Unable to use HTTPS Managment “API” on Cisco ASA 9.12Cisco ASA ACL helphttps url filtering on Cisco ASA 5520Unable to save ASA configSSD status on Cisco ASAASA unable to pass ICMP and RDP through internal interfacesASA / WCCP issue with https service group 70Unable to properly configure ASA 5512 with WAN IPUnable to reach public IPs of servers behind ASA 5512Oxidized Unable to Pull Cisco ASA ConfigCisco ASA rekeying

What's the most polite way to tell a manager "shut up and let me work"?

If a massive object like Jupiter flew past the Earth how close would it need to come to pull people off of the surface?

What should I do about a religious player who refuses to accept the existence of multiple gods in D&D?

California: "For quality assurance, this phone call is being recorded"

Is there a term for this?

Select row of data if next row contains zero

Recording the inputs of a command and producing a list of them later on

The deliberate use of misleading terminology

Is there a rule that prohibits us from using 2 possessives in a row?

Are grass strips more dangerous than tarmac?

Is having a hidden directory under /etc safe?

What does it mean by "d-ism of Leibniz" and "dotage of Newton" in simple English?

How crucial is a waifu game storyline?

Is the world in Game of Thrones spherical or flat?

TV show or movie: Diseased people are exiled to a spaceship

What does War Machine's "Canopy! Canopy!" line mean in "Avengers: Endgame"?

Why is Colorado so different politically from nearby states?

Why would Lupin kill Pettigrew?

How do I truncate a csv file?

How can I offer a test ride while selling a bike?

Explain Ant-Man's "not it" scene from Avengers: Endgame

How much current can Baofeng UV-5R provide on +V pin?

What is the right way to float a home lab?

Coding Challenge Solution - Good Range



Unable to use HTTPS Managment “API” on Cisco ASA 9.12


Cisco ASA ACL helphttps url filtering on Cisco ASA 5520Unable to save ASA configSSD status on Cisco ASAASA unable to pass ICMP and RDP through internal interfacesASA / WCCP issue with https service group 70Unable to properly configure ASA 5512 with WAN IPUnable to reach public IPs of servers behind ASA 5512Oxidized Unable to Pull Cisco ASA ConfigCisco ASA rekeying













2















After upgrading a Cisco ASA to code version 9.12(1)3, I am unable to reach the HTTPS management interface, which we use for many automation tools.



Example curl that is functional in prior code (9.8 or 9.10):



curl -k -u mah_user https://10.10.10.1/admin/exec/show+version


Now, instead of the output of that command, we are receiving a 400 Bad Request error.



What changed?






cisco cisco-asa api







share|improve this question


























    2















    After upgrading a Cisco ASA to code version 9.12(1)3, I am unable to reach the HTTPS management interface, which we use for many automation tools.



    Example curl that is functional in prior code (9.8 or 9.10):



    curl -k -u mah_user https://10.10.10.1/admin/exec/show+version


    Now, instead of the output of that command, we are receiving a 400 Bad Request error.



    What changed?






    cisco cisco-asa api







    share|improve this question
























      2












      2








      2








      After upgrading a Cisco ASA to code version 9.12(1)3, I am unable to reach the HTTPS management interface, which we use for many automation tools.



      Example curl that is functional in prior code (9.8 or 9.10):



      curl -k -u mah_user https://10.10.10.1/admin/exec/show+version


      Now, instead of the output of that command, we are receiving a 400 Bad Request error.



      What changed?






      cisco cisco-asa api







      share|improve this question














      After upgrading a Cisco ASA to code version 9.12(1)3, I am unable to reach the HTTPS management interface, which we use for many automation tools.



      Example curl that is functional in prior code (9.8 or 9.10):



      curl -k -u mah_user https://10.10.10.1/admin/exec/show+version


      Now, instead of the output of that command, we are receiving a 400 Bad Request error.



