ddos template¶
Define a DDOS template
template Specification¶
Parameter Value Type Intermediate Resource Element Name template Element URI /axapi/v3/ddos/template Element Attributes template_attributes Partition Visibility shared Schema template schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Get Object | GET | /axapi/v3/ddos/template | template_attributes |
template attributes¶
dns-list
Type: List
Reference Object: /axapi/v3/ddos/template/dns/{name}
encap-list
Type: List
Reference Object: /axapi/v3/ddos/template/encap/{encap-tmpl-name}
http-list
Type: List
Reference Object: /axapi/v3/ddos/template/http/{http-tmpl-name}
icmp-v4-list
Type: List
Reference Object: /axapi/v3/ddos/template/icmp-v4/{icmp-tmpl-name}
icmp-v6-list
Type: List
Reference Object: /axapi/v3/ddos/template/icmp-v6/{icmp-tmpl-name}
logging-list
Type: List
Reference Object: /axapi/v3/ddos/template/logging/{logging-tmpl-name}
other-list
Type: List
Reference Object: /axapi/v3/ddos/template/other/{name}
sip-list
Type: List
Reference Object: /axapi/v3/ddos/template/sip/{sip-tmpl-name}
ssl-l4-list
Type: List
Reference Object: /axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name}
tcp-list
Type: List
Reference Object: /axapi/v3/ddos/template/tcp/{name}
udp-list
Type: List
Reference Object: /axapi/v3/ddos/template/udp/{name}
logging-list¶
Specification Value Type list Block object keys enable-action-logging
Description Log action taken
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-format-cef
Description Log in CEF format
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-format-custom
Description Customize log format
Type: string
Format: string-rlx
Maximum Length: 512 characters
Maximum Length: 1 characters
logging-tmpl-name
Description DDOS Logging Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Default: default
use-obj-name
Description Show obj name instead of ip in the log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
encap-list¶
Specification Value Type list Block object keys encap-tmpl-name
Description DDOS Tunnel Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
preserve-source-ip
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tunnel-encap
Description: tunnel-encap is a JSON Block. Please see below for encap-list_tunnel-encap
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
encap-list_tunnel-encap¶
Specification Value Type object gre-cfg
Description: gre-cfg is a JSON Block. Please see below for encap-list_tunnel-encap_gre-cfg
Type: Object
ip-cfg
Description: ip-cfg is a JSON Block. Please see below for encap-list_tunnel-encap_ip-cfg
Type: Object
encap-list_tunnel-encap_ip-cfg¶
Specification Value Type object always
Description: always is a JSON Block. Please see below for encap-list_tunnel-encap_ip-cfg_always
Type: Object
ip-encap
Description Enable Tunnel encap for IP packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
encap-list_tunnel-encap_ip-cfg_always¶
Specification Value Type object ipv4-addr
Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv4-address
ipv6-addr
Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv6-address
encap-list_tunnel-encap_gre-cfg¶
Specification Value Type object gre-always
Description: gre-always is a JSON Block. Please see below for encap-list_tunnel-encap_gre-cfg_gre-always
Type: Object
gre-encap
Description Enable Tunnel encap for GRE packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
encap-list_tunnel-encap_gre-cfg_gre-always¶
Specification Value Type object gre-ipv4
Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv4-address
gre-ipv6
Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv6-address
key-ipv4
Description Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
key-ipv6
Description Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
ssl-l4-list¶
Specification Value Type list Block object keys action
Description ‘drop’: drop; ‘reset’: reset;
Type: string
Supported Values: drop, reset
Default: drop
allow-non-tls
Description Allow Non-TLS (SSLv3 and lower) traffic (Warning: security may be compromised)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
auth-config-cfg
Description: auth-config-cfg is a JSON Block. Please see below for ssl-l4-list_auth-config-cfg
Type: Object
cert-cfg
Description: cert-cfg is a JSON Block. Please see below for ssl-l4-list_cert-cfg
Type: Object
disable
Description Disable this template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for ssl-l4-list_multi-pu-threshold-distribution
Type: Object
renegotiation
Description Configure renegotiation limiting for SSL (Number of renegotiation allowed)
Type: number
Range: 0-7
request-rate-limit
Description Configure rate limiting for SSL
Type: number
Range: 1-16000000
server-name-list
Type: Listssl-l4-tmpl-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-traffic-check
Description: ssl-traffic-check is a JSON Block. Please see below for ssl-l4-list_ssl-traffic-check
Type: Object
Reference Object: /axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name}/ssl-traffic-check
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ssl-l4-list_cert-cfg¶
Specification Value Type object cert
Description SSL certificate
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
key
Description SSL key
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
key-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)key-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4-list_auth-config-cfg¶
Specification Value Type object auth-handshake-fail-action
Description ‘blacklist-src’: Blacklist-src when auth handshake fails;
Type: string
Supported Values: blacklist-src
timeout
Description Connection timeout
Type: number
Range: 1-31
Default: 5
trials
Description Number of failed handshakes
Type: number
Range: 0-15
Default: 5
ssl-l4-list_ssl-traffic-check¶
Specification Value Type object check-resumed-connection
Description Apply checks to SSL connections initialized by ACK packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
header-action
Description ‘drop’: Drop packets with bad ssl header; ‘ignore’: Forward packets with bad ssl header;
Type: string
Supported Values: drop, ignore
header-inspection
Description Inspect ssl header
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ssl-l4-list_multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
ssl-l4-list_server-name-list¶
Specification Value Type list Block object keys server-cert
Description Server Certificate associated to SNI (Server Certificate Name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
server-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)server-key
Description Server Private Key associated to SNI (Server Private Key Name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
server-name
Description Server name indication in Client hello extension (Server name String)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
server-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
dns-list¶
Specification Value Type list Block object keys action
Description ‘drop’: Drop packets (Default action); ‘reset’: Send Client RST for TCP connections;
Type: string
Supported Values: drop, reset
Default: drop
allow-query-class
Description: allow-query-class is a JSON Block. Please see below for dns-list_allow-query-class
Type: Object
allow-record-type
Description: allow-record-type is a JSON Block. Please see below for dns-list_allow-record-type
Type: Object
dns-any-check
Description Drop DNS queries of Type ANY
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-auth-cfg
Description: dns-auth-cfg is a JSON Block. Please see below for dns-list_dns-auth-cfg
Type: Object
dns-request-rate-limit
Description: dns-request-rate-limit is a JSON Block. Please see below for dns-list_dns-request-rate-limit
Type: Object
domain-group-name
Description Apply a domain-group to the DNS template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
domain-group-rate-exceed-action
Description ‘drop’: Drop the query (default); ‘tunnel-encap-packet’: Encapsulate the query and send on a tunnel;
Type: string
Supported Values: drop, tunnel-encap-packet
Default: drop
domain-group-rate-per-service
Description Enable per service domain rate checking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
encap-template
Description DDOS encap template to sepcify the tunnel endpoint
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
fqdn-cfg
Type: Listfqdn-label-count
Description Maximum number of length of FQDN labels
Type: number
Range: 1-10
fqdn-label-len-cfg
Type: Listmalformed-query-check
Description: malformed-query-check is a JSON Block. Please see below for dns-list_malformed-query-check
