slb template policy¶
Policy config
policy Specification¶
Type Collection Object Key(s) name Collection Name policy-list Collection URI /axapi/v3/slb/template/policy Element Name policy Element URI /axapi/v3/slb/template/policy/{name} Element Attributes policy_attributes Schema policy schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
| Create Object | POST | /axapi/v3/slb/template/policy | ||
| Create List | POST | /axapi/v3/slb/template/policy | ||
| Get Object | GET | /axapi/v3/slb/template/policy/{name} | ||
| Get List | GET | /axapi/v3/slb/template/policy | ||
| Modify Object | POST | /axapi/v3/slb/template/policy/{name} | ||
| Replace Object | PUT | /axapi/v3/slb/template/policy/{name} | ||
| Replace List | PUT | /axapi/v3/slb/template/policy | ||
| Delete Object | DELETE | /axapi/v3/slb/template/policy/{name} | ||
policy-list¶
policy-list is JSON List of policy attributes
policy-list : [
]
policy attributes¶
bw-list-id
Type: Listbw-list-name
Description Specify a blacklist/whitelist name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list
Description: class-list is a JSON Block. Please see below for class-list
Type: Object
Refernce Object: /axapi/v3/slb/template/policy/{name}/class-list
forward-policy
Description: forward-policy is a JSON Block. Please see below for forward-policy
Type: Object
Refernce Object: /axapi/v3/slb/template/policy/{name}/forward-policy
full-domain-tree
Description Share counters between geo-location and sub regions
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
interval
Description Log interval (minute)
Type: number
Range: 1-255
name
Description Policy template name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
over-limit
Description Specify operation in case over limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
over-limit-lockup
Description Don’t accept any new connection for certain time (Lockup duration (minute))
Type: number
Range: 1-127
over-limit-logging
Description Log a message
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
over-limit-reset
Description Reset the connection when it exceeds limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
overlap
Description Use overlap mode for geo-location to do longest match
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sampling-enable
Type: Listshare
Description Share counters between virtual ports and virtual servers
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
timeout
Description Define timeout value of PBSLB dynamic entry (Timeout value (minute, default is 5))
Type: number
Range: 1-127
Default: 5
use-destination-ip
Description Use destination IP to match the policy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
forward-policy¶
Specification Type object acos-event-log
Description Enable acos event logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
action-list
Type: List
Refernce Object: /axapi/v3/slb/template/policy/{name}/forward-policy/action/{name}
filtering
Type: Listlocal-logging
Description Enable local logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
no-client-conn-reuse
Description Inspects only first request of a connection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
require-web-category
Description Wait for web category to be resolved before taking proxy decision
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
san-filtering
Type: Listsource-list
Type: List
Refernce Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
forward-policy_filtering¶
Specification Type list Block object keys ssli-url-filtering
Description ‘bypassed-sni-disable’: Disable SNI filtering for bypassed URL’s(enabled by default); ‘intercepted-sni-enable’: Enable SNI filtering for intercepted URL’s(disabled by default); ‘intercepted-http-disable’: Disable HTTP(host/URL) filtering for intercepted URL’s(enabled by default); ‘no-sni-allow’: Allow connection if SNI filtering is enabled and SNI header is not present(Drop by default);
Type: string
Supported Values: bypassed-sni-disable, intercepted-sni-enable, intercepted-http-disable, no-sni-allow
forward-policy_san-filtering¶
Specification Type list Block object keys ssli-url-filtering-san
Description ‘enable-san’: Enable SAN filtering(disabled by default); ‘bypassed-san-disable’: Disable SAN filtering for bypassed URL’s(enabled by default); ‘intercepted-san-enable’: Enable SAN filtering for intercepted URL’s(disabled by default); ‘no-san-allow’: Allow connection if SAN filtering is enabled and SAN field is not present(Drop by default);
Type: string
Supported Values: enable-san, bypassed-san-disable, intercepted-san-enable, no-san-allow
forward-policy_action-list¶
Specification Type list Block object keys action1
Description ‘forward-to-internet’: Forward request to Internet; ‘forward-to-service-group’: Forward request to service group; ‘forward-to-proxy’: Forward request to HTTP proxy server; ‘drop’: Drop request;
Type: string
Supported Values: forward-to-internet, forward-to-service-group, forward-to-proxy, drop
drop-message
Description drop-message sent to the client as webpage(html tags are included and quotation marks are required for white spaces)
Type: string
Format: string-rlx
Maximum Length: 1023 characters
Maximum Length: 1 characters
Mutual Exclusion: drop-message and drop-redirect-url are mutually exclusive
drop-redirect-url
Description Specify URL to which client request is redirected upon being dropped
Type: string
Format: string-rlx
Maximum Length: 1023 characters
Maximum Length: 1 characters
Mutual Exclusion: drop-redirect-url drop-response-code and drop-message are mutually exclusive
drop-response-code
Description Specify response code for drop action
Type: number
Range: 100-599
Mutual Exclusion: drop-response-code and drop-redirect-url are mutually exclusive
fake-sg
Description service group to forward the packets to Internet
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
fall-back
Description Fallback service group for Internet
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
fall-back-snat
Description Source NAT pool or pool group for fallback server