      What changed?






      cisco cisco-asa api




      cisco cisco-asa api






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked May 24 at 1:55









      Brett LykinsBrett Lykins

      7,44352964




      7,44352964




















          1 Answer
          1






          active

          oldest

          votes


















          3














          As of ASA code 9.12, you must provide a user-agent header with your HTTP requests to the ASA management interface.



          In the ASA code version 9.12 release notes, it specifies the following:




          Allow non-browser-based HTTPS clients to access the ASA



          You can allow non-browser-based HTTPS clients to access HTTPS services on the ASA. By default, ASDM, CSM, and REST API are allowed.



          New/Modified commands: http server basic-auth-client




          What they do not explicitly spell out in this output, is that the ASA management "API" was not previously a supported way to access the ASA. It was intended to be used by the ASDM or their own REST API wrapper.



          In opening it up for "the rest of us" and making it supported behavior (which they needed to do because there is no ASA REST API java applet on the ASA code running on Firepower hardware), they added some new restrictions.



          You can either do one of the following:




          1. Add user-agent headers with a value you specify in http server basic-auth-client <my-user-agent-goes-here>



            • Example config: http server basic-auth-client mah_user_agent

            • Example curl: curl -k -u mah_user -A mah_user_agent https://10.10.10.1/admin/exec/show+version



          2. Use one of the pre-existing/supported user-agent headers:



            • Example curl: curl -k -u mah_user -A ASDM https://10.10.10.1/admin/exec/show+version


          Either one of these will work for you, although I prefer the second as it needs no config changes on the ASA to function.



          It is also worth noting, that in my testing you can also send the user-agent: ASDM header with all prior versions of ASA code as well, they just don't care what you send or set for that value.






          share|improve this answer























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "496"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            noCode: true, onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f59366%2funable-to-use-https-managment-api-on-cisco-asa-9-12%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            3














            As of ASA code 9.12, you must provide a user-agent header with your HTTP requests to the ASA management interface.



            In the ASA code version 9.12 release notes, it specifies the following:




            Allow non-browser-based HTTPS clients to access the ASA



            You can allow non-browser-based HTTPS clients to access HTTPS services on the ASA. By default, ASDM, CSM, and REST API are allowed.



            New/Modified commands: http server basic-auth-client




            What they do not explicitly spell out in this output, is that the ASA management "API" was not previously a supported way to access the ASA. It was intended to be used by the ASDM or their own REST API wrapper.



            In opening it up for "the rest of us" and making it supported behavior (which they needed to do because there is no ASA REST API java applet on the ASA code running on Firepower hardware), they added some new restrictions.



            You can either do one of the following:




            1. Add user-agent headers with a value you specify in http server basic-auth-client <my-user-agent-goes-here>



              • Example config: http server basic-auth-client mah_user_agent

              • Example curl: curl -k -u mah_user -A mah_user_agent https://10.10.10.1/admin/exec/show+version



            2. Use one of the pre-existing/supported user-agent headers:



              • Example curl: curl -k -u mah_user -A ASDM https://10.10.10.1/admin/exec/show+version


            Either one of these will work for you, although I prefer the second as it needs no config changes on the ASA to function.



            It is also worth noting, that in my testing you can also send the user-agent: ASDM header with all prior versions of ASA code as well, they just don't care what you send or set for that value.






            share|improve this answer



























              3














              As of ASA code 9.12, you must provide a user-agent header with your HTTP requests to the ASA management interface.



              In the ASA code version 9.12 release notes, it specifies the following:




              Allow non-browser-based HTTPS clients to access the ASA



              You can allow non-browser-based HTTPS clients to access HTTPS services on the ASA. By default, ASDM, CSM, and REST API are allowed.



              New/Modified commands: http server basic-auth-client




              What they do not explicitly spell out in this output, is that the ASA management "API" was not previously a supported way to access the ASA. It was intended to be used by the ASDM or their own REST API wrapper.



              In opening it up for "the rest of us" and making it supported behavior (which they needed to do because there is no ASA REST API java applet on the ASA code running on Firepower hardware), they added some new restrictions.