Type: Object
Reference Object: /axapi/v3/ddos/template/dns/{name}/malformed-query-check
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for dns-list_multi-pu-threshold-distribution
Type: Object
name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
nxdomain-cfg
Description: nxdomain-cfg is a JSON Block. Please see below for dns-list_nxdomain-cfg
Type: Object
on-no-match
Description ‘permit’: permit; ‘deny’: deny (default);
Type: string
Supported Values: permit, deny
Default: deny
query-rate-threshold-for-cache-serving
Description This is for DNS cache mode only, it sets a DNS query rate threshold such that queries under the rate threshold would be forward
Type: number
Range: 1-16000000
symtimeout-cfg
Description: symtimeout-cfg is a JSON Block. Please see below for dns-list_symtimeout-cfg
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-list_dns-request-rate-limit¶
Specification Value Type object type
Description: type is a JSON Block. Please see below for dns-list_dns-request-rate-limit_type
Type: Object
dns-list_dns-request-rate-limit_type¶
Specification Value Type object A-cfg
Description: A-cfg is a JSON Block. Please see below for dns-list_dns-request-rate-limit_type_A-cfg
Type: Object
AAAA-cfg
Description: AAAA-cfg is a JSON Block. Please see below for dns-list_dns-request-rate-limit_type_AAAA-cfg
Type: Object
CNAME-cfg
Description: CNAME-cfg is a JSON Block. Please see below for dns-list_dns-request-rate-limit_type_CNAME-cfg
Type: Object
MX-cfg
Description: MX-cfg is a JSON Block. Please see below for dns-list_dns-request-rate-limit_type_MX-cfg
Type: Object
NS-cfg
Description: NS-cfg is a JSON Block. Please see below for dns-list_dns-request-rate-limit_type_NS-cfg
Type: Object
SRV-cfg
Description: SRV-cfg is a JSON Block. Please see below for dns-list_dns-request-rate-limit_type_SRV-cfg
Type: Object
dns-type-cfg
Type: List
dns-list_dns-request-rate-limit_type_SRV-cfg¶
Specification Value Type object SRV
Description Service locator
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-srv-rate
Description DNS request rate
Type: number
Range: 1-16000000
dns-list_dns-request-rate-limit_type_CNAME-cfg¶
Specification Value Type object CNAME
Description Canonical name record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-cname-rate
Description
Type: number
Range: 1-16000000
dns-list_dns-request-rate-limit_type_dns-type-cfg¶
Specification Value Type list Block object keys dns-request-type
Description Other type value
Type: number
Range: 1-65535
dns-request-type-rate
Description request rate limit
Type: number
Range: 1-16000000
dns-list_dns-request-rate-limit_type_AAAA-cfg¶
Specification Value Type object AAAA
Description IPv6 address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-aaaa-rate
Description
Type: number
Range: 1-16000000
dns-list_dns-request-rate-limit_type_A-cfg¶
Specification Value Type object A
Description Address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-a-rate
Description
Type: number
Range: 1-16000000
dns-list_dns-request-rate-limit_type_MX-cfg¶
Specification Value Type object MX
Description Mail exchange record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-mx-rate
Description
Type: number
Range: 1-16000000
dns-list_dns-request-rate-limit_type_NS-cfg¶
Specification Value Type object NS
Description Name server record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-ns-rate
Description
Type: number
Range: 1-16000000
dns-list_multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
dns-list_nxdomain-cfg¶
Specification Value Type object dns-nxdomain-rate
Description Limiting rate
Type: number
Range: 1-16000000
dns-nxdomain-rate-limit
Description DNS NXDOMAIN Rate Limiting (SRC support only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-nxdomain-rate-limit-action
Description ‘drop’: Drop queries if rate is exceeded; ‘black-list’: Black-List source if rate is exceeded;
Type: string
Supported Values: drop, black-list
dns-list_fqdn-cfg¶
Specification Value Type list Block object keys by
Description ‘domain-name’: Domain Name; ‘src-ip’: Source IP address; ‘both’: Use both Domain Name and Source IP address for rate-limiting;
Type: string
Supported Values: domain-name, src-ip, both
Mutual Exclusion: by and per are mutually exclusive
dns-fqdn-rate
Description Limiting rate (Range: 5-8000 for FQDN domain based rate limiting, 5-16000000 for FQDN label count based rate limiting)
Type: number
Range: 5-16000000
dns-fqdn-rate-limit
Description DNS Rate limiting on the basis of FQDN
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fqdn-rate-label-count
Description FQDN label count (Range: 1-8)
Type: number
Range: 1-8
fqdn-rate-suffix
Description Suffix count
Type: number
Range: 1-5
fqdn-rate-suffix-by
Description Number of suffixes
Type: number
Range: 1-5
per
Description ‘domain-name’: Domain Name; ‘src-ip’: Source IP address; ‘label-count’: FQDN label count;
Type: string
Supported Values: domain-name, src-ip, label-count
Mutual Exclusion: per and by are mutually exclusive
per-domain-per-src-ip
Description Use both Domain Name and Source IP address for rate-limiting
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-list_dns-auth-cfg¶
Specification Value Type object dns-auth
Description DNS authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-auth-type
Description ‘udp’: Drop DNS request and monitor client retry; ‘force-tcp’: Force DNS request over TCP;
Type: string
Supported Values: udp, force-tcp
force-tcp-ignore-client-source-port
Description Allow client to retransmit DNS request using different source port during udp-auth (supported in asymmetric mode only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
force-tcp-min-retry-gap
Description Minimum sec gap in between 2 dns-udp packets for auth to pass
Type: number
Range: 1-15
force-tcp-timeout
Description TCP authentication timeout in seconds
Type: number
Range: 1-16
min-retry-gap
Description Optional minimum sec gap in between 2 dns-udp packets for auth to pass, unit is specified by min-retry-gap-interval
Type: number
Range: 1-80
min-retry-gap-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
Default: 1sec
udp-timeout
Description UDP authentication timeout in seconds
Type: number
Range: 1-16
udp-timeout-val-only
Description UDP authentication timeout in seconds
Type: number
Range: 1-16
with-udp-auth
Description Monitor client retry
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-list_symtimeout-cfg¶
Specification Value Type object sym-timeout
Description Timeout for DNS Symmetric session
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sym-timeout-value
Description Session timeout value in seconds
Type: number
Range: 1-31
dns-list_allow-query-class¶
Specification Value Type object allow-any-query-class
Description ANY query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-chaos-query-class
Description CHAOS query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-csnet-query-class
Description CSNET query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-hesiod-query-class
Description HESIOD query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-internet-query-class
Description INTERNET query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-none-query-class
Description NONE query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-list_fqdn-label-len-cfg¶
Specification Value Type list Block object keys fqdn-label-length
Description Maximum FQDN label length
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fqdn-label-suffix
Description Number of suffixes
Type: number
Range: 1-5
label-length
Description Maximum length of FQDN label
Type: number
Range: 1-63
dns-list_allow-record-type¶
Specification Value Type object allow-a-type
Description Address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-aaaa-type
Description IPv6 address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-cname-type
Description Canonical name record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-mx-type
Description Mail exchange record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-ns-type
Description Name server record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-srv-type
Description Service locator
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
record-num-cfg
Type: List
dns-list_allow-record-type_record-num-cfg¶
Specification Value Type list Block object keys allow-num-type
Description Other record type value
Type: number
Range: 1-65535
dns-list_malformed-query-check¶
Specification Value Type object non-query-opcode-check
