Issue with pfSense pfREST API: Unable to Modify Firewall Alias (405 & 404 Errors)

[OscarILS]

Context
I’m trying to update a firewall alias in pfSense using the pfREST API. The goal is to add an IP address to an existing alias called "wazuh_blocked_ips". However, I'm running into issues when trying to retrieve or modify the alias.

What Works
I can successfully list all aliases using:

curl -k -u user:password -X GET "https://172.16.253.121/api/v2/firewall/aliases/"

🔹 Response:
json
{
"code": 200,
"status": "ok",
"response_id": "SUCCESS",
"message": "",
"data": [
{
"id": 0,
"name": "wazuh_blocked_ips",
"type": "network",
"descr": "IPs bloqueadas por wazuh",
"address": [],
"detail": []
}
]
}
So, the alias does exist.

Issues Encountered
❌ 1. Getting Alias Details (404 Not Found)
When I try to retrieve details of a specific alias, I get a 404 error:

curl -k -u user:password -X GET "https://172.16.253.121/api/v2/firewall/alias/wazuh_blocked_ips"

🔹 Response:

<title>404 Not Found</title>

404 Not Found

---

nginx I also tried using v1 instead of v2, but the result is the same.

❌ 2. Trying POST or PATCH Methods (405 Method Not Allowed)
Since GET didn’t work, I tried using POST (in case the API expects an ID in the body), but I got a 405 error:
curl -k -u user:password -X POST "https://172.16.253.121/api/v2/firewall/aliases"
-H "Content-Type: application/json"
-d '{
"id": 0
}'

🔹 Response:
{
"code": 405,
"status": "method not allowed",
"response_id": "ENDPOINT_METHOD_NOT_ALLOWED",
"message": "Resource at /api/v2/firewall/aliases does not support the requested HTTP method POST",
"data": []
}

What is the correct way to retrieve a single alias using the pfREST API?

How should I update an alias to add an IP address? Should I use PUT, PATCH, or another method?

Am I using the correct endpoint, or is there another preferred way to manage aliases in pfSense via pfREST?

Any guidance would be greatly appreciated! Thanks in advance.

[jaredhendrickson13]

Endpoints often have both a plural and singular form that are slightly different (explained in more detail here https://pfrest.org/ENDPOINT_TYPES/). In your case, you would use /api/v2/firewall/alias to create, read, update or delete a single firewall alias. You could use /api/v2/firewall/aliases to read, replace or delete many/all firewall aliases.

Hope this helps.

[OscarILS]

Thank you for answer the question , i did what you said and i have the same problem, i created a new alias called "Test1" with an ip, however when i try to add more ip to that alias i recieve this message error :

curl -k -X 'PATCH' 'https://172.16.253.121/api/v2/firewall/alias' -H 'accept: application/json' -u admin:password-H 'Content-Type: application/json' -d '{
"id": 1,
"name": "Test1",
"type": "host",
"descr": "Test1",
"address": [
"192.168.10.10",
"192.168.10.11"
],
"detail": [
"Alias testeo"
]
}'

<title>405 Not Allowed</title>

405 Not Allowed

---

nginx

How should I update an alias to add an IP address? Should I use PUT, PATCH, or another method?

This is the GET for the alias : {"id":1,"name":"Test1","type":"host","descr":"Test1","address":["192.168.10.10"],"detail":["Alias testeo"]},

[jaredhendrickson13]

Your request looks correct. The error you're receiving suggests pfSense's web server was not reloaded correctly when the package was installed. This can sometimes occur if you did not install the package with root privileges. You can manually trigger the reload by running /etc/rc.reload_webgui from the command line or the command prompt within the web UI.

If that doesn't work, trying removing the REST API with pkg-static delete pfSense-pkg-RESTAPI and reinstalling the package with root privileges.

[OscarILS]

Hi, thank you for answer the question, i re- installed all the pfsense setup with root privileges but i can solve that problem yet, now im trying with X-API-Key as a authentication, this is what i have:

`[2.7.2-RELEASE][root@pfSense.Symmetry]/root: curl -X 'POST' -k 'https://172.16.253.121/api/v2/firewall/alias/' -H 'accept: application/json' -H 'X-API-Key: -------------------------' -H 'Content-Type: application/json' -d '{"name":"IpsBloqueo","type":"host","descr":"Ips a bloquear","address":["192.0.2.0"],"detail":["string"]}'
{"code":200,"status":"ok","response_id":"SUCCESS","message":"","data":{"id":0,"name":"IpsBloqueo","type":"host","descr":"Ips a bloquear","address":["192.0.2.0"],"detail":["string"]}}