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
forward-snat
Description Source NAT pool or pool group
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-status-code
Description ‘301’: Moved permanently; ‘302’: Found;
Type: string
Supported Values: 301, 302
Default: 302
log
Description enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description Action policy name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
proxy-chaining-bypass
Description Forward all https packets to upstream proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
real-sg
Description service group to forward the packets
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
forward-policy_action-list_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘hits’: Number of requests matching this destination rule;
Type: string
Supported Values: all, hits
forward-policy_source-list¶
Specification Type list Block object keys destination
Description: destination is a JSON Block. Please see below for forward-policy_source-list_destination
Type: Object
Refernce Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination
match-any
Description Match any source
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: match-any and match-class-list are mutually exclusive
match-authorize-policy
Description Authorize-policy for user and group based policy
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/aam/authorization/policy
match-class-list
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: match-class-list and match-any are mutually exclusive
name
Description source destination match rule name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
priority
Description Priority of the source(higher the number higher the priority, default 0)
Type: number
Range: 1-2000
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
forward-policy_source-list_destination¶
Specification Type object any
Description: any is a JSON Block. Please see below for forward-policy_source-list_destination_any
Type: Object
Refernce Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination/any
class-list-list
Type: List
Refernce Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination/class-list/{dest-class-list}
web-category-list-list
forward-policy_source-list_destination_class-list-list¶
Specification Type list Block object keys action
Description Action to be performed
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
dest-class-list
Description Destination Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
priority
Description Priority value of the action(higher the number higher the priority)
Type: number
Range: 1-1024
sampling-enable
Type: Listtype
Description ‘host’: Match hostname; ‘url’: Match URL; ‘ip’: Match destination IP address;
Type: string
Supported Values: host, url, ip
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
forward-policy_source-list_destination_class-list-list_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘hits’: Number of requests matching this destination rule;
Type: string
Supported Values: all, hits
forward-policy_source-list_destination_web-category-list-list¶
Specification Type list Block object keys action
Description Action to be performed
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
priority
Description Priority value of the action(higher the number higher the priority)
Type: number
Range: 1-1024
sampling-enable
Type: Listtype
Description ‘host’: Match hostname; ‘url’: match URL;
Type: string
Supported Values: host, url
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
web-category-list
Description Destination Web Category List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/web-category/category-list
forward-policy_source-list_destination_web-category-list-list_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘hits’: Number of requests matching this destination rule;
Type: string
Supported Values: all, hits
forward-policy_source-list_destination_any¶
Specification Type object action
Description Action to be performed
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
forward-policy_source-list_destination_any_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘hits’: Number of requests matching this destination rule;
Type: string
Supported Values: all, hits
forward-policy_source-list_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘hits’: Number of requests matching this source rule; ‘destination-match-not-found’: Number of requests without matching destination rule; ‘no-host-info’: Failed to parse ip or host information from request;
Type: string
Supported Values: all, hits, destination-match-not-found, no-host-info
class-list¶
Specification Type object client-ip-l3-dest
Description Use destination IP as client IP address
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: client-ip-l3-dest and client-ip-l7-header are mutually exclusive
client-ip-l7-header
Description Use extract client IP address from L7 header
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: client-ip-l7-header and client-ip-l3-dest are mutually exclusive
header-name
Description Specify L7 header name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
lid-list
Type: List
Refernce Object: /axapi/v3/slb/template/policy/{name}/class-list/lid/{lidnum}
name
Description Class list name or geo-location-class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
class-list_lid-list¶
Specification Type list Block object keys action-value
Description ‘forward’: Forward the traffic even it exceeds limit; ‘reset’: Reset the connection when it exceeds limit;
Type: string
Supported Values: forward, reset
bw-per
Description Per (Specify interval in number of 100ms)
Type: number
Range: 1-65535
bw-rate-limit
Description Specify bandwidth rate limit (Bandwidth rate limit in bytes)
Type: number
Range: 1-2147483647
conn-limit
Description Connection limit
Type: number
Range: 0-1048575
conn-per
Description Per (Specify interval in number of 100ms)
Type: number
Range: 1-65535
conn-rate-limit
Description Specify connection rate limit
Type: number
Range: 1-2147483647