Description ‘disable’: When malform check is enabled, TPS always drops DNS query with non query opcode, this option disables this opcode check;
Type: string
Supported Values: disable
skip-multi-packet-check
Description Bypass DNS fragmented and TCP segmented Queries(Default: dropped)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
validation-type
Description ‘basic-header-check’: Basic header validation for DNS TCP/UDP queries; ‘extended-header-check’: Extended header/query validation for DNS TCP/UDP queries; ‘disable’: Disable Malform query validation for DNS TCP/UDP;
Type: string
Supported Values: basic-header-check, extended-header-check, disable
icmp-v4-list¶
Specification Value Type list Block object keys icmp-tmpl-name
Description DDOS ICMPv4 Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
type-list
Type: List
Reference Object: /axapi/v3/ddos/template/icmp-v4/{icmp-tmpl-name}/type/{type-number}
type-other
Description: type-other is a JSON Block. Please see below for icmp-v4-list_type-other
Type: Object
Reference Object: /axapi/v3/ddos/template/icmp-v4/{icmp-tmpl-name}/type-other
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
icmp-v4-list_type-other¶
Specification Value Type object type-other-deny
Description Deny all other type
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: type-other-deny and type-other-rate are mutually exclusive
type-other-rate
Description Specify rate with other type
Type: number
Range: 1-16000000
Mutual Exclusion: type-other-rate and type-other-deny are mutually exclusive
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
icmp-v4-list_type-list¶
Specification Value Type list Block object keys code
Type: Listcode-other
Description: code-other is a JSON Block. Please see below for icmp-v4-list_type-list_code-other
Type: Object
type-deny
Description Reject this ICMP type
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: type-deny, type-rate, and code-other-rate are mutually exclusive
type-number
Description Specify ICMP type number
Type: number
Range: 0-255
type-rate
Description Specify the whole rate with this type
Type: number
Range: 1-16000000
Mutual Exclusion: type-rate and type-deny are mutually exclusive
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
icmp-v4-list_type-list_code¶
Specification Value Type list Block object keys code-number
Description Specify the ICMP code
Type: number
Range: 0-255
code-rate
Description Specify the rate with the code
Type: number
Range: 1-16000000
icmp-v4-list_type-list_code-other¶
Specification Value Type object code-other-rate
Description Specify rate with other code
Type: number
Range: 1-16000000
Mutual Exclusion: code-other-rate and type-deny are mutually exclusive
tcp-list¶
Specification Value Type list Block object keys ack-authentication-synack-reset
Description Enable Reset client TCP SYN+ACK for authentication (DST support only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
action-cfg
Description: action-cfg is a JSON Block. Please see below for tcp-list_action-cfg
Type: Object
action-on-ack-rto-retry-count
Description Take action if action-on-ack RTO-authentication fail over retry time(default:5)
Type: number
Range: 2-10
action-on-syn-rto-retry-count
Description Take action if action-on-syn RTO-authentication fail over retry time(default:5)
Type: number
Range: 2-10
action-syn-cfg
Description: action-syn-cfg is a JSON Block. Please see below for tcp-list_action-syn-cfg
Type: Object
age
Description Session age in minutes
Type: number
Range: 1-63
allow-syn-otherflags
Description Treat TCP SYN+PSH as a TCP SYN (DST tcp ports support only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-synack-skip-authentications
Description Allow create sessions on SYNACK without syn-auth and ack-auth (ASYM Mode only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-tcp-tfo
Description Allow TCP Fast Open
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
black-list-out-of-seq
Description Black list Src IP if out of seq pkts exceed configured threshold
Type: number
Range: 1-64000
Mutual Exclusion: black-list-out-of-seq and per-conn-out-of-seq-rate-limit are mutually exclusive
black-list-retransmit
Description Black list Src IP if retransmit pkts exceed configured threshold
Type: number
Range: 1-64000
Mutual Exclusion: black-list-retransmit and per-conn-retransmit-rate-limit are mutually exclusive
black-list-zero-win
Description Black list Src IP if zero window pkts exceed configured threshold
Type: number
Range: 1-250
Mutual Exclusion: black-list-zero-win and per-conn-zero-win-rate-limit are mutually exclusive
conn-rate-limit-on-syn-only
Description Only count SYN-initiated connections towards connection-rate tracking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
create-conn-on-syn-only
Description Enable connection establishment on SYN only
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-known-resp-src-port-cfg
Description: drop-known-resp-src-port-cfg is a JSON Block. Please see below for tcp-list_drop-known-resp-src-port-cfg
Type: Object
dst
Description: dst is a JSON Block. Please see below for tcp-list_dst
Type: Object
filter-list
Type: List
Reference Object: /axapi/v3/ddos/template/tcp/{name}/filter/{tcp-filter-seq}
name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
per-conn-out-of-seq-rate-action
Description ‘drop’: Drop packets for out-of-seq rate exceed (Default); ‘blacklist-src’: help Blacklist-src for out-of-seq rate exceed; ‘ignore’: help Ignore out-of-seq rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
per-conn-out-of-seq-rate-limit
Description Take action if out-of-seq pkt rate exceed configured threshold
Type: number
Range: 1-16000000
Mutual Exclusion: per-conn-out-of-seq-rate-limit and black-list-out-of-seq are mutually exclusive
per-conn-pkt-rate-action
Description ‘drop’: Drop packets for per-conn-pkt-rate exceed (Default); ‘blacklist-src’: help Blacklist-src for per-conn-pkt-rate exceed; ‘ignore’: Ignore per-conn-pkt-rate-exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
per-conn-pkt-rate-limit
Description Packet rate limit per connection per rate-interval
Type: number
Range: 1-16000000
per-conn-rate-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec; ’10sec’: 10sec;
Type: string
Supported Values: 100ms, 1sec, 10sec
Default: 1sec
per-conn-retransmit-rate-action
Description ‘drop’: Drop packets for retransmit rate exceed (Default); ‘blacklist-src’: help Blacklist-src for retransmit rate exceed; ‘ignore’: help Ignore retransmit rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
per-conn-retransmit-rate-limit
Description Take action if retransmit pkt rate exceed configured threshold
Type: number
Range: 1-16000000
Mutual Exclusion: per-conn-retransmit-rate-limit and black-list-retransmit are mutually exclusive
per-conn-zero-win-rate-action
Description ‘drop’: Drop packets for zero-win rate exceed (Default); ‘blacklist-src’: help Blacklist-src for zero-win rate exceed; ‘ignore’: help Ignore zero-win rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
per-conn-zero-win-rate-limit
Description Take action if zero window pkt rate exceed configured threshold
Type: number
Range: 1-16000000
Mutual Exclusion: per-conn-zero-win-rate-limit and black-list-zero-win are mutually exclusive
progression-tracking
Description: progression-tracking is a JSON Block. Please see below for tcp-list_progression-tracking
Type: Object
Reference Object: /axapi/v3/ddos/template/tcp/{name}/progression-tracking
src
Description: src is a JSON Block. Please see below for tcp-list_src
Type: Object
syn-auth
Description ‘send-rst’: Send RST to client upon client ACK; ‘force-rst-by-ack’: Force client RST via the use of ACK; ‘force-rst-by-synack’: Force client RST via the use of bad SYN|ACK; ‘disable’: Disable TCP SYN Authentication;
Type: string
Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, disable
Default: send-rst
syn-cookie
Description Enable SYN Cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
synack-rate-limit
Description Config SYNACK rate limit
Type: number
Range: 1-16000000
Mutual Exclusion: synack-rate-limit and track-together-with-syn are mutually exclusive
track-together-with-syn
Description SYNACK will be counted in Dst Syn-rate limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: track-together-with-syn and synack-rate-limit are mutually exclusive
tunnel-encap
Description: tunnel-encap is a JSON Block. Please see below for tcp-list_tunnel-encap
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
tcp-list_tunnel-encap¶
Specification Value Type object gre-cfg
Description: gre-cfg is a JSON Block. Please see below for tcp-list_tunnel-encap_gre-cfg