              You can either do one of the following:




              1. Add user-agent headers with a value you specify in http server basic-auth-client <my-user-agent-goes-here>



                • Example config: http server basic-auth-client mah_user_agent

                • Example curl: curl -k -u mah_user -A mah_user_agent https://10.10.10.1/admin/exec/show+version



              2. Use one of the pre-existing/supported user-agent headers:



                • Example curl: curl -k -u mah_user -A ASDM https://10.10.10.1/admin/exec/show+version


              Either one of these will work for you, although I prefer the second as it needs no config changes on the ASA to function.



              It is also worth noting, that in my testing you can also send the user-agent: ASDM header with all prior versions of ASA code as well, they just don't care what you send or set for that value.






              share|improve this answer

























                3












                3








                3







                As of ASA code 9.12, you must provide a user-agent header with your HTTP requests to the ASA management interface.



                In the ASA code version 9.12 release notes, it specifies the following:




                Allow non-browser-based HTTPS clients to access the ASA



                You can allow non-browser-based HTTPS clients to access HTTPS services on the ASA. By default, ASDM, CSM, and REST API are allowed.



                New/Modified commands: http server basic-auth-client




                What they do not explicitly spell out in this output, is that the ASA management "API" was not previously a supported way to access the ASA. It was intended to be used by the ASDM or their own REST API wrapper.



                In opening it up for "the rest of us" and making it supported behavior (which they needed to do because there is no ASA REST API java applet on the ASA code running on Firepower hardware), they added some new restrictions.



                You can either do one of the following:




                1. Add user-agent headers with a value you specify in http server basic-auth-client <my-user-agent-goes-here>



                  • Example config: http server basic-auth-client mah_user_agent

                  • Example curl: curl -k -u mah_user -A mah_user_agent https://10.10.10.1/admin/exec/show+version



                2. Use one of the pre-existing/supported user-agent headers:



                  • Example curl: curl -k -u mah_user -A ASDM https://10.10.10.1/admin/exec/show+version


                Either one of these will work for you, although I prefer the second as it needs no config changes on the ASA to function.



                It is also worth noting, that in my testing you can also send the user-agent: ASDM header with all prior versions of ASA code as well, they just don't care what you send or set for that value.






                share|improve this answer













                As of ASA code 9.12, you must provide a user-agent header with your HTTP requests to the ASA management interface.



                In the ASA code version 9.12 release notes, it specifies the following:




                Allow non-browser-based HTTPS clients to access the ASA



                You can allow non-browser-based HTTPS clients to access HTTPS services on the ASA. By default, ASDM, CSM, and REST API are allowed.



                New/Modified commands: http server basic-auth-client




                What they do not explicitly spell out in this output, is that the ASA management "API" was not previously a supported way to access the ASA. It was intended to be used by the ASDM or their own REST API wrapper.



                In opening it up for "the rest of us" and making it supported behavior (which they needed to do because there is no ASA REST API java applet on the ASA code running on Firepower hardware), they added some new restrictions.



                You can either do one of the following:




                1. Add user-agent headers with a value you specify in http server basic-auth-client <my-user-agent-goes-here>



                  • Example config: http server basic-auth-client mah_user_agent

                  • Example curl: curl -k -u mah_user -A mah_user_agent https://10.10.10.1/admin/exec/show+version



                2. Use one of the pre-existing/supported user-agent headers:



                  • Example curl: curl -k -u mah_user -A ASDM https://10.10.10.1/admin/exec/show+version


                Either one of these will work for you, although I prefer the second as it needs no config changes on the ASA to function.



