.. _slb_template_client_ssl: slb template client-ssl ======================= Client SSL Template client-ssl Specification ------------------------ ===================================== ======================================================================= **Parameter** **Value** ===================================== ======================================================================= **Type** *Collection* **Object Key(s)** *name* **Collection Name** :ref:`2151_client-ssl_list` **Collection URI** /axapi/v3/slb/template/client-ssl **Element Name** client-ssl **Element URI** /axapi/v3/slb/template/client-ssl/{name} **Element Attributes** client-ssl_attributes **Partition Visibility** shared **Operational Data URI** /axapi/v3/slb/template/client-ssl/{name}/oper **Schema** :download:`client-ssl schema ` ===================================== ======================================================================= **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/slb/template/client-ssl .. raw:: html :ref:`2151_client-ssl_attributes` .. raw:: html
Create List .. raw:: html POST .. raw:: html /axapi/v3/slb/template/client-ssl .. raw:: html :ref:`2151_client-ssl_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/slb/template/client-ssl/{name} .. raw:: html :ref:`2151_client-ssl_attributes` .. raw:: html
Get List .. raw:: html GET .. raw:: html /axapi/v3/slb/template/client-ssl .. raw:: html :ref:`2151_client-ssl_list` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/slb/template/client-ssl/{name} .. raw:: html :ref:`2151_client-ssl_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/slb/template/client-ssl/{name} .. raw:: html :ref:`2151_client-ssl_attributes` .. raw:: html
Replace List .. raw:: html PUT .. raw:: html /axapi/v3/slb/template/client-ssl .. raw:: html :ref:`2151_client-ssl_list` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/slb/template/client-ssl/{name} .. raw:: html :ref:`2151_client-ssl_attributes` .. raw:: html
.. _2151_client-ssl_list: client-ssl-list --------------- client-ssl-list is **JSON List** of :ref:`2151_client-ssl_attributes` client-ssl-list : [ { :ref:`2151_client-ssl_attributes` }, { :ref:`2151_client-ssl_attributes` }, ... ] .. _2151_client-ssl_attributes: client-ssl attributes --------------------- **ad-group-list** **Description** Forward proxy bypass if ad-group matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **alert-type** **Description** 'fatal': Log fatal alerts; **Type:** string **Supported Values:** fatal **auth-sg** **Description** Specify authorization LDAP service group **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** auth-sg and authen-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/aam/authentication/service-group ` **auth-sg-dn** **Description** Use Subject DN as LDAP search base DN **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **auth-sg-filter** **Description** Specify LDAP search filter **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **auth-username** **Description** Specify the Username Field in the Client Certificate(If multi-fields are specificed, prior one has higher priority) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **auth-username-attribute** **Description** Specify attribute name of username for client SSL authorization **Type:** string **Format:** string-rlx **Maximum Length:** 31 characters **Maximum Length:** 1 characters **authen-name** **Description** Specify authorization LDAP server name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** authen-name and auth-sg are mutually exclusive **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/ldap ` **authorization** **Description** Specify LDAP server for client SSL authorizaiton **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **bypass-cert-issuer-class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** bypass-cert-issuer-class-list-name and bypass-cert-issuer-multi-class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` **bypass-cert-issuer-multi-class-list** **Type:** List **bypass-cert-san-class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** bypass-cert-san-class-list-name and bypass-cert-san-multi-class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` **bypass-cert-san-multi-class-list** **Type:** List **bypass-cert-subject-class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** bypass-cert-subject-class-list-name and bypass-cert-subject-multi-class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` **bypass-cert-subject-multi-class-list** **Type:** List **ca-certs** **Type:** List **cache-persistence-list-name** **Description** Class List Name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **case-insensitive** **Description** Case insensitive forward proxy bypass **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **cert-revoke-action** **Description** 'bypass': bypass SSLi processing; 'continue': continue the connection; 'drop': close the connection; 'block': block the connection with a warning page; **Type:** string **Supported Values:** bypass, continue, drop, block **Default:** bypass **cert-unknown-action** **Description** 'bypass': bypass SSLi processing; 'continue': continue the connection; 'drop': close the connection; 'block': block the connection with a warning page; **Type:** string **Supported Values:** bypass, continue, drop, block **Default:** bypass **certificate-issuer-contains-list** **Type:** List **certificate-issuer-ends-with-list** **Type:** List **certificate-issuer-equals-list** **Type:** List **certificate-issuer-starts-with-list** **Type:** List **certificate-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/client-ssl/{name}/certificate/{cert} ` **certificate-san-contains-list** **Type:** List **certificate-san-ends-with-list** **Type:** List **certificate-san-equals-list** **Type:** List **certificate-san-starts-with-list** **Type:** List **certificate-subject-contains-list** **Type:** List **certificate-subject-ends-with-list** **Type:** List **certificate-subject-equals-list** **Type:** List **certificate-subject-starts-with-list** **Type:** List **chain-cert** **Description** Chain Certificate Name **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** chain-cert and chain-cert-shared-str are mutually exclusive **chain-cert-shared-str** **Description** Chain Certificate Name **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** chain-cert-shared-str and chain-cert are mutually exclusive **cipher-without-prio-list** **Type:** List **class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** class-list-name and multi-clist-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` **client-auth-case-insensitive** **Description** Case insensitive forward proxy client auth bypass **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **client-auth-class-list** **Description** Forward proxy client auth bypass if SNI string matches class-list (Class List Name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **client-auth-contains-list** **Type:** List **client-auth-ends-with-list** **Type:** List **client-auth-equals-list** **Type:** List **client-auth-starts-with-list** **Type:** List **client-certificate** **Description** 'Ignore': Don't request client certificate; 'Require': Require client certificate; 'Request': Request client certificate; **Type:** string **Supported Values:** Ignore, Require, Request **Default:** Ignore **close-notify** **Description** Send close notification when terminate connection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **contains-list** **Type:** List **crl-certs** **Type:** List **dgversion** **Description** Lower TLS/SSL version can be downgraded **Type:** number **Range:** 30-34 **Default:** 31 **dh-type** **Description** '1024': 1024; '1024-dsa': 1024-dsa; '2048': 2048; **Type:** string **Supported Values:** 1024, 1024-dsa, 2048 **direct-client-server-auth** **Description** Let backend server does SSL client authentication directly **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-sslv3** **Description** Reject Client requests for SSL version 3 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **early-data** **Description** Enable