Type: Object
ip-cfg
Description: ip-cfg is a JSON Block. Please see below for tcp-list_tunnel-encap_ip-cfg
Type: Object
tcp-list_tunnel-encap_ip-cfg¶
Specification Value Type object always
Description: always is a JSON Block. Please see below for tcp-list_tunnel-encap_ip-cfg_always
Type: Object
ip-encap
Description Enable Tunnel encapsulation using IP in IP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-list_tunnel-encap_ip-cfg_always¶
Specification Value Type object ipv4-addr
Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv4-address
ipv6-addr
Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv6-address
preserve-src-ipv4
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
preserve-src-ipv6
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-list_tunnel-encap_gre-cfg¶
Specification Value Type object gre-always
Description: gre-always is a JSON Block. Please see below for tcp-list_tunnel-encap_gre-cfg_gre-always
Type: Object
gre-encap
Description Enable Tunnel encapsulation using GRE
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-list_tunnel-encap_gre-cfg_gre-always¶
Specification Value Type object gre-ipv4
Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv4-address
gre-ipv6
Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv6-address
key-ipv4
Description Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
key-ipv6
Description Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
preserve-src-ipv4-gre
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
preserve-src-ipv6-gre
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-list_dst¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for tcp-list_dst_rate-limit
Type: Object
tcp-list_dst_rate-limit¶
Specification Value Type object syn-rate-limit
Description: syn-rate-limit is a JSON Block. Please see below for tcp-list_dst_rate-limit_syn-rate-limit
Type: Object
tcp-list_dst_rate-limit_syn-rate-limit¶
Specification Value Type object dst-syn-rate-action
Description ‘drop’: Drop packets for syn-rate exceed (Default); ‘ignore’: Ignore syn-rate-exceed;
Type: string
Supported Values: drop, ignore
Default: drop
dst-syn-rate-limit
Description
Type: number
Range: 1-16000000
tcp-list_action-cfg¶
Specification Value Type object action-on-ack
Description Monitor tcp ack for age-out session
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
authenticate-only
Description Apply action-on-ack once per source address for authentication purpose
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
min-retry-gap
Description Min gap between 2 ACKs for action-on-ack pass in 100ms interval
Type: number
Range: 1-80
reset
Description Send RST to client
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
rto-authentication
Description Estimate the RTO and apply the exponential back-off for authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
timeout
Description ACK retry timeout in sec
Type: number
Range: 1-31
tcp-list_progression-tracking¶
Specification Value Type object connection-tracking
Description: connection-tracking is a JSON Block. Please see below for tcp-list_progression-tracking_connection-tracking
Type: Object
Reference Object: /axapi/v3/ddos/template/tcp/{name}/progression-tracking/connection-tracking
first-request-max-time
Description Set the maximum wait time from connection creation until the first data is transmitted over the connection (100 ms)
Type: number
Range: 1-65535
profiling-connection-life-model
Description Enable auto-config progression tracking learning for connection model
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
profiling-request-response-model
Description Enable auto-config progression tracking learning for request response model
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
profiling-time-window-model
Description Enable auto-config progression tracking learning for time window model
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
progression-tracking-action
Description ‘drop’: Drop packets for progression tracking violation exceed (Default); ‘blacklist-src’: Blacklist-src for progression tracking violation exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
Mutual Exclusion: progression-tracking-action and progression-tracking-action-list-name are mutually exclusive
progression-tracking-action-list-name
Description Configure action-list to take when progression tracking violation exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: progression-tracking-action-list-name and progression-tracking-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
progression-tracking-enabled
Description ‘enable-check’: Enable Progression Tracking Check;
Type: string
Supported Values: enable-check
request-length-max
Description Set the maximum request length
Type: number
Range: 1-65535
request-length-min
Description Set the minimum request length
Type: number
Range: 1-65535
request-response-model
Description ‘enable’: Enable Request Response Model; ‘disable’: Disable Request Response Model;
Type: string
Supported Values: enable, disable
Default: enable
request-to-response-max-time
Description Set the maximum request to response time (100 ms)
Type: number
Range: 1-65535
response-length-max
Description Set the maximum response length
Type: number
Range: 1-4294967295
response-request-max-ratio
Description Set the maximum response to request ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-4294967295
response-request-min-ratio
Description Set the minimum response to request ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
response-to-request-max-time
Description Set the maximum response to request time (100 ms)
Type: number
Range: 1-65535
time-window-tracking
Description: time-window-tracking is a JSON Block. Please see below for tcp-list_progression-tracking_time-window-tracking
Type: Object
Reference Object: /axapi/v3/ddos/template/tcp/{name}/progression-tracking/time-window-tracking
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
violation
Description Set the violation threshold
Type: number
Range: 1-255
tcp-list_progression-tracking_connection-tracking¶
Specification Value Type object conn-duration-max
Description Set the maximum duration time (in unit of 100ms, up to 24 hours)
Type: number
Range: 1-864000
conn-duration-min
Description Set the minimum duration time (in unit of 100ms, up to 24 hours)
Type: number
Range: 1-864000
conn-rcvd-max
Description Set the maximum total received byte
Type: number
Range: 1-65535
conn-rcvd-min
Description Set the minimum total received byte
Type: number
Range: 1-65535
conn-rcvd-sent-ratio-max
Description Set the maximum received to sent ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
conn-rcvd-sent-ratio-min
Description Set the minimum received to sent ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
conn-sent-max
Description Set the maximum total sent byte
Type: number
Range: 1-65535
conn-sent-min
Description Set the minimum total sent byte
Type: number
Range: 1-65535
conn-violation
Description Set the violation threshold
Type: number
Range: 1-255
progression-tracking-conn-action
Description ‘drop’: Drop packets for progression tracking violation exceed (Default); ‘blacklist-src’: Blacklist-src for progression tracking violation exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
Mutual Exclusion: progression-tracking-conn-action and progression-tracking-conn-action-list-name are mutually exclusive
progression-tracking-conn-action-list-name
Description Configure action-list to take when progression tracking violation exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: progression-tracking-conn-action-list-name and progression-tracking-conn-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
progression-tracking-conn-enabled
Description ‘enable-check’: Enable General Progression Tracking per Connection;
Type: string
Supported Values: enable-check
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
tcp-list_progression-tracking_time-window-tracking¶
Specification Value Type object progression-tracking-win-enabled
Description ‘enable-check’: Enable Progression Tracking per Time Window;
Type: string
Supported Values: enable-check
progression-tracking-windows-action
Description ‘drop’: Drop packets for progression tracking violation exceed (Default); ‘blacklist-src’: Blacklist-src for progression tracking violation exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
Mutual Exclusion: progression-tracking-windows-action and progression-tracking-windows-action-list-name are mutually exclusive
progression-tracking-windows-action-list-name