direct-action
Description Set action when match the lid
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
direct-action-interval
Description Specify logging interval in minute (default is 3)
Type: number
Range: 0-60
Default: 3
direct-action-value
Description ‘drop’: drop the packet; ‘reset’: Send reset back;
Type: string
Supported Values: drop, reset
Mutual Exclusion: direct-action-value and direct-service-group are mutually exclusive
direct-fail
Description Only log unsuccessful connections
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
direct-logging-drp-rst
Description Configure PBSLB logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
direct-pbslb-interval
Description Specify logging interval in minutes(default is 3)
Type: number
Range: 0-60
Default: 3
direct-pbslb-logging
Description Configure PBSLB logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
direct-service-group
Description Specify a service group (Specify the service group name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: direct-service-group and direct-action-value are mutually exclusive
Refernce Object: /axapi/v3/slb/service-group
dns64
Description: dns64 is a JSON Block. Please see below for class-list_lid-list_dns64
Type: Object
interval
Description Specify log interval in minutes, by default system will log every over limit instance
Type: number
Range: 1-255
lidnum
Description Specify a limit ID
Type: number
Range: 1-1023
lockout
Description Don’t accept any new connection for certain time (Lockout duration in minutes)
Type: number
Range: 1-1023
log
Description Log a message
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
over-limit-action
Description Set action when exceeds limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
request-limit
Description Request limit (Specify request limit)
Type: number
Range: 1-1048575
request-per
Description Per (Specify interval in number of 100ms)
Type: number
Range: 1-65535
request-rate-limit
Description Request rate limit (Specify request rate limit)
Type: number
Range: 1-4294967295
response-code-rate-limit
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
class-list_lid-list_dns64¶
Specification Type object disable
Description Disable
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exclusive-answer
Description Exclusive Answer in DNS Response
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
prefix
Description IPv6 prefix
Type: string
Format: ipv6-address-plen
class-list_lid-list_response-code-rate-limit¶
Specification Type list Block object keys code-range-end
Description server response code range end
Type: number
Range: 100-600
code-range-start
Description server response code range start
Type: number
Range: 100-600
period
Description seconds
Type: number
Range: 1-127
threshold
Description the times of getting the response code
Type: number
Range: 1-15
bw-list-id¶
Specification Type list Block object keys action-interval
Description Specify logging interval in minute (default is 3)
Type: number
Range: 0-60
Default: 3
bw-list-action
Description ‘drop’: drop the packet; ‘reset’: Send reset back;
Type: string
Supported Values: drop, reset
Mutual Exclusion: bw-list-action and service-group are mutually exclusive
fail
Description Only log unsuccessful connections
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
id
Description Specify id that maps to service group (The id number)
Type: number
Range: 0-1023
logging-drp-rst
Description Configure PBSLB logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
pbslb-interval
Description Specify logging interval in minutes
Type: number
Range: 0-60
Default: 3
pbslb-logging
Description Configure PBSLB logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
service-group
Description Specify a service group (Specify the service group name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: service-group and bw-list-action are mutually exclusive
Refernce Object: /axapi/v3/slb/service-group
sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘fwd-policy-dns-unresolved’: Forward-policy unresolved DNS queries; ‘fwd-policy-dns-outstanding’: Forward-policy current DNS outstanding requests; ‘fwd-policy-snat-fail’: Forward-policy source-nat translation failure; ‘fwd-policy-hits’: Number of forward-policy requests for this policy template; ‘fwd-policy-forward-to-internet’: Number of forward-policy requests forwarded to internet; ‘fwd-policy-forward-to-service-group’: Number of forward-policy requests forwarded to service group; ‘fwd-policy-forward-to-proxy’: Number of forward-policy requests forwarded to proxy; ‘fwd-policy-policy-drop’: Number of forward-policy requests dropped; ‘fwd-policy-source-match-not-found’: Forward-policy requests without matching source rule; ‘exp-client-hello-not-found’: Expected Client HELLO requests not found;
Type: string
Supported Values: all, fwd-policy-dns-unresolved, fwd-policy-dns-outstanding, fwd-policy-snat-fail, fwd-policy-hits, fwd-policy-forward-to-internet, fwd-policy-forward-to-service-group, fwd-policy-forward-to-proxy, fwd-policy-policy-drop, fwd-policy-source-match-not-found, exp-client-hello-not-found
stats data¶
| Counter | Size | Description | |
|---|---|---|---|
| fwd-policy-dns-unresolved | 8 | Forward-policy unresolved DNS queries | |
| fwd-policy-hits | 8 | Number of forward-policy requests for this policy template | |
| fwd-policy-policy-drop | 8 | Number of forward-policy requests dropped | |
| fwd-policy-forward-to-service-group | 8 | Number of forward-policy requests forwarded to service group | |
| fwd-policy-forward-to-internet | 8 | Number of forward-policy requests forwarded to internet | |
| fwd-policy-dns-outstanding | 8 | Forward-policy current DNS outstanding requests | |
| fwd-policy-source-match-not-found | 8 | Forward-policy requests without matching source rule | |
| fwd-policy-snat-fail | 8 | Forward-policy source-nat translation failure | |
| exp-client-hello-not-found | 8 | Expected Client HELLO requests not found | |
| fwd-policy-forward-to-proxy | 8 | Number of forward-policy requests forwarded to proxy |