When im trying to update or "patch" that alias adding an ip this is what i get:
`
[2.7.2-RELEASE][root@pfSense.Symmetry]/root: curl -X 'PATCH' -k 'https://172.16.253.121/api/v2/firewall/alias' -H 'accept: application/json' -H 'X-API-Key: -------------------------' -H 'Content-Type: application/json' -d '{"id":0,"address":["192.0.2.1"],"detail":["ACTUALIZACION"]}'

<title>405 Not Allowed</title> < body > < h1 >405 Not Allowed< /h1 >

---

nginx `

Maybe im doing something wrong.
Thank you in advance.

[jaredhendrickson13]

Hmm something is still preventing the package's nginx configuration block from being applied. Could you run these two commands and send me the output?

/etc/rc.restart_webgui
cat /var/etc/nginx-webConfigurator.conf

[OscarILS]

This is the output_
`[2.7.2-RELEASE][root@pfSense.Symmetry]/root: /etc/rc.restart_webgui
Restarting webConfigurator... done.

[2.7.2-RELEASE][root@pfSense.Symmetry]/root: cat /var/etc/nginx-webConfigurator.conf

nginx configuration file

pid /var/run/nginx-webConfigurator.pid;

user root wheel;
worker_processes 2;
error_log /dev/null;
error_log syslog:server=unix:/var/run/log,facility=local5;

events {
worker_connections 1024;
}

http {
include /usr/local/etc/nginx/mime.types;
default_type application/octet-stream;
add_header X-Frame-Options SAMEORIGIN;
server_tokens off;

    sendfile        off;

    access_log      syslog:server=unix:/var/run/log,facility=local5 combined;
    keepalive_timeout 75;

    server {
            listen 443 ssl http2;
            listen [::]:443 ssl http2;

            ssl_certificate         /var/etc/cert.crt;
            ssl_certificate_key     /var/etc/cert.key;
            ssl_session_timeout     10m;
            keepalive_timeout       70;
            ssl_session_cache       shared:SSL:10m;
            ssl_protocols   TLSv1.2 TLSv1.3;
            ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305";
            ssl_prefer_server_ciphers       on;
            add_header Strict-Transport-Security "max-age=31536000";
            add_header X-Content-Type-Options nosniff;
            ssl_session_tickets off;
            ssl_dhparam /etc/dh-parameters.4096;

            client_max_body_size 200m;

            gzip on;
            gzip_types text/plain text/css text/javascript application/x-javascript text/xml application/xml application/xml+rss application/json;

            root "/usr/local/www/";
            location / {
                    index  index.php index.html index.htm;
            }
            location ~ (\.inc$|\.orig$|\.pkgsave$) {
                    deny all;
                    return 403;
            }
            location ~ \.php$ {
                    try_files $uri =404; #  This line closes a potential security hole
                    # ensuring users can't execute uploaded files
                    # see: https://forum.nginx.org/read.php?2,88845,page=3
                    fastcgi_pass   unix:/var/run/php-fpm.socket;
                    fastcgi_index  index.php;
                    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                    # Fix httpoxy - https://httpoxy.org/#fix-now
                    fastcgi_param  HTTP_PROXY  "";
                    fastcgi_read_timeout 180;
                    include        /usr/local/etc/nginx/fastcgi_params;
            }
            location ~ (^/status$) {
                    allow 127.0.0.1;
                    deny all;
                    fastcgi_pass   unix:/var/run/php-fpm.socket;
                    fastcgi_index  index.php;
                    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                    # Fix httpoxy - https://httpoxy.org/#fix-now
                    fastcgi_param  HTTP_PROXY  "";
                    fastcgi_read_timeout 360;
                    include        /usr/local/etc/nginx/fastcgi_params;
            }
            # Plugin Locations (restapi)

        # This block is required to allow URI's without trailing slash or .php extension.
        # This block also enables PHP to handle PATCH and DELETE requests for API functionality.
        location /api/v2/ {
            index index.php index.html index.htm;
            try_files $uri/index.php =404; #  This line closes a potential security hole
            fastcgi_pass   unix:/var/run/php-fpm.socket;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            fastcgi_param  HTTP_PROXY  "";
            fastcgi_read_timeout 180;
            include        /usr/local/etc/nginx/fastcgi_params;
        }

    }
    server {
            listen 80;
            listen [::]:80;
            return 301 https://$http_host$request_uri;
    }

}
`