TLS 1.3 early data (0-RTT) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ec-list** **Type:** List **enable-ssli-ftp-alg** **Description** Enable SSLi FTP over TLS support at which port **Type:** number **Range:** 1-65535 **enable-tls-alert-logging** **Description** Enable TLS alert logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ends-with-list** **Type:** List **equals-list** **Type:** List **exception-ad-group-list** **Description** Exceptions to forward proxy bypass if ad-group matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **exception-certificate-issuer-cl-name** **Description** Exceptions to forward-proxy-bypass **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **exception-certificate-san-cl-name** **Description** Exceptions to forward-proxy-bypass **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **exception-certificate-subject-cl-name** **Description** Exceptions to forward-proxy-bypass **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **exception-sni-cl-name** **Description** Exceptions to forward-proxy-bypass **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **exception-user-name-list** **Description** Exceptions to forward proxy bypass if user-name matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **exception-web-category** **Type:** List **exception-web-reputation** **Description:** exception-web-reputation is a **JSON Block**. Please see below for :ref:`2151_exception-web-reputation` **Type:** Object **expire-hours** **Description** Certificate lifetime in hours **Type:** number **Range:** 1-168 **forward-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **Mutual Exclusion:** forward-encrypted and fp-ca-certificate are mutually exclusive **forward-passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Mutual Exclusion:** forward-passphrase and fp-ca-certificate are mutually exclusive **forward-proxy-alt-sign** **Description** Forward proxy alternate signing cert and key **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-block-message** **Description** Message to be included on the block page (Message, enclose in quotes if spaces are present) **Type:** string **Format:** string-rlx **Maximum Length:** 1023 characters **Maximum Length:** 1 characters **forward-proxy-ca-cert** **Description** CA Certificate for forward proxy (SSL forward proxy CA Certificate Name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** forward-proxy-ca-cert,fp-ca-certificate, fp-ca-key, fp-ca-key-pass-phrase, fp-ca-key-passphrase, fp-ca-key-encrypted, fp-ca-chain-cert, and fp-ca-certificate-shared are mutually exclusive **forward-proxy-ca-key** **Description** CA Private Key for forward proxy (SSL forward proxy CA Key Name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** forward-proxy-ca-key,fp-ca-certificate, fp-ca-key, fp-ca-key-pass-phrase, fp-ca-key-passphrase, fp-ca-key-encrypted, fp-ca-chain-cert, and fp-ca-certificate-shared are mutually exclusive **forward-proxy-cert-cache-limit** **Description** Certificate cache size limit, default is 524288 (set to 0 for unlimited size) **Type:** number **Range:** 0-2147483647 **Default:** 524288 **forward-proxy-cert-cache-timeout** **Description** Certificate cache timeout, default is 1 hour (seconds, set to 0 for never timeout) **Type:** number **Range:** 0-2147483647 **Default:** 3600 **forward-proxy-cert-expiry** **Description** Adjust certificate expiry relative to the time when it is created on the device **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-cert-not-ready-action** **Description** 'bypass': bypass the connection; 'reset': reset the connection; 'intercept': wait for cert and then inspect the connection; **Type:** string **Supported Values:** bypass, reset, intercept **Default:** bypass **forward-proxy-cert-revoke-action** **Description** Action taken if a certificate is irreversibly revoked, bypass SSLi processing by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **forward-proxy-cert-unknown-action** **Description** Action taken if a certificate revocation status is unknown, bypass SSLi processing by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **forward-proxy-crl-disable** **Description** Disable Certificate Revocation List checking for forward proxy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-decrypted-dscp** **Description** Apply a DSCP to decrypted and bypassed traffic (DSCP to apply to decrypted traffic) **Type:** number **Range:** 1-63 **forward-proxy-decrypted-dscp-bypass** **Description** DSCP to apply to bypassed traffic **Type:** number **Range:** 1-63 **forward-proxy-enable** **Description** Enable SSL forward proxy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-esni-action** **Description** Action taken if receiving encrypted server name indication extension in client hello MSG, bypass the connection by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-failsafe-disable** **Description** Disable Failsafe for SSL forward proxy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-hash-persistence-interval** **Description** Set the time interval to save the hash persistence certs (Interval value, in minutes) **Type:** number **Range:** 1-720 **Default:** 30 **forward-proxy-log-disable** **Description** Disable SSL forward proxy logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-no-shared-cipher-action** **Description** Action taken if handshake fails due to no shared ciper, close the connection by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **forward-proxy-no-sni-action** **Description** 'intercept': intercept in no SNI case; 'bypass': bypass in no SNI case; 'reset': reset in no SNI case; **Type:** string **Supported Values:** intercept, bypass, reset **Default:** intercept **forward-proxy-ocsp-disable** **Description** Disable ocsp-stapling for forward proxy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-require-sni-cert-matched** **Description** 'no-match-action-inspect': Inspected if not matched; 'no-match-action-drop': Dropped if not matched; **Type:** string **Supported Values:** no-match-action-inspect, no-match-action-drop **forward-proxy-selfsign-redir** **Description** Redirect connections to pages with self signed certs to a warning page **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-ssl-version** **Description** TLS/SSL version, default is TLS1.2 (TLS/SSL version: 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3) **Type:** number **Range:** 31-34 **Default:** 33 **forward-proxy-trusted-ca-lists** **Type:** List **forward-proxy-verify-cert-fail-action** **Description** Action taken if certificate verification fails, close the connection by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **fp-alt-cert** **Description** CA Certificate for forward proxy alternate signing (Certificate name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **fp-alt-chain-cert** **Description** Chain Certificate (Chain Certificate Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **fp-alt-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **fp-alt-key** **Description** CA Private Key for forward proxy alternate signing (Key name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **fp-alt-passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 128 characters **Maximum Length:** 1 characters **fp-alt-shared** **Description** Alternate CA Certificate and Private Key Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fp-ca-certificate** **Description** CA Certificate for forward proxy (SSL forward proxy CA Certificate Name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-ca-certificate,forward-proxy-ca-cert, fp-ca-shared, forward-proxy-ca-key, forward-passphrase, forward-encrypted, and fp-ca-key-shared are mutually exclusive **fp-ca-certificate-shared** **Description** CA Private Key Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** fp-ca-certificate-shared, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive **fp-ca-chain-cert** **Description** Chain Certificate (Chain Certificate Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-ca-chain-cert, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive **fp-ca-key** **Description** CA Private Key for forward proxy (SSL forward proxy CA Key Name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-ca-key, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive **fp-ca-key-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **Mutual Exclusion:** fp-ca-key-encrypted, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive **fp-ca-key-passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-ca-key-passphrase, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive **fp-ca-key-shared** **Description** CA Private Key Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** fp-ca-key-shared and fp-ca-certificate are mutually exclusive **fp-ca-shared** **Description** CA Certificate Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** fp-ca-shared and fp-ca-certificate are mutually exclusive **fp-cert-ext-aia-ca-issuers** **Description** CA Issuers (Authority Information Access URI) **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-cert-ext-aia-ca-issuers and fp-cert-ext-aia-ocsp are mutually exclusive **fp-cert-ext-aia-ocsp** **Description** OCSP (Authority Information Access URI) **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-cert-ext-aia-ocsp and fp-cert-ext-aia-ca-issuers are mutually exclusive **fp-cert-ext-crldp** **Description** CRL Distribution Point (CRL Distribution Point URI) **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **fp-cert-fetch-autonat** **Description** 'auto': Configure auto NAT for server certificate fetching; **Type:** string **Supported Values:** auto **Mutual Exclusion:** fp-cert-fetch-autonat and fp-cert-fetch-natpool-name are mutually exclusive **fp-cert-fetch-autonat-precedence** **Description** Set this NAT pool as higher precedence than other source NAT like configued under template policy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fp-cert-fetch-natpool-name** **Description** Specify NAT pool or pool group **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-cert-fetch-natpool-name, shared-partition-pool, and fp-cert-fetch-autonat are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ip/nat/pool ` **fp-cert-fetch-natpool-name-shared** **Description** Specify NAT pool or pool group **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ip/nat/pool ` **fp-cert-fetch-natpool-precedence** **Description** Set this NAT pool as higher precedence than other source NAT like configued under template policy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fp-esni-action** **Description** 'bypass': bypass SSLi processing; 'drop': close the connection; **Type:** string **Supported Values:** bypass, drop **Default:** bypass **handshake-logging-enable** **Description** Enable SSL handshake logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hsm-type** **Description** 'thales-embed': Thales embed key; 'thales-hwcrhk': Thales hwcrhk Key; **Type:** string **Supported Values:** thales-embed, thales-hwcrhk **inspect-certificate-issuer-cl-name** **Description** Forward proxy Inspect if Certificate issuer matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **inspect-certificate-san-cl-name** **Description** Forward proxy Inspect if Certificate Subject Alternative Name matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **inspect-certificate-subject-cl-name** **Description** Forward proxy Inspect if Certificate Subject matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **inspect-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **ldap-base-dn-from-cert** **Description** Use Subject DN as LDAP search base DN **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ldap-search-filter** **Description** Specify LDAP search filter **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **local-logging** **Description** Enable local logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **multi-class-list** **Type:** List **name** **Description** Client SSL Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **no-anti-replay** **Description** Disable anti-replay protection for TLS 1.3 early data (0-RTT data) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **no-shared-cipher-action** **Description** 'bypass': bypass SSLi processing; 'drop': close the connection; **Type:** string **Supported Values:** bypass, drop **Default:** drop **non-ssl-bypass-l4session** **Description** Handle the non-ssl session as L4 for performance optimization **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **non-ssl-bypass-service-group** **Description** Service Group for Bypass non-ssl traffic (Service Group Name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **notafter** **Description** notAfter date **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **notafterday** **Description** Day **Type:** number **Range:** 1-31 **notaftermonth** **Description** Month **Type:** number **Range:** 1-12 **notafteryear** **Description** Year **Type:** number **Range:** 2005-2035 **notbefore** **Description** notBefore date **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **notbeforeday** **Description** Day **Type:** number **Range:** 1-31 **notbeforemonth** **Description** Month **Type:** number **Range:** 1-12 **notbeforeyear** **Description** Year **Type:** number **Range:** 2005-2035 **ocsp-stapling** **Description** Config OCSP stapling support **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ocspst-ca-cert** **Description** CA certificate **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **ocspst-ocsp** **Description** Specify OCSP Authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ocspst-sg** **Description** Specify authentication service group **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** ocspst-sg and ocspst-srvr are mutually exclusive **Reference Object:** :doc:`/axapi/v3/aam/authentication/service-group ` **ocspst-sg-days** **Description** Specify update period, in days **Type:** number **Range:** 1-31 **Mutual Exclusion:** ocspst-sg-days, ocspst-sg-hours, and ocspst-sg-minutes are mutually exclusive **ocspst-sg-hours** **Description** Specify update period, in hours **Type:** number **Range:** 1-23 **Default:** 1 **Mutual Exclusion:** ocspst-sg-hours, ocspst-sg-days, and ocspst-sg-minutes are mutually exclusive **ocspst-sg-minutes** **Description** Specify update period, in minutes **Type:** number **Range:** 1-59 **Mutual Exclusion:** ocspst-sg-minutes, ocspst-sg-days, and ocspst-sg-hours are mutually exclusive **ocspst-sg-timeout** **Description** Specify retry timeout (Default is 30 mins) **Type:** number **Range:** 1-44640 **Default:** 30 **ocspst-srvr** **Description** Specify OCSP authentication server **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** ocspst-srvr and ocspst-sg are mutually exclusive **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/ocsp ` **ocspst-srvr-days** **Description** Specify update period, in days **Type:** number **Range:** 1-31 **Mutual Exclusion:** ocspst-srvr-days, ocspst-srvr-hours, and ocspst-srvr-minutes are mutually exclusive **ocspst-srvr-hours** **Description** Specify update period, in hours **Type:** number **Range:** 1-23 **Default:** 1 **Mutual Exclusion:** ocspst-srvr-hours, ocspst-srvr-days, and ocspst-srvr-minutes are mutually exclusive **ocspst-srvr-minutes** **Description** Specify update period, in minutes **Type:** number **Range:** 1-59 **Mutual Exclusion:** ocspst-srvr-minutes, ocspst-srvr-days, and ocspst-srvr-hours are mutually exclusive **ocspst-srvr-timeout** **Description** Specify retry timeout (Default is 30 mins) **Type:** number **Range:** 1-44640 **Default:** 30 **renegotiation-disable** **Description** Disable SSL renegotiation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **req-ca-lists** **Type:** List **require-web-category** **Description** Wait for web category to be resolved before taking bypass decision **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sampling-enable** **Type:** List **server-name-auto-map** **Description** Enable automatic mapping of server name indication in Client hello extension **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-name-list** **Type:** List **session-cache-size** **Description** Session Cache Size (Maximum cache size. Default value 0 (Session ID reuse disabled)) **Type:** number **session-cache-timeout** **Description** Session Cache Timeout (Timeout value, in seconds. Default value 0 (Session cache timeout disabled)) **Type:** number **Range:** 0-604800 **Default:** 0 **session-ticket-disable** **Description** Disable client side session ticket support **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **session-ticket-lifetime** **Description** Session ticket lifetime in seconds from stateless session resumption (Lifetime value in seconds. Default value 0 (Session ticket lifetime is 7200 seconds)) **Type:** number **Range:** 0-2147483647 **Default:** 0 **shared-partition-cipher-template** **Description** Reference a cipher template from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** shared-partition-cipher-template, template-cipher, and cipher-wo-prio are mutually exclusive **shared-partition-pool** **Description** Reference a NAT pool or pool group from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** shared-partition-pool and fp-cert-fetch-natpool-name are mutually exclusive **sni-bypass-enable-log** **Description** Enable logging when bypass event happens, disabled by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-bypass-expired-cert** **Description** Bypass when certificate expired **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-bypass-explicit-list** **Description** Bypass when matched explicit bypass list (Specify class list name) **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **sni-bypass-missing-cert** **Description** Bypass when missing cert/key **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-enable-log** **Description** Enable logging of sni-auto-map failures. Disable by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ssl-false-start-disable** **Description** disable SSL False Start **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ssli-logging** **Description** SSLi logging level, default is error logging only **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sslilogging** **Description** 'disable': Disable all logging; 'all': enable all logging(error, info); **Type:** string **Supported Values:** disable, all **sslv2-bypass-service-group** **Description** Service Group for Bypass SSLV2 (Service Group Name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **starts-with-list** **Type:** List **template-cipher** **Description** Cipher Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** template-cipher, shared-partition-cipher-template, and cipher-wo-prio are mutually exclusive **Reference Object:** :doc:`/axapi/v3/slb/template/cipher ` **template-cipher-shared** **Description** Cipher Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/cipher ` **template-hsm** **Description** HSM Template (HSM Template Name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/hsm/template ` **user-name-list** **Description** Forward proxy bypass if user-name matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **verify-cert-fail-action** **Description** 'bypass': bypass SSLi processing; 'continue': continue the connection; 'drop': close the connection; 'block': block the connection with a warning page; **Type:** string **Supported Values:** bypass, continue, drop, block **Default:** drop **version** **Description** TLS/SSL version, default is the highest number supported (TLS/SSL version: 30-SSLv3.0, 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3) **Type:** number **Range:** 1-34 **web-category** **Type:** List **web-reputation** **Description:** web-reputation is a **JSON Block**. Please see below for :ref:`2151_web-reputation` **Type:** Object .. _2151_ca-certs: ca-certs ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ca-cert** **Description** CA Certificate (CA Certificate Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **ca-shared** **Description** CA Certificate Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **client-ocsp** **Description** Specify ocsp authentication server(s) for client certificate verification **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **client-ocsp-sg** **Description** Specify service-group (Service group name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/aam/authentication/service-group ` **client-ocsp-srvr** **Description** Specify authentication server **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/ocsp/instance ` .. _2151_ec-list: ec-list ^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ec** **Description** 'secp256r1': X9_62_prime256v1; 'secp384r1': secp384r1; **Type:** string **Supported Values:** secp256r1, secp384r1, secp521r1, x25519 .. _2151_req-ca-lists: req-ca-lists ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-cert-req-ca-shared** **Description** CA Certificate Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **client-certificate-Request-CA** **Description** Send CA lists in certificate request (CA Certificate Name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters .. _2151_crl-certs: crl-certs ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **crl** **Description** Certificate Revocation Lists (Certificate Revocation Lists file name) **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **crl-shared** **Description** Certificate Revocation Lists Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _2151_forward-proxy-trusted-ca-lists: forward-proxy-trusted-ca-lists ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **forward-proxy-trusted-ca** **Description** Forward proxy trusted CA file (CA file name) **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **fp-trusted-ca-shared** **Description** Trusted CA Certificate Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _2151_multi-class-list: multi-class-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **multi-clist-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** multi-clist-name and class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` .. _2151_contains-list: contains-list ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **contains** **Description** Forward proxy bypass if SNI string contains another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2151_ends-with-list: ends-with-list ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ends-with** **Description** Forward proxy bypass if SNI string ends with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2151_equals-list: equals-list ^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **equals** **Description** Forward proxy bypass if SNI string equals another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2151_starts-with-list: starts-with-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **starts-with** **Description** Forward proxy bypass if SNI string starts with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2151_certificate-subject-contains-list: certificate-subject-contains-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-subject-contains** **Description** Forward proxy bypass if Certificate Subject contains another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2151_bypass-cert-subject-multi-class-list: bypass-cert-subject-multi-class-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **bypass-cert-subject-multi-class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** bypass-cert-subject-multi-class-list-name and bypass-cert-subject-class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` .. _2151_certificate-subject-ends-with-list: certificate-subject-ends-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-subject-ends-with** **Description** Forward proxy bypass if Certificate Subject ends with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2151_certificate-subject-equals-list: certificate-subject-equals-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-subject-equals** **Description** Forward proxy bypass if Certificate Subject equals another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2151_certificate-subject-starts-with-list: certificate-subject-starts-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-subject-starts** **Description** Forward proxy bypass if Certificate Subject starts with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2151_certificate-issuer-contains-list: certificate-issuer-contains-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-issuer-contains** **Description** Forward proxy bypass if Certificate issuer contains another string (Certificate issuer) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2151_bypass-cert-issuer-multi-class-list: bypass-cert-issuer-multi-class-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **bypass-cert-issuer-multi-class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** bypass-cert-issuer-multi-class-list-name and bypass-cert-issuer-class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` .. _2151_certificate-issuer-ends-with-list: certificate-issuer-ends-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-issuer-ends-with** **Description** Forward proxy bypass if Certificate issuer ends with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2151_certificate-issuer-equals-list: certificate-issuer-equals-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-issuer-equals** **Description** Forward proxy bypass if Certificate issuer equals another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2151_certificate-issuer-starts-with-list: certificate-issuer-starts-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-issuer-starts** **Description** Forward proxy bypass if Certificate issuer starts with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2151_certificate-san-contains-list: certificate-san-contains-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-san-contains** **Description** Forward proxy bypass if Certificate SAN contains another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2151_bypass-cert-san-multi-class-list: bypass-cert-san-multi-class-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **bypass-cert-san-multi-class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** bypass-cert-san-multi-class-list-name and bypass-cert-san-class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` .. _2151_certificate-san-ends-with-list: certificate-san-ends-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-san-ends-with** **Description** Forward proxy bypass if Certificate SAN ends with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2151_certificate-san-equals-list: certificate-san-equals-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-san-equals** **Description** Forward proxy bypass if Certificate SAN equals another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2151_certificate-san-starts-with-list: certificate-san-starts-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-san-starts** **Description** Forward proxy bypass if Certificate SAN starts with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2151_client-auth-contains-list: client-auth-contains-list ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-auth-contains** **Description** Forward proxy bypass if SNI string contains another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2151_client-auth-ends-with-list: client-auth-ends-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-auth-ends-with** **Description** Forward proxy bypass if SNI string ends with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2151_client-auth-equals-list: client-auth-equals-list ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-auth-equals** **Description** Forward proxy bypass if SNI string equals another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2151_client-auth-starts-with-list: client-auth-starts-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-auth-starts-with** **Description** Forward proxy bypass if SNI string starts with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2151_web-reputation: web-reputation ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **bypass-low-risk** **Description** Bypass when reputation score is greater than or equal to 61 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** bypass-low-risk,bypass-trustworthy, bypass-moderate-risk, bypass-suspicious, bypass-malicious, and bypass-threshold are mutually exclusive **bypass-malicious** **Description** Bypass when reputation score is greater than or equal to 1 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** bypass-malicious,bypass-trustworthy, bypass-low-risk, bypass-moderate-risk, bypass-suspicious, and bypass-threshold are mutually exclusive **bypass-moderate-risk** **Description** Bypass when reputation score is greater than or equal to 41 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** bypass-moderate-risk,bypass-trustworthy, bypass-low-risk, bypass-suspicious, bypass-malicious, and bypass-threshold are mutually exclusive **bypass-suspicious** **Description** Bypass when reputation score is greater than or equal to 21 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** bypass-suspicious,bypass-trustworthy, bypass-low-risk, bypass-moderate-risk, bypass-malicious, and bypass-threshold are mutually exclusive **bypass-threshold** **Description** Bypass when reputation score is greater than or equal to the customized score (1-100) **Type:** number **Range:** 1-100 **Mutual Exclusion:** bypass-threshold,bypass-trustworthy, bypass-low-risk, bypass-moderate-risk, bypass-suspicious, and bypass-malicious are mutually exclusive **bypass-trustworthy** **Description** Bypass when reputation score is greater than or equal to 81 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** bypass-trustworthy,bypass-low-risk, bypass-moderate-risk, bypass-suspicious, bypass-malicious, and bypass-threshold are mutually exclusive .. _2151_exception-web-reputation: exception-web-reputation ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **exception-low-risk** **Description** Intercept when reputation score is less than or equal to 80 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** exception-low-risk,exception-trustworthy, exception-moderate-risk, exception-suspicious, exception-malicious, and exception-threshold are mutually exclusive **exception-malicious** **Description** Intercept when reputation score is less than or equal to 20 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** exception-malicious,exception-trustworthy, exception-low-risk, exception-moderate-risk, exception-suspicious, and exception-threshold are mutually exclusive **exception-moderate-risk** **Description** Intercept when reputation score is less than or equal to 60 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** exception-moderate-risk,exception-trustworthy, exception-low-risk, exception-suspicious, exception-malicious, and exception-threshold are mutually exclusive **exception-suspicious** **Description** Intercept when reputation score is less than or equal to 40 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** exception-suspicious,exception-trustworthy, exception-low-risk, exception-moderate-risk, exception-malicious, and exception-threshold are mutually exclusive **exception-threshold** **Description** Intercept when reputation score is less than or equal to a customized value (1-100) **Type:** number **Range:** 1-100 **Mutual Exclusion:** exception-threshold,exception-trustworthy, exception-low-risk, exception-moderate-risk, exception-suspicious, and exception-malicious are mutually exclusive **exception-trustworthy** **Description** Intercept when reputation score is less than or equal to 100 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** exception-trustworthy,exception-low-risk, exception-moderate-risk, exception-suspicious, exception-malicious, and exception-threshold are mutually exclusive .. _2151_web-category: web-category ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **bypassed-category** **Description** 'uncategorized': Uncategorized URLs; 'real-estate': Category Real Estate; 'computer-and-internet-security': Category Computer and Internet Security; 'financial-services': Category