                It is also worth noting, that in my testing you can also send the user-agent: ASDM header with all prior versions of ASA code as well, they just don't care what you send or set for that value.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered May 24 at 1:55









                Brett LykinsBrett Lykins

                7,44352964




                7,44352964



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Network Engineering Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f59366%2funable-to-use-https-managment-api-on-cisco-asa-9-12%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Category:9 (number) SubcategoriesMedia in category "9 (number)"Navigation menuUpload mediaGND ID: 4485639-8Library of Congress authority ID: sh85091979ReasonatorScholiaStatistics

                    Image
                    Natural numbersSquare numbersCategories requiring diffusion Help Category:9 (number) From Wikimedia Commons, the free media repository Jump to navigation Jump to search number: 9 (nine) instance of: natural number, deficient number, square number, composite number, odd number, centered cube number, centered octagonal number and nonagonal number other integers: -8 • -4 • -2 • -1 • 0 • 1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9 • 10 • 11 • 12 • 13 • 14 • 15 • 16 • 17 • 18 • 19 • 20 • 21 • 22 • 23 • 24 • 25 • 26 • 27 • 28 • 29 -20 • 0 • 10 • 20 • 30 • 40 • 50 • 60 • 70 • 80 • 90 • 100 • 110 • 120 • 130 • 140 • 150 • 160 • 170 • 180 • 190 • 200 This category has become too crowded. It should list very few images directly. Files should be moved to subcategories where appropriate. New subcategories can be created. Some files need to be moved elsewhere. Search for more categories: fulltext, Main Page, topics, meta categories. Please remove or replace this tag
                    Read more

                    Circuit construction for execution of conditional statements using least significant bitHow are two different registers being used as “control”?How exactly is the stated composite state of the two registers being produced using the $R_zz$ controlled rotations?Efficiently performing controlled rotations in HHLWould this quantum algorithm implementation work?How to prepare a superposed states of odd integers from $1$ to $sqrtN$?Why is this implementation of the order finding algorithm not working?Circuit construction for Hamiltonian simulationHow can I invert the least significant bit of a certain term of a superposed state?Implementing an oracleImplementing a controlled sum operation

                    Image
                    How to attach cable mounting points to a bicycle frame? Is Jon Snow the last of his House? A steel cutting sword? I know that there is a preselected candidate for a position to be filled at my department. What should I do? Is the field of q-series 'dead'? How to cut a climbing rope? Do photons bend spacetime or not? Where have Brexit voters gone? Is it legal to have an abortion in another state or abroad? Did this character show any indication of wanting to rule before S8E6? How to respond to upset student? Compaq Portable vs IBM 5155 Portable PC Is the Indo-European language family made up? Can I summon an otherworldly creature with the Gate spell without knowing its true name? USPS Back Room - Trespassing? Can my floppy disk still work without a shutter spring? Alternatives to achieve certain output format Are black holes spherical during merger? Can the product of any two aperiodic functions which are defined on the entire number line be p
                    Read more

                    Magento 2 “No Payment Methods” in Admin New OrderHow to integrate Paypal Express Checkout with the Magento APIMagento 1.5 - Sales > Order > edit order and shipping methods disappearAuto Invoice Check/Money Order Payment methodAdd more simple payment methods?Shipping methods not showingWhat should I do to change payment methods if changing the configuration has no effects?1.9 - No Payment Methods showing upMy Payment Methods not Showing for downloadable/virtual product when checkout?Magento2 API to access internal payment methodHow to call an existing payment methods in the registration form?

                    Image
                    What is the meaning of [[:space:]] in bash? Is this artwork (used in a video game) real? What happens on Day 6? Link of a singularity Should I be able to keep my company purchased standing desk when I leave my job? Alternator dying so junk car? A scene of Jimmy diversity Is the Gritty Realism variant incompatible with dungeon-based adventures? What could be reasoning of male prison in VR world to only allow undershirt and sarong as nightwear to male prisoners Why does FFmpeg choose 10+20+20 ms instead of an even 16 ms for 60 fps GIF images? Sending a photo of my bank account card to the future employer Advice for paying off student loans and auto loans now that I have my first 'real' job If I stood next to a piece of metal heated to a million degrees, but in a perfect vacuum, would I feel hot? What made Windows ME so crash-prone? Can a dragon's breath weapon pass through Leomund's Tiny Hut? Did 007 exist before James Bond? Is there a sour
                    Read more