{ "id":"/axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name}", "type":"object", "node-type":"list", "title":"ssl-l4", "partition-visibility":"shared", "description":"SSL-L4 template Configuration", "properties":{ "ssl-l4-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': drop; 'reset': reset; ", "enum":[ "drop", "reset" ], "optional":true }, "disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable this template", "optional":true }, "renegotiation":{ "type":"number", "format":"number", "minimum":0, "maximum":7, "partition-visibility":"shared", "description":"Configure renegotiation limiting for SSL (Number of renegotiation allowed)", "optional":true }, "request-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Configure rate limiting for SSL", "optional":true }, "allow-non-tls":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow Non-TLS (SSLv3 and lower) traffic (Warning: security may be compromised)", "optional":true }, "multi-pu-threshold-distribution":{ "type":"object", "properties":{ "multi-pu-threshold-distribution-value":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-disable", "description":"Destination side rate limit only. Default: 0" }, "multi-pu-threshold-distribution-disable":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-value", "description":"'disable': Destination side rate limit only. Default: Enable; ", "enum":[ "disable" ] } } }, "auth-config-cfg":{ "type":"object", "properties":{ "timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "default":5, "partition-visibility":"shared", "description":"Connection timeout" }, "trials":{ "type":"number", "format":"number", "minimum":0, "maximum":15, "default":5, "partition-visibility":"shared", "description":"Number of failed handshakes" }, "auth-handshake-fail-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'blacklist-src': Blacklist-src when auth handshake fails; ", "enum":[ "blacklist-src" ] } } }, "cert-cfg":{ "type":"object", "properties":{ "cert":{ "type":"string", "format":"string", "plat-neg-list":["fips"], "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"SSL certificate" }, "key":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"SSL key" }, "key-passphrase":{ "type":"string", "format":"password", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Password Phrase" }, "key-encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)" } } }, "server-name-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "server-name":{ "type":"string", "format":"string", "plat-neg-list":["fips"], "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Server name indication in Client hello extension (Server name String)" }, "server-cert":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Server Certificate associated to SNI (Server Certificate Name)" }, "server-key":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Server Private Key associated to SNI (Server Private Key Name)" }, "server-passphrase":{ "type":"string", "format":"password", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Password Phrase" }, "server-encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)" } } } ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "ssl-traffic-check":{ "type":"object", "$ref":"/axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name}/ssl-traffic-check", "properties":{ "header-inspection":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Inspect ssl header" }, "header-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets with bad ssl header; 'ignore': Forward packets with bad ssl header; ", "enum":[ "drop", "ignore" ] }, "check-resumed-connection":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Apply checks to SSL connections initialized by ACK packets" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "object-keys":[ "ssl-l4-tmpl-name" ], "required":[ "ssl-l4-tmpl-name" ] }