I am wondering whether there is an easy way to block high privilege APIs on WAF. For example, for security reasons customers might want to block remote access to root admin APIs or limit access to domain admin APIs to certain IP addresses.
It can be easily done on WAF if we have separate API endpoints for root admin/domain admin/end user APIs. For example, in case of VMWare vCloud Director, APIs accessible only to system admins are under http://hostname/cloud/api/1.0/admin/extension and this can be easily blocked on a WAF. Our API is not pure REST API and we do not have separate endpoints. Is there any easy way to block high privilege APIs other than blocking the commands one by one in the WAF? Thanks. -Clement