Description Configure action-list to take when progression tracking violation exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: progression-tracking-windows-action-list-name and progression-tracking-windows-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
window-rcvd-max
Description Set the maximum total received byte
Type: number
Range: 1-65535
window-rcvd-min
Description Set the minimum total received byte
Type: number
Range: 1-65535
window-rcvd-sent-ratio-max
Description Set the maximum received to sent ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
window-rcvd-sent-ratio-min
Description Set the minimum received to sent ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
window-sent-max
Description Set the maximum total sent byte
Type: number
Range: 1-65535
window-sent-min
Description Set the minimum total sent byte
Type: number
Range: 1-65535
window-violation
Description Set the violation threshold
Type: number
Range: 1-255
tcp-list_filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description Filter Expression using Berkeley Packet Filter syntax
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
tcp-filter-action
Description ‘blacklist-src’: Also blacklist the source when action is taken; ‘whitelist-src’: Whitelist the source after filter passes, packets are dropped until then; ‘count-only’: Take no action and continue processing the next filter;
Type: string
Supported Values: blacklist-src, whitelist-src, count-only
tcp-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
tcp-filter-seq
Description Sequence number
Type: number
Range: 1-5
tcp-filter-unmatched
Description action taken when it does not match
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
tcp-list_src¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for tcp-list_src_rate-limit
Type: Object
tcp-list_src_rate-limit¶
Specification Value Type object syn-rate-limit
Description: syn-rate-limit is a JSON Block. Please see below for tcp-list_src_rate-limit_syn-rate-limit
Type: Object
tcp-list_src_rate-limit_syn-rate-limit¶
Specification Value Type object src-syn-rate-action
Description ‘drop’: Drop packets for syn-rate exceed (Default); ‘blacklist-src’: Blacklist-src for syn-rate exceed; ‘ignore’: Ignore syn-rate-exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
src-syn-rate-limit
Description
Type: number
Range: 1-16000000
tcp-list_action-syn-cfg¶
Specification Value Type object action-on-syn
Description Monitor tcp syn for age-out session
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
action-on-syn-gap
Description Min gap between 2 SYNs for action-on-syn pass in 100ms interval
Type: number
Range: 1-80
action-on-syn-reset
Description Send RST to client
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
action-on-syn-rto
Description Estimate the RTO and apply the exponential back-off for authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
action-on-syn-timeout
Description SYN retry timeout in sec
Type: number
Range: 1-31
tcp-list_drop-known-resp-src-port-cfg¶
Specification Value Type object drop-known-resp-src-port
Description Drop well-known if src-port is less than 1024
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exclude-src-resp-port
Description excluding src port equal destination port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
other-list¶
Specification Value Type list Block object keys filter-list
Type: List
Reference Object: /axapi/v3/ddos/template/other/{name}/filter/{other-filter-seq}
name
Description DDOS OTHER Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
other-list_filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description Filter Expression using Berkeley Packet Filter syntax
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
other-filter-action
Description ‘blacklist-src’: Also blacklist the source when action is taken; ‘whitelist-src’: Whitelist the source after filter passes, packets are dropped until then; ‘count-only’: Take no action and continue processing the next filter;
Type: string
Supported Values: blacklist-src, whitelist-src, count-only
other-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
other-filter-seq
Description Sequence number
Type: number
Range: 1-5
other-filter-unmatched
Description action taken when it does not match
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
udp-list¶
Specification Value Type list Block object keys age
Description Configure session age(in minutes) for UDP sessions
Type: number
Range: 1-63
drop-known-resp-src-port-cfg
Description: drop-known-resp-src-port-cfg is a JSON Block. Please see below for udp-list_drop-known-resp-src-port-cfg
Type: Object
drop-ntp-monlist
Description Drop NTP monlist request/response
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
filter-list
Type: List
Reference Object: /axapi/v3/ddos/template/udp/{name}/filter/{udp-filter-seq}
max-payload-size
Description Maximum UDP payload size for each single packet
Type: number
Range: 1-1470
min-payload-size
Description Minimum UDP payload size for each single packet
Type: number
Range: 1-1470
name
Description DDOS UDP Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
per-conn-pkt-rate-limit
Description Packet rate limit per connection per rate-interval
Type: number
Range: 1-16000000
per-conn-rate-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
Default: 1sec
previous-salt-timeout
Description Token-Authentication previous salt-prefix timeout in minutes, default is 1 min
Type: number
Range: 1-10080
Default: 1
public-ipv4-addr
Description IP address
Type: string
Format: ipv4-address
public-ipv6-addr
Description IPV6 address
Type: string
Format: ipv6-address
spoof-detect-cfg
Description: spoof-detect-cfg is a JSON Block. Please see below for udp-list_spoof-detect-cfg
Type: Object
token-authentication
Description Enable Token Authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-formula
Description ‘md5_Salt-SrcIp-SrcPort-DstIp-DstPort’: md5 of Salt-SrcIp-SrcPort-DstIp-DstPort; ‘md5_Salt-DstIp-DstPort’: md5 of Salt-DstIp-DstPort; ‘md5_Salt-SrcIp-DstIp’: md5 of Salt-SrcIp-DstIp; ‘md5_Salt-SrcPort-DstPort’: md5 of Salt-SrcPort-DstPort; ‘md5_Salt-UintDstIp-DstPort’: Using the uint value of IP for md5 of Salt-DstIp-DstPort; ‘sha1_Salt-SrcIp-SrcPort-DstIp-DstPort’: sha1 of Salt-SrcIp-SrcPort-DstIp-DstPort; ‘sha1_Salt-DstIp-DstPort’: sha1 of Salt-DstIp-DstPort; ‘sha1_Salt-SrcIp-DstIp’: sha1 of Salt-SrcIp-DstIp; ‘sha1_Salt-SrcPort-DstPort’: sha1 of Salt-SrcPort-DstPort; ‘sha1_Salt-UintDstIp-DstPort’: Using the uint value of IP for sha1 of Salt-DstIp-DstPort;
Type: string
Supported Values: md5_Salt-SrcIp-SrcPort-DstIp-DstPort, md5_Salt-DstIp-DstPort, md5_Salt-SrcIp-DstIp, md5_Salt-SrcPort-DstPort, md5_Salt-UintDstIp-DstPort, sha1_Salt-SrcIp-SrcPort-DstIp-DstPort, sha1_Salt-DstIp-DstPort, sha1_Salt-SrcIp-DstIp, sha1_Salt-SrcPort-DstPort, sha1_Salt-UintDstIp-DstPort
token-authentication-hw-assist-disable
Description token-authentication disable hardware assistance
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-public-address
Description The server public IP address
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-salt-prefix
Description token-authentication salt-prefix
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-salt-prefix-curr
Description
Type: number
Range: 1-4294967295
token-authentication-salt-prefix-prev
Description
Type: number
Range: 1-4294967295
tunnel-encap
Description: tunnel-encap is a JSON Block. Please see below for udp-list_tunnel-encap
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
udp-list_tunnel-encap¶
Specification Value Type object always
Description: always is a JSON Block. Please see below for udp-list_tunnel-encap_always
Type: Object
gre-always
Description: gre-always is a JSON Block. Please see below for udp-list_tunnel-encap_gre-always
Type: Object
gre-encap
Description Enable Tunnel encapsulation using GRE
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: gre-encap and ip-encap are mutually exclusive
ip-encap
Description Enable Tunnel encapsulation using IP in IP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: ip-encap and gre-encap are mutually exclusive
udp-list_tunnel-encap_gre-always¶
Specification Value Type object gre-ipv4
Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv4-address
gre-ipv6
Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv6-address
key-ipv4
Description Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
key-ipv6
Description Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
preserve-src-ipv4-gre
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
preserve-src-ipv6-gre
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
udp-list_tunnel-encap_always¶
Specification Value Type object ipv4-addr
Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv4-address
ipv6-addr
Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv6-address
preserve-src-ipv4
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
preserve-src-ipv6
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
udp-list_spoof-detect-cfg¶
Specification Value Type object min-retry-gap
Description Optional minimum gap between 2 UDP packets for spoof-detect pass, unit is specified by min-retry-gap-interval
Type: number
Range: 1-80
min-retry-gap-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
Default: 1sec
spoof-detect
Description Force client to retry on udp
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
spoof-detect-retry-timeout
Description timeout in seconds
Type: number
Range: 1-31
Default: 5
Mutual Exclusion: spoof-detect-retry-timeout and spoof-detect-retry-timeout-val-only are mutually exclusive
spoof-detect-retry-timeout-val-only
Description timeout in seconds
Type: number
Range: 1-31
Default: 5
Mutual Exclusion: spoof-detect-retry-timeout-val-only and spoof-detect-retry-timeout are mutually exclusive
udp-list_drop-known-resp-src-port-cfg¶
Specification Value Type object drop-known-resp-src-port
Description Drop well-known if src-port is less than 1024
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exclude-src-resp-port
Description excluding src port equal destination port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
udp-list_filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description Filter Expression using Berkeley Packet Filter syntax
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
udp-filter-action
Description ‘blacklist-src’: Also blacklist the source when action is taken; ‘whitelist-src’: Whitelist the source after filter passes, packets are dropped until then; ‘count-only’: Take no action and continue processing the next filter;
Type: string
Supported Values: blacklist-src, whitelist-src, count-only
udp-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
udp-filter-seq
Description Sequence number
Type: number
Range: 1-5
udp-filter-unmatched
Description action taken when it does not match
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
http-list¶
Specification Value Type list Block object keys action
Description ‘drop’: Drop packets for the connection; ‘reset’: Send RST for the connection;
Type: string
Supported Values: drop, reset
Default: drop
agent-filter
Description: agent-filter is a JSON Block. Please see below for http-list_agent-filter
Type: Object
challenge-cookie-name
Description Set the cookie name used to send back to client. Default is sto-idd
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Default: sto-idd
challenge-interval
Description Specify the challenge interval. Default is 8 seconds
Type: number
Range: 1-31
Default: 8
challenge-keep-cookie
Description Keep the challenge cookie from client and forward to backend. Default is do not keep
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
challenge-method
Description ‘http-redirect’: http-redirect; ‘javascript’: javascript;
Type: string
Supported Values: http-redirect, javascript
challenge-redirect-code
Description ‘302’: 302 Found; ‘307’: 307 Temporary Redirect;
Type: string
Supported Values: 302, 307
Default: 302
challenge-uri-encode
Description Encode the challenge phrase in uri instead of in http cookie. Default encoded in http cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable
Description Disable this template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disallow-connect-method
Description Do not allow HTTP Connect method (asymmetric mode only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
filter-header-list
Type: List
Reference Object: /axapi/v3/ddos/template/http/{http-tmpl-name}/filter-header/{http-filter-header-seq}
http-tmpl-name
Description DDOS HTTP Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
idle-timeout
Description Set the the idle timeout value in seconds for HTTP connections
Type: number
Range: 1-63
ignore-zero-payload
Description Don’t reset idle timer on packets with zero payload length from clients
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-http
Description: malformed-http is a JSON Block. Please see below for http-list_malformed-http
Type: Object
mss-cfg
Description: mss-cfg is a JSON Block. Please see below for http-list_mss-cfg
Type: Object
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for http-list_multi-pu-threshold-distribution
Type: Object
non-http-bypass
Description Bypass non-http traffic instead of dropping
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
out-of-order-queue-size
Description Set the number of packets for the out-of-order HTTP queue (asym mode only)
Type: number
Range: 0-15
Default: 3
out-of-order-queue-timeout
Description Set the timeout value in seconds for out-of-order queue in HTTP (asym mode only)
Type: number
Range: 0-15
Default: 3
post-rate-limit
Description Configure rate limiting for HTTP POST request
Type: number
Range: 1-16000000
referer-filter
Description: referer-filter is a JSON Block. Please see below for http-list_referer-filter
Type: Object
request-header
Description: request-header is a JSON Block. Please see below for http-list_request-header
Type: Object
request-rate-limit
Description: request-rate-limit is a JSON Block. Please see below for http-list_request-rate-limit
Type: Object
response-rate-limit
Description: response-rate-limit is a JSON Block. Please see below for http-list_response-rate-limit
Type: Object
slow-read-drop
Description: slow-read-drop is a JSON Block. Please see below for http-list_slow-read-drop
Type: Object
use-hdr-ip-cfg
Description: use-hdr-ip-cfg is a JSON Block. Please see below for http-list_use-hdr-ip-cfg
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
http-list_request-rate-limit¶
Specification Value Type object request-rate
Description HTTP request rate limit
Type: number
Range: 1-16000000
uri
Type: List
http-list_request-rate-limit_uri¶
Specification Value Type list Block object keys contains-cfg
Description: contains-cfg is a JSON Block. Please see below for http-list_request-rate-limit_uri_contains-cfg
Type: Object
ends-cfg
Description: ends-cfg is a JSON Block. Please see below for http-list_request-rate-limit_uri_ends-cfg
Type: Object
equal-cfg
Description: equal-cfg is a JSON Block. Please see below for http-list_request-rate-limit_uri_equal-cfg
Type: Object
starts-cfg
Description: starts-cfg is a JSON Block. Please see below for http-list_request-rate-limit_uri_starts-cfg
Type: Object
http-list_request-rate-limit_uri_equal-cfg¶
Specification Value Type object url-equals
Description Request rate-limit HTTP URI matching a specified pattern
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
url-equals-rate
Description Request rate limit
Type: number
Range: 1-16000000
http-list_request-rate-limit_uri_starts-cfg¶
Specification Value Type object url-starts-with
Description Request rate-limit HTTP URI strting with a specified pattern
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
url-starts-with-rate
Description Request rate limit
Type: number
Range: 1-16000000
http-list_request-rate-limit_uri_contains-cfg¶
Specification Value Type object url-contains
Description Request rate-limit HTTP URI containing a specified pattern
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
url-contains-rate
Description Request rate limit
Type: number
Range: 1-16000000
http-list_request-rate-limit_uri_ends-cfg¶
Specification Value Type object url-ends-with
Description Request rate-limit HTTP URI ending with a specified pattern
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
url-ends-with-rate
Description Request rate limit
Type: number
Range: 1-16000000
http-list_multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
http-list_malformed-http¶
Specification Value Type object malformed-http-bad-chunk-mon-enabled
Description Enabling bad chunk monitoring. Default is disabled
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-http-enabled
Description Enabling ddos malformed http protection. Default value is disabled.
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-http-max-content-length
Description Set the maximum content-length header. Default value is 4294967295 bytes
Type: number
Range: 1-4294967295
Default: 4294967295
malformed-http-max-header-name-size
Description Set the maxinum header name length. Default value is 64.