Financial Services; 'business-and-economy': Category Business and Economy; 'computer-and-internet-info': Category Computer and Internet Info; 'auctions': Category Auctions; 'shopping': Category Shopping; 'cult-and-occult': Category Cult and Occult; 'travel': Category Travel; 'drugs': Category Abused Drugs; 'adult-and-pornography': Category Adult and Pornography; 'home-and-garden': Category Home and Garden; 'military': Category Military; 'social-network': Category Social Network; 'dead-sites': Category Dead Sites (db Ops only); 'stock-advice-and-tools': Category Stock Advice and Tools; 'training-and-tools': Category Training and Tools; 'dating': Category Dating; 'sex-education': Category Sex Education; 'religion': Category Religion; 'entertainment-and-arts': Category Entertainment and Arts; 'personal-sites-and-blogs': Category Personal sites and Blogs; 'legal': Category Legal; 'local-information': Category Local Information; 'streaming-media': Category Streaming Media; 'job-search': Category Job Search; 'gambling': Category Gambling; 'translation': Category Translation; 'reference-and-research': Category Reference and Research; 'shareware-and-freeware': Category Shareware and Freeware; 'peer-to-peer': Category Peer to Peer; 'marijuana': Category Marijuana; 'hacking': Category Hacking; 'games': Category Games; 'philosophy-and-politics': Category Philosophy and Political Advocacy; 'weapons': Category Weapons; 'pay-to-surf': Category Pay to Surf; 'hunting-and-fishing': Category Hunting and Fishing; 'society': Category Society; 'educational-institutions': Category Educational Institutions; 'online-greeting-cards': Category Online Greeting cards; 'sports': Category Sports; 'swimsuits-and-intimate-apparel': Category Swimsuits and Intimate Apparel; 'questionable': Category Questionable; 'kids': Category Kids; 'hate-and-racism': Category Hate and Racism; 'personal-storage': Category Personal Storage; 'violence': Category Violence; 'keyloggers-and-monitoring': Category Keyloggers and Monitoring; 'search-engines': Category Search Engines; 'internet-portals': Category Internet Portals; 'web-advertisements': Category Web Advertisements; 'cheating': Category Cheating; 'gross': Category Gross; 'web-based-email': Category Web based email; 'malware-sites': Category Malware Sites; 'phishing-and-other-fraud': Category Phishing and Other Frauds; 'proxy-avoid-and-anonymizers': Category Proxy Avoid and Anonymizers; 'spyware-and-adware': Category Spyware and Adware; 'music': Category Music; 'government': Category Government; 'nudity': Category Nudity; 'news-and-media': Category News and Media; 'illegal': Category Illegal; 'cdns': Category CDNs; 'internet-communications': Category Internet Communications; 'bot-nets': Category Bot Nets; 'abortion': Category Abortion; 'health-and-medicine': Category Health and Medicine; 'spam-urls': Category SPAM URLs; 'dynamically-generated-content': Category Dynamically Generated Content; 'parked-domains': Category Parked Domains; 'alcohol-and-tobacco': Category Alcohol and Tobacco; 'image-and-video-search': Category Image and Video Search; 'fashion-and-beauty': Category Fashion and Beauty; 'recreation-and-hobbies': Category Recreation and Hobbies; 'motor-vehicles': Category Motor Vehicles; 'web-hosting-sites': Category Web Hosting Sites; 'self-harm': Category Self Harm; 'dns-over-https': Category DNS over HTTPs; 'low-thc-cannabis-products': Category Low-THC Cannabis Products; 'generative-ai': Category Generative AI; 'nudity-artistic': Category Artistic Nudity; 'illegal-pornography': Category Illegal Pornography eg. Child Sexual Abuse; **Type:** string **Supported Values:** uncategorized, real-estate, computer-and-internet-security, financial-services, business-and-economy, computer-and-internet-info, auctions, shopping, cult-and-occult, travel, drugs, adult-and-pornography, home-and-garden, military, social-network, dead-sites, stock-advice-and-tools, training-and-tools, dating, sex-education, religion, entertainment-and-arts, personal-sites-and-blogs, legal, local-information, streaming-media, job-search, gambling, translation, reference-and-research, shareware-and-freeware, peer-to-peer, marijuana, hacking, games, philosophy-and-politics, weapons, pay-to-surf, hunting-and-fishing, society, educational-institutions, online-greeting-cards, sports, swimsuits-and-intimate-apparel, questionable, kids, hate-and-racism, personal-storage, violence, keyloggers-and-monitoring, search-engines, internet-portals, web-advertisements, cheating, gross, web-based-email, malware-sites, phishing-and-other-fraud, proxy-avoid-and-anonymizers, spyware-and-adware, music, government, nudity, news-and-media, illegal, cdns, internet-communications, bot-nets, abortion, health-and-medicine, spam-urls, dynamically-generated-content, parked-domains, alcohol-and-tobacco, image-and-video-search, fashion-and-beauty, recreation-and-hobbies, motor-vehicles, web-hosting-sites, self-harm, dns-over-https, low-thc-cannabis-products, generative-ai, nudity-artistic, illegal-pornography .. _2151_exception-web-category: exception-web-category ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **exception-category** **Description** 'uncategorized': Uncategorized URLs; 'real-estate': Category Real Estate; 'computer-and-internet-security': Category Computer and Internet Security; 'financial-services': Category Financial Services; 'business-and-economy': Category Business and Economy; 'computer-and-internet-info': Category Computer and Internet Info; 'auctions': Category Auctions; 'shopping': Category Shopping; 'cult-and-occult': Category Cult and Occult; 'travel': Category Travel; 'drugs': Category Abused Drugs; 'adult-and-pornography': Category Adult and Pornography; 'home-and-garden': Category Home and Garden; 'military': Category Military; 'social-network': Category Social Network; 'dead-sites': Category Dead Sites (db Ops only); 'stock-advice-and-tools': Category Stock Advice and Tools; 'training-and-tools': Category Training and Tools; 'dating': Category Dating; 'sex-education': Category Sex Education; 'religion': Category Religion; 'entertainment-and-arts': Category Entertainment and Arts; 'personal-sites-and-blogs': Category Personal sites and Blogs; 'legal': Category Legal; 'local-information': Category Local Information; 'streaming-media': Category Streaming Media; 'job-search': Category Job Search; 'gambling': Category Gambling; 'translation': Category Translation; 'reference-and-research': Category Reference and Research; 'shareware-and-freeware': Category Shareware and Freeware; 'peer-to-peer': Category Peer to Peer; 'marijuana': Category Marijuana; 'hacking': Category Hacking; 'games': Category Games; 'philosophy-and-politics': Category Philosophy and Political Advocacy; 'weapons': Category Weapons; 'pay-to-surf': Category Pay to Surf; 'hunting-and-fishing': Category Hunting and Fishing; 'society': Category Society; 'educational-institutions': Category Educational Institutions; 'online-greeting-cards': Category Online Greeting cards; 'sports': Category Sports; 'swimsuits-and-intimate-apparel': Category Swimsuits and Intimate Apparel; 'questionable': Category Questionable; 'kids': Category Kids; 'hate-and-racism': Category Hate and Racism; 'personal-storage': Category Personal Storage; 'violence': Category Violence; 'keyloggers-and-monitoring': Category Keyloggers and Monitoring; 'search-engines': Category Search Engines; 'internet-portals': Category Internet Portals; 'web-advertisements': Category Web Advertisements; 'cheating': Category Cheating; 'gross': Category Gross; 'web-based-email': Category Web based email; 'malware-sites': Category Malware Sites; 'phishing-and-other-fraud': Category Phishing and Other Frauds; 'proxy-avoid-and-anonymizers': Category Proxy Avoid and Anonymizers; 'spyware-and-adware': Category Spyware and Adware; 'music': Category Music; 'government': Category Government; 'nudity': Category Nudity; 'news-and-media': Category News and Media; 'illegal': Category Illegal; 'cdns': Category CDNs; 'internet-communications': Category Internet Communications; 'bot-nets': Category Bot Nets; 'abortion': Category