{ "id":"/axapi/v3/ddos/zone-template/ssl-l4/{ssl-l4-tmpl-name}", "type":"object", "node-type":"list", "title":"ssl-l4", "partition-visibility":"shared", "description":"SSL-L4 template Configuration", "properties":{ "ssl-l4-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable this template", "optional":true }, "multi-pu-threshold-distribution":{ "type":"object", "properties":{ "multi-pu-threshold-distribution-value":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-disable", "description":"Destination side rate limit only. Default: 0" }, "multi-pu-threshold-distribution-disable":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-value", "description":"'disable': Destination side rate limit only. Default: Enable; ", "enum":[ "disable" ] } } }, "renegotiation":{ "type":"object", "properties":{ "num-renegotiation":{ "type":"number", "format":"number", "minimum":0, "maximum":7, "partition-visibility":"shared", "description":"Number of renegotiation allowed" }, "ssl-l4-reneg-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"ssl-l4-reneg-action", "description":"Configure action-list to take" }, "ssl-l4-reneg-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"ssl-l4-reneg-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] } } }, "allow-non-tls":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow Non-TLS (SSLv3 and lower) traffic (Warning: security may be compromised)", "optional":true }, "auth-handshake":{ "type":"object", "properties":{ "auth-handshake-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "default":5, "partition-visibility":"shared", "description":"Connection timeout (default 5 seconds) and trials (default 5 times) (DST support only)" }, "auth-handshake-trials":{ "type":"number", "format":"number", "minimum":0, "maximum":15, "default":5, "partition-visibility":"shared", "description":"Number of failed handshakes before entry marked black" }, "cert-cfg":{ "type":"object", "properties":{ "cert":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"SSL certificate" }, "key":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"SSL key" }, "key-passphrase":{ "type":"string", "format":"password", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Password Phrase" }, "key-encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)" } } }, "server-name-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "server-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Server name indication in Client hello extension (Server name String)" }, "server-cert":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Server Certificate associated to SNI (Server Certificate Name)" }, "server-key":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Server Private Key associated to SNI (Server Private Key Name)" }, "server-passphrase":{ "type":"string", "format":"password", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Password Phrase" }, "server-encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)" } } } ] }, "auth-handshake-pass-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"auth-handshake-pass-action", "description":"Configure action-list to take for passing the authentication" }, "auth-handshake-pass-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"auth-handshake-pass-action-list-name", "description":"'authenticate-src': authenticate-src (Default); ", "enum":[ "authenticate-src" ] }, "auth-handshake-fail-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"auth-handshake-fail-action", "description":"Configure action-list to take for failing the authentication" }, "auth-handshake-fail-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"auth-handshake-fail-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "blacklist-src", "reset" ] } } }, "src":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "request":{ "type":"object", "properties":{ "src-request-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "src-request-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-request-rate-limit-action", "description":"Configure action-list to take" }, "src-request-rate-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-request-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "reset" ] } } } } } } }, "dst":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "request":{ "type":"object", "properties":{ "dst-request-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "dst-request-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-request-rate-limit-action", "description":"Configure action-list to take" }, "dst-request-rate-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-request-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "reset" ] } } } } } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "ssl-traffic-check":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/ssl-l4/{ssl-l4-tmpl-name}/ssl-traffic-check", "properties":{ "header-inspection":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Inspect ssl header" }, "header-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets with bad ssl header; 'ignore': Forward packets with bad ssl header; ", "enum":[ "drop", "ignore" ] }, "check-resumed-connection":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Apply checks to SSL connections initialized by ACK packets" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "object-keys":[ "ssl-l4-tmpl-name" ], "required":[ "ssl-l4-tmpl-name" ] }