Type: number
Range: 1-64
Default: 64
malformed-http-max-line-size
Description Set the maximum line size. Default value is 32512
Type: number
Range: 1-65280
Default: 32512
malformed-http-max-num-headers
Description Set the maximum number of headers. Default value is 90
Type: number
Range: 1-90
Default: 90
malformed-http-max-req-line-size
Description Set the maximum request line size. Default value is 32512
Type: number
Range: 1-65280
Default: 32512
http-list_request-header¶
Specification Value Type object timeout
Description
Type: number
Range: 1-63
http-list_agent-filter¶
Specification Value Type object agent-contains-cfg
Type: Listagent-ends-cfg
Type: Listagent-equals-cfg
Type: Listagent-filter-blacklist
Description Blacklist the source if the user-agent matches
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
agent-starts-cfg
Type: List
http-list_agent-filter_agent-contains-cfg¶
Specification Value Type list Block object keys agent-contains
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-list_agent-filter_agent-ends-cfg¶
Specification Value Type list Block object keys agent-ends-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-list_agent-filter_agent-equals-cfg¶
Specification Value Type list Block object keys agent-equals
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-list_agent-filter_agent-starts-cfg¶
Specification Value Type list Block object keys agent-starts-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-list_filter-header-list¶
Specification Value Type list Block object keys http-filter-header-blacklist
Description Also blacklist the source when action is taken
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-filter-header-count-only
Description Take no action and continue processing the next filter
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-filter-header-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
http-filter-header-seq
Description Sequence number
Type: number
Range: 1-5
http-filter-header-unmatched
Description action taken when it does not match
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-filter-header-whitelist
Description Whitelist the source after filter passes, packets are dropped until then
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
http-list_response-rate-limit¶
Specification Value Type object obj-size
Description: obj-size is a JSON Block. Please see below for http-list_response-rate-limit_obj-size
Type: Object
http-list_response-rate-limit_obj-size¶
Specification Value Type object between-cfg
Type: Listgreater-cfg
Type: Listless-cfg
Type: List
http-list_response-rate-limit_obj-size_between-cfg¶
Specification Value Type list Block object keys obj-between-rate
Description Response rate limit
Type: number
Range: 1-16000000
obj-between1
Description Response size configuration
Type: number
Range: 1-16000000
obj-between2
Description Response size configuration
Type: number
Range: 1-16000000
http-list_response-rate-limit_obj-size_greater-cfg¶
Specification Value Type list Block object keys obj-greater
Description Response size configuration
Type: number
Range: 1-16000000
obj-greater-rate
Description Response rate limit
Type: number
Range: 1-16000000
http-list_response-rate-limit_obj-size_less-cfg¶
Specification Value Type list Block object keys obj-less
Description Response size configuration
Type: number
Range: 1-16000000
obj-less-rate
Description Response rate limit
Type: number
Range: 1-16000000
http-list_mss-cfg¶
Specification Value Type object mss-percent
Description Configure percentage of mss such that if a packet size is below the mss times mss-percent, packet is considered bad.
Type: number
Range: 1-100
mss-timeout
Description Configure DDOS detection based on mss and packet size
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
number-packets
Description Specify percentage of mss. Default is 0, mss-timeout is not enabled.
Type: number
Range: 1-31
http-list_referer-filter¶
Specification Value Type object ref-filter-blacklist
Description Blacklist the source if the referer matches
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
referer-contains-cfg
Type: Listreferer-ends-cfg
Type: Listreferer-equals-cfg
Type: Listreferer-starts-cfg
Type: List
http-list_referer-filter_referer-equals-cfg¶
Specification Value Type list Block object keys referer-equals
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-list_referer-filter_referer-starts-cfg¶
Specification Value Type list Block object keys referer-starts-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-list_referer-filter_referer-contains-cfg¶
Specification Value Type list Block object keys referer-contains
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-list_referer-filter_referer-ends-cfg¶
Specification Value Type list Block object keys referer-ends-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-list_slow-read-drop¶
Specification Value Type object min-window-count
Description Number of packets
Type: number
Range: 1-31
min-window-size
Description minimum window size
Type: number
Range: 1-65535
http-list_use-hdr-ip-cfg¶
Specification Value Type object l7-hdr-name
Description Set the http header name to parse for client ip. Default is X-Forwarded-For
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Default: X-Forwarded-For
use-hdr-ip-as-source
Description Mitigate on src ip specified by http header for example X-Forwarded-For header. Default is disabled
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sip-list¶
Specification Value Type list Block object keys action
Description ‘drop’: Drop packets for sip connection; ‘reset’: Send RST for sip-tcp connection;
Type: string
Supported Values: drop, reset
Default: drop
dst
Description: dst is a JSON Block. Please see below for sip-list_dst
Type: Object
filter-header-list
Type: List
Reference Object: /axapi/v3/ddos/template/sip/{sip-tmpl-name}/filter-header/{sip-filter-header-seq}
idle-timeout
Description Set the the idle timeout value for sip-tcp connections
Type: number
Range: 1-63
ignore-zero-payload
Description Don’t reset idle timer on packets with zero payload length from clients
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-sip
Description: malformed-sip is a JSON Block. Please see below for sip-list_malformed-sip
Type: Object
Reference Object: /axapi/v3/ddos/template/sip/{sip-tmpl-name}/malformed-sip
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for sip-list_multi-pu-threshold-distribution
Type: Object
sip-tmpl-name
Description DDOS SIP Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
src
Description: src is a JSON Block. Please see below for sip-list_src
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
sip-list_src¶
Specification Value Type object sip-request-rate-limit
Description: sip-request-rate-limit is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit
Type: Object
sip-list_src_sip-request-rate-limit¶
Specification Value Type object method
Description: method is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit_method
Type: Object
sip-list_src_sip-request-rate-limit_method¶
Specification Value Type object bye-cfg
Description: bye-cfg is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit_method_bye-cfg
Type: Object
invite-cfg
Description: invite-cfg is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit_method_invite-cfg
Type: Object
message-cfg
Description: message-cfg is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit_method_message-cfg
Type: Object
notify-cfg
Description: notify-cfg is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit_method_notify-cfg
Type: Object
options-cfg
Description: options-cfg is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit_method_options-cfg
Type: Object
refer-cfg
Description: refer-cfg is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit_method_refer-cfg
Type: Object
register-cfg
Description: register-cfg is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit_method_register-cfg
Type: Object
subscribe-cfg
Description: subscribe-cfg is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit_method_subscribe-cfg
Type: Object
update-cfg
Description: update-cfg is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit_method_update-cfg
Type: Object
sip-list_src_sip-request-rate-limit_method_options-cfg¶
Specification Value Type object src-sip-options-cfg-flag
Description OPTIONS method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-options-rate
Description
Type: number
Range: 1-16000000
sip-list_src_sip-request-rate-limit_method_refer-cfg¶
Specification Value Type object src-sip-refer-cfg-flag
Description REFER method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-refer-rate
Description
Type: number
Range: 1-16000000
sip-list_src_sip-request-rate-limit_method_bye-cfg¶
Specification Value Type object src-sip-bye-cfg-flag
Description BYE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-bye-rate
Description
Type: number
Range: 1-16000000
sip-list_src_sip-request-rate-limit_method_subscribe-cfg¶
Specification Value Type object src-sip-subscribe-cfg-flag