Abortion; 'health-and-medicine': Category Health and Medicine; 'spam-urls': Category SPAM URLs; 'dynamically-generated-content': Category Dynamically Generated Content; 'parked-domains': Category Parked Domains; 'alcohol-and-tobacco': Category Alcohol and Tobacco; 'image-and-video-search': Category Image and Video Search; 'fashion-and-beauty': Category Fashion and Beauty; 'recreation-and-hobbies': Category Recreation and Hobbies; 'motor-vehicles': Category Motor Vehicles; 'web-hosting-sites': Category Web Hosting Sites; 'self-harm': Category Self Harm; 'dns-over-https': Category DNS over HTTPs; 'low-thc-cannabis-products': Category Low-THC Cannabis Products; 'generative-ai': Category Generative AI; 'nudity-artistic': Category Artistic Nudity; 'illegal-pornography': Category Illegal Pornography eg. Child Sexual Abuse; **Type:** string **Supported Values:** uncategorized, real-estate, computer-and-internet-security, financial-services, business-and-economy, computer-and-internet-info, auctions, shopping, cult-and-occult, travel, drugs, adult-and-pornography, home-and-garden, military, social-network, dead-sites, stock-advice-and-tools, training-and-tools, dating, sex-education, religion, entertainment-and-arts, personal-sites-and-blogs, legal, local-information, streaming-media, job-search, gambling, translation, reference-and-research, shareware-and-freeware, peer-to-peer, marijuana, hacking, games, philosophy-and-politics, weapons, pay-to-surf, hunting-and-fishing, society, educational-institutions, online-greeting-cards, sports, swimsuits-and-intimate-apparel, questionable, kids, hate-and-racism, personal-storage, violence, keyloggers-and-monitoring, search-engines, internet-portals, web-advertisements, cheating, gross, web-based-email, malware-sites, phishing-and-other-fraud, proxy-avoid-and-anonymizers, spyware-and-adware, music, government, nudity, news-and-media, illegal, cdns, internet-communications, bot-nets, abortion, health-and-medicine, spam-urls, dynamically-generated-content, parked-domains, alcohol-and-tobacco, image-and-video-search, fashion-and-beauty, recreation-and-hobbies, motor-vehicles, web-hosting-sites, self-harm, dns-over-https, low-thc-cannabis-products, generative-ai, nudity-artistic, illegal-pornography .. _2151_cipher-without-prio-list: cipher-without-prio-list ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **cipher-wo-prio** **Description** 'SSL3_RSA_DES_192_CBC3_SHA': TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A); 'SSL3_RSA_RC4_128_MD5': TLS_RSA_WITH_RC4_128_MD5 (0x0004); 'SSL3_RSA_RC4_128_SHA': TLS_RSA_WITH_RC4_128_SHA (0x0005); 'TLS1_RSA_AES_128_SHA': TLS_RSA_WITH_AES_128_CBC_SHA (0x002F); 'TLS1_RSA_AES_256_SHA': TLS_RSA_WITH_AES_256_CBC_SHA (0x0035); 'TLS1_RSA_AES_128_SHA256': TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003C); 'TLS1_RSA_AES_256_SHA256': TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003D); 'TLS1_DHE_RSA_AES_128_GCM_SHA256': TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009E); 'TLS1_DHE_RSA_AES_128_SHA': TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033); 'TLS1_DHE_RSA_AES_128_SHA256': TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067); 'TLS1_DHE_RSA_AES_256_GCM_SHA384': TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009F); 'TLS1_DHE_RSA_AES_256_SHA': TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039); 'TLS1_DHE_RSA_AES_256_SHA256': TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006B); 'TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256': TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xC02B); 'TLS1_ECDHE_ECDSA_AES_128_SHA': TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xC009); 'TLS1_ECDHE_ECDSA_AES_128_SHA256': TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xC023); 'TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384': TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xC02C); 'TLS1_ECDHE_ECDSA_AES_256_SHA': TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xC00A); 'TLS1_ECDHE_RSA_AES_128_GCM_SHA256': TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC02F); 'TLS1_ECDHE_RSA_AES_128_SHA': TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013); 'TLS1_ECDHE_RSA_AES_128_SHA256': TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027); 'TLS1_ECDHE_RSA_AES_256_GCM_SHA384': TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030); 'TLS1_ECDHE_RSA_AES_256_SHA': TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014); 'TLS1_RSA_AES_128_GCM_SHA256': TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009C); 'TLS1_RSA_AES_256_GCM_SHA384': TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009D); 'TLS1_ECDHE_RSA_AES_256_SHA384': TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028); 'TLS1_ECDHE_ECDSA_AES_256_SHA384': TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xC024); 'TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256': TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA8); 'TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256': TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA9); 'TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256': TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCAA); **Type:** string **Supported Values:** SSL3_RSA_DES_192_CBC3_SHA, SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, TLS1_RSA_AES_128_SHA, TLS1_RSA_AES_256_SHA, TLS1_RSA_AES_128_SHA256, TLS1_RSA_AES_256_SHA256, TLS1_DHE_RSA_AES_128_GCM_SHA256, TLS1_DHE_RSA_AES_128_SHA, TLS1_DHE_RSA_AES_128_SHA256, TLS1_DHE_RSA_AES_256_GCM_SHA384, TLS1_DHE_RSA_AES_256_SHA, TLS1_DHE_RSA_AES_256_SHA256, TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256, TLS1_ECDHE_ECDSA_AES_128_SHA, TLS1_ECDHE_ECDSA_AES_128_SHA256, TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA, TLS1_ECDHE_RSA_AES_128_GCM_SHA256, TLS1_ECDHE_RSA_AES_128_SHA, TLS1_ECDHE_RSA_AES_128_SHA256, TLS1_ECDHE_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA, TLS1_RSA_AES_128_GCM_SHA256, TLS1_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA384, TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256, TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256, TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256 **Mutual Exclusion:** cipher-wo-prio, template-cipher, and shared-partition-cipher-template are mutually exclusive .. _2151_server-name-list: server-name-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **server-cert** **Description** Server Certificate associated to SNI (Server Certificate Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **server-cert-regex** **Description** Server Certificate associated to SNI regex (Server Certificate Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **server-chain** **Description** Server Certificate Chain associated to SNI (Server Certificate Chain Name) **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **server-chain-regex** **Description** Server Certificate Chain associated to SNI regex (Server Certificate Chain Name) **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **server-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **server-encrypted-regex** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **server-key** **Description** Server Private Key associated to SNI (Server Private Key Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **server-key-regex** **Description** Server Private Key associated to SNI regex (Server Private Key Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **server-name** **Description** Server name indication in Client hello extension (Server name String) **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **server-name-alternate** **Description** Specific the second certifcate **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-name-regex** **Description** Server name indication in Client hello extension with regular expression (Server name String with regex) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **server-name-regex-alternate** **Description** Specific the second certifcate **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-passphrase** **Description** help Password Phrase **Type:** string **Format:** password **Maximum Length:** 128 characters **Maximum Length:** 1 characters **server-passphrase-regex** **Description** help Password Phrase **Type:** string **Format:** password **Maximum Length:** 128 characters **Maximum Length:** 1 characters **server-shared** **Description** Server Name Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-shared-regex** **Description** Server Name Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-regex-shared-partition-client-ssl-template** **Description** Reference a Client SSL template from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-regex-template** **Description** Template associated to SNI regex **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-regex-template-client-ssl** **Description** Client SSL Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/client-ssl ` **sni-regex-template-client-ssl-shared-name** **Description** Client SSL Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/client-ssl ` **sni-shared-partition-client-ssl-template** **Description** Reference a Client SSL template from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-template** **Description** Template associated to SNI **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-template-client-ssl** **Description** Client SSL Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/client-ssl ` **sni-template-client-ssl-shared-name** **Description** Client SSL Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/client-ssl ` .. _2151_sampling-enable: sampling-enable ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'real-estate': real estate category; 'computer-and-internet-security': computer and internet security category; 'financial-services': financial services category; 'business-and-economy': business and economy category; 'computer-and-internet-info': computer and internet info category; 'auctions': auctions category; 'shopping': shopping category; 'cult-and-occult': cult and occult category; 'travel': travel category; 'drugs': drugs category; 'adult-and-pornography': adult and pornography category; 'home-and-garden': home and garden category; 'military': military category; 'social-network': social network category; 'dead-sites': dead sites category; 'stock-advice-and-tools': stock advice and tools category; 'training-and-tools': training and tools category; 'dating': dating category; 'sex-education': sex education category; 'religion': religion category; 'entertainment-and-arts': entertainment and arts category; 'personal-sites-and-blogs': personal sites and blogs category; 'legal': legal category; 'local-information': local information category; 'streaming-media': streaming media category; 'job-search': job search category; 'gambling': gambling category; 'translation': translation category; 'reference-and-research': reference and research category; 'shareware-and-freeware': shareware and freeware category; 'peer-to-peer': peer to peer category; 'marijuana': marijuana category; 'hacking': hacking category; 'games': games category; 'philosophy-and-politics': philosophy and politics category; 'weapons': weapons category; 'pay-to-surf': pay to surf category; 'hunting-and-fishing': hunting and fishing category; 'society': society category; 'educational-institutions': educational institutions category; 'online-greeting-cards': online greeting cards category; 'sports': sports category; 'swimsuits-and-intimate-apparel': swimsuits and intimate apparel category; 'questionable': questionable category; 'kids': kids category; 'hate-and-racism': hate and racism category; 'personal-storage': personal storage category; 'violence': violence category; 'keyloggers-and-monitoring': keyloggers and monitoring category; 'search-engines': search engines category; 'internet-portals': internet portals category; 'web-advertisements': web advertisements category; 'cheating': cheating category; 'gross': gross category; 'web-based-email': web based email category; 'malware-sites': malware sites category; 'phishing-and-other-fraud': phishing and other fraud category; 'proxy-avoid-and-anonymizers': proxy avoid and anonymizers category; 'spyware-and-adware': spyware and adware category; 'music': music category; 'government': government category; 'nudity': nudity category; 'news-and-media': news and media category; 'illegal': illegal category; 'CDNs': content delivery networks category; 'internet-communications': internet communications category; 'bot-nets': bot nets category; 'abortion': abortion category; 'health-and-medicine': health and medicine category; 'confirmed-SPAM-sources': confirmed SPAM sources category; 'SPAM-URLs': SPAM URLs category; 'unconfirmed-SPAM-sources': unconfirmed SPAM sources category; 'open-HTTP-proxies': open HTTP proxies category; 'dynamically-generated-content': dynamically generated content category; 'parked-domains': parked domains category; 'alcohol-and-tobacco': alcohol and tobacco category; 'private-IP-addresses': private IP addresses category; 'image-and-video-search': image and video search category; 'fashion-and-beauty': fashion and beauty category; 'recreation-and-hobbies': recreation and hobbies category; 'motor-vehicles': motor vehicles category; 'web-hosting-sites': web hosting sites category; 'food-and-dining': food and dining category; 'dummy-item': dummy item category; 'self-harm': self harm category; 'dns-over-https': dns over https category; 'low-thc-cannabis-products': low-thc cannabis products; 'generative-ai': generative ai category; 'nudity-artistic': artistic nudity; 'illegal-pornography': illegal pornography eg. child sexual abuse; 'uncategorised': uncategorised; 'other-category': other category; 'trustworthy': Trustworthy level(81-100); 'low-risk': Low-risk level(61-80); 'moderate-risk': Moderate-risk level(41-60); 'suspicious': Suspicious level(21-40); 'malicious': Malicious level(1-20); **Type:** string **Supported Values:** all, real-estate, computer-and-internet-security, financial-services, business-and-economy, computer-and-internet-info, auctions, shopping, cult-and-occult, travel, drugs, adult-and-pornography, home-and-garden, military, social-network, dead-sites, stock-advice-and-tools, training-and-tools, dating, sex-education, religion, entertainment-and-arts, personal-sites-and-blogs, legal, local-information, streaming-media, job-search, gambling, translation, reference-and-research, shareware-and-freeware, peer-to-peer, marijuana, hacking, games, philosophy-and-politics, weapons, pay-to-surf, hunting-and-fishing, society, educational-institutions, online-greeting-cards, sports, swimsuits-and-intimate-apparel, questionable, kids, hate-and-racism, personal-storage, violence, keyloggers-and-monitoring, search-engines, internet-portals, web-advertisements, cheating, gross, web-based-email, malware-sites, phishing-and-other-fraud, proxy-avoid-and-anonymizers, spyware-and-adware, music, government, nudity, news-and-media, illegal, CDNs, internet-communications, bot-nets, abortion, health-and-medicine, confirmed-SPAM-sources, SPAM-URLs, unconfirmed-SPAM-sources, open-HTTP-proxies, dynamically-generated-content, parked-domains, alcohol-and-tobacco, private-IP-addresses, image-and-video-search, fashion-and-beauty, recreation-and-hobbies, motor-vehicles, web-hosting-sites, food-and-dining, dummy-item, self-harm, dns-over-https, low-thc-cannabis-products, generative-ai, nudity-artistic, illegal-pornography, uncategorised, other-category, trustworthy, low-risk, moderate-risk, suspicious, malicious .. _2151_certificate-list: certificate-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **cert** **Description** Certificate Name **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **chain-cert** **Description** Chain Certificate (Chain Certificate Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **key** **Description** Server Private Key (Key Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **key-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 128 characters **Maximum Length:** 1 characters **shared** **Description** Server Certificate and Key Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters