{ "id":"/axapi/v3/ddos/zone-template", "type":"object", "node-type":"intermediate", "title":"zone-template", "operation-not-allowed": ["PUT", "POST", "DELETE"], "partition-visibility":"shared", "description":"Define a DDOS zone-template", "properties":{ "encap-list":{ "type":"array", "minItems":1, "items":{ "type":"encap" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/encap/{encap-tmpl-name}", "array":[ { "properties":{ "encap-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS Tunnel Template Name", "optional":false }, "tunnel-encap":{ "type":"object", "properties":{ "ip-cfg":{ "type":"object", "properties":{ "ip-encap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable Tunnel encapsulation using IP in IP" }, "always":{ "type":"object", "properties":{ "ipv4-addr":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "ipv6-addr":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } } } }, "gre-cfg":{ "type":"object", "properties":{ "gre-encap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable Tunnel encapsulation using GRE" }, "gre-