Description SUBSCRIBE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-subscribe-rate
Description
Type: number
Range: 1-16000000
sip-list_src_sip-request-rate-limit_method_register-cfg¶
Specification Value Type object src-sip-register-cfg-flag
Description REGISTER method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-register-rate
Description
Type: number
Range: 1-16000000
sip-list_src_sip-request-rate-limit_method_invite-cfg¶
Specification Value Type object src-sip-invite-cfg-flag
Description INVITE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-invite-rate
Description
Type: number
Range: 1-16000000
sip-list_src_sip-request-rate-limit_method_message-cfg¶
Specification Value Type object src-sip-message-cfg-flag
Description MESSAGE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-message-rate
Description
Type: number
Range: 1-16000000
sip-list_src_sip-request-rate-limit_method_update-cfg¶
Specification Value Type object src-sip-update-cfg-flag
Description UPDATE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-update-rate
Description
Type: number
Range: 1-16000000
sip-list_src_sip-request-rate-limit_method_notify-cfg¶
Specification Value Type object src-sip-notify-cfg-flag
Description NOTIFY method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-notify-rate
Description
Type: number
Range: 1-16000000
sip-list_dst¶
Specification Value Type object sip-request-rate-limit
Description: sip-request-rate-limit is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit
Type: Object
sip-list_dst_sip-request-rate-limit¶
Specification Value Type object method
Description: method is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit_method
Type: Object
sip-list_dst_sip-request-rate-limit_method¶
Specification Value Type object bye-cfg
Description: bye-cfg is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit_method_bye-cfg
Type: Object
invite-cfg
Description: invite-cfg is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit_method_invite-cfg
Type: Object
message-cfg
Description: message-cfg is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit_method_message-cfg
Type: Object
notify-cfg
Description: notify-cfg is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit_method_notify-cfg
Type: Object
options-cfg
Description: options-cfg is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit_method_options-cfg
Type: Object
refer-cfg
Description: refer-cfg is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit_method_refer-cfg
Type: Object
register-cfg
Description: register-cfg is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit_method_register-cfg
Type: Object
subscribe-cfg
Description: subscribe-cfg is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit_method_subscribe-cfg
Type: Object
update-cfg
Description: update-cfg is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit_method_update-cfg
Type: Object
sip-list_dst_sip-request-rate-limit_method_options-cfg¶
Specification Value Type object dst-sip-options-cfg-flag
Description OPTIONS method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-options-rate
Description
Type: number
Range: 1-16000000
sip-list_dst_sip-request-rate-limit_method_refer-cfg¶
Specification Value Type object dst-sip-refer-cfg-flag
Description REFER method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-refer-rate
Description
Type: number
Range: 1-16000000
sip-list_dst_sip-request-rate-limit_method_bye-cfg¶
Specification Value Type object dst-sip-bye-cfg-flag
Description BYE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-bye-rate
Description
Type: number
Range: 1-16000000
sip-list_dst_sip-request-rate-limit_method_subscribe-cfg¶
Specification Value Type object dst-sip-subscribe-cfg-flag
Description SUBSCRIBE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-subscribe-rate
Description
Type: number
Range: 1-16000000
sip-list_dst_sip-request-rate-limit_method_register-cfg¶
Specification Value Type object dst-sip-register-cfg-flag
Description REGISTER method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-register-rate
Description
Type: number
Range: 1-16000000
sip-list_dst_sip-request-rate-limit_method_invite-cfg¶
Specification Value Type object dst-sip-invite-cfg-flag
Description INVITE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-invite-rate
Description
Type: number
Range: 1-16000000
sip-list_dst_sip-request-rate-limit_method_message-cfg¶
Specification Value Type object dst-sip-message-cfg-flag
Description MESSAGE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-message-rate
Description
Type: number
Range: 1-16000000
sip-list_dst_sip-request-rate-limit_method_update-cfg¶
Specification Value Type object dst-sip-update-cfg-flag
Description UPDATE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-update-rate
Description
Type: number
Range: 1-16000000
sip-list_dst_sip-request-rate-limit_method_notify-cfg¶
Specification Value Type object dst-sip-notify-cfg-flag
Description NOTIFY method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-notify-rate
Description
Type: number
Range: 1-16000000
sip-list_multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
sip-list_malformed-sip¶
Specification Value Type object malformed-sip-call-id-max-length
Description Set the maximum call-id length. Default value is 32511
Type: number
Range: 1-32511
Default: 32511
malformed-sip-check
Description ‘enable-check’: Enable malformed SIP parameters;
Type: string
Supported Values: enable-check
malformed-sip-max-header-name-length
Description Set the maximum header name length. Default value is 63
Type: number
Range: 1-63
Default: 63
malformed-sip-max-header-value-length
Description Set the maximum header value length. Default value is 32511
Type: number
Range: 1-32511
Default: 32511
malformed-sip-max-line-size
Description Set the maximum line size. Default value is 32511
Type: number
Range: 1-32511
Default: 32511
malformed-sip-max-uri-length
Description Set the maximum uri size. Default value is 32511
Type: number
Range: 1-32511
Default: 32511
malformed-sip-sdp-max-length
Description Set the maxinum SDP content length. Default value is 32511
Type: number
Range: 1-32511
Default: 32511
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
sip-list_filter-header-list¶
Specification Value Type list Block object keys sip-filter-header-blacklist
Description Also blacklist the source when action is taken
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sip-filter-header-count-only
Description Take no action and continue processing the next filter
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sip-filter-header-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
sip-filter-header-seq
Description Sequence number
Type: number
Range: 1-5
sip-filter-header-unmatched
Description action taken when it does not match
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sip-filter-header-whitelist
Description Whitelist the source after filter passes, packets are dropped until then
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
icmp-v6-list¶
Specification Value Type list Block object keys icmp-tmpl-name
Description DDOS ICMPv6 Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
type-list
Type: List
Reference Object: /axapi/v3/ddos/template/icmp-v6/{icmp-tmpl-name}/type/{type-number}
type-other
Description: type-other is a JSON Block. Please see below for icmp-v6-list_type-other
Type: Object
Reference Object: /axapi/v3/ddos/template/icmp-v6/{icmp-tmpl-name}/type-other
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
icmp-v6-list_type-other¶
Specification Value Type object type-other-deny
Description Deny all other type
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: type-other-deny and type-other-rate are mutually exclusive
type-other-rate
Description Specify rate with other type
Type: number
Range: 1-16000000
Mutual Exclusion: type-other-rate and type-other-deny are mutually exclusive
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
icmp-v6-list_type-list¶
Specification Value Type list Block object keys code
Type: Listcode-other
Description: code-other is a JSON Block. Please see below for icmp-v6-list_type-list_code-other
Type: Object
type-deny
Description Reject this ICMP type
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: type-deny, type-rate, and code-other-rate are mutually exclusive
type-number
Description Specify ICMP type number
Type: number
Range: 0-255
type-rate
Description Specify the whole rate with this type
Type: number
Range: 1-16000000
Mutual Exclusion: type-rate and type-deny are mutually exclusive
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
icmp-v6-list_type-list_code¶
Specification Value Type list Block object keys code-number
Description Specify the ICMP code
Type: number
Range: 0-255
code-rate
Description Specify the rate with the code
Type: number
Range: 1-16000000
icmp-v6-list_type-list_code-other¶
Specification Value Type object code-other-rate
Description Specify rate with other code
Type: number
Range: 1-16000000
Mutual Exclusion: code-other-rate and type-deny are mutually exclusive