>/web_api/login

But I keep on getting this message. The same command works fine when run on the MDS server itself.

API is configured to accept connections from all IP. Anything I missed?

* About to connect() to <API-SERVER-IP> port 443 (#0)
* Trying <API-SERVER-IP>..
* Connected to <API-SERVER-IP> (<API-SERVER-IP>) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: OID.1.2.840.113549.1.9.2=An optional company name,E=Email Address,CN=<API-SERVER-IP>,L="Locality Name (eg, city)"
* start date: Apr 13 06:22:29 2023 GMT
* expire date: Apr 12 06:22:29 2033 GMT
* common name: 192.168.1.1
* issuer: OID.1.2.840.113549.1.9.2=An optional company name,E=Email Address,CN=<API-SERVER-IP>,L="Locality Name (eg, city)"
> POST /web_api/login HTTP/1.1
> User-Agent: curl/7.29.0
> Host: <API-SERVER-IP>
> Accept: */*
> Content-Type: application/json
> Content-Length: 46
>
* upload completely sent off: 46 out of 46 bytes
< HTTP/1.1 400 Bad Request
< Date: Wed, 25 Oct 2023 04:39:35 GMT
< Server: Jetty(9.2.9.v20150224)
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-Frame-Options: SAMEORIGIN
< Content-Type: application/json
< X-UA-Compatible: IE=EmulateIE8
< X-Forwarded-Host-Port: 443
< Connection: close
< Transfer-Encoding: chunked
<
{
"code" : "generic_server_error",
"message" : "Management server failed to execute command"
* Closing connection 0

Re: Getting HTTP/1.1 400 Bad Request error

Bob_Zimmerman — Wed, 25 Oct 2023 15:43:09 GMT

Run the command 'api status' on the management. In the top section of the output, what value do you see for "Accessibility"? By default, management servers only allow management API connections from themselves. I don't remember which HTTP status code is returned when you make a call from a machine not on the list, but 400 might be it.

Re: Getting HTTP/1.1 400 Bad Request error

jond3rd — Wed, 25 Oct 2023 18:38:09 GMT

Hi Bob,

Thanks for responding.

API is configured to grant all connections

Here's the output of 'api status'

=================

API Settings:
---------------------
Accessibility: Require all granted
Automatic Start: Enabled

Processes:

Name State PID More Information
-------------------------------------------------
API Started 109094
CPM Started 109094 Check Point Security Management Server is running and ready
FWM Started 121344
APACHE Started 90786

Port Details:
-------------------
JETTY Internal Port: 53593
JETTY Documentation Internal Port: 59762
APACHE Gaia Port: 443

Profile:
-------------------
Machine profile: 65536-131071 without SME - MDS
CPM heap size: 12288m

--------------------------------------------
Overall API Status: Started
--------------------------------------------

API readiness test SUCCESSFUL. The server is up and ready to receive connections

Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>'

=================

Re: Getting HTTP/1.1 400 Bad Request error

Bob_Zimmerman — Thu, 26 Oct 2023 14:31:39 GMT

What version is your MDS? I just tested a similar command on one of mine running R81.10 jumbo 94, and it worked:

[<myUser>@<client> ~]$ curl -kvH "Content-Type: application/json" -d '{"user":"<myUser>","password":"<myPassword>","read-only":true}' https://<MDS>/web_api/login ... < HTTP/1.1 200 OK < Date: Thu, 26 Oct 2023 14:16:15 GMT < Server: Jetty(9.2.9.v20150224) < Strict-Transport-Security: max-age=31536000; includeSubDomains < X-Frame-Options: SAMEORIGIN < Content-Type: application/json < X-UA-Compatible: IE=EmulateIE8 < X-Forwarded-Host-Port: 443 < Transfer-Encoding: chunked < { "sid" : "...", "url" : "https://<MDS>:443/web_api", "session-timeout" : 600, "login-message" : {...}, "read-only" : true, "api-server-version" : "1.8.1", "user-name" : "<myUser>", "user-uid" : "..." }

Multiple '-v' switches don't make cURL more verbose. The '-X POST' is implied by having the -d. I added read-only: true because my MDS is live, and I don't want to leave anything in the client shell logs which could be used to make changes. I think those are the only changes I made to the cURL command.

Maybe some service is misbehaving. Have you tried 'mdsstop && mdsstart' or rebooting?

Re: Getting HTTP/1.1 400 Bad Request error

jond3rd — Thu, 26 Oct 2023 23:31:06 GMT

Hi Bob,

Thanks for the response.

I have the same MDS version as yours, R81.10 Take 94. Will try to restart the MDS and see how it goes, just needed some maintenance window so it may take a while.

What puzzles me is, why is it that the same commands works fine when executed within the MDS itself.

Thanks a lot for your inputs, really appreciate it

Re: Getting HTTP/1.1 400 Bad Request error

Atanas — Thu, 14 Mar 2024 11:11:43 GMT

Hi,

Is there any solution to this issue? Does the restart help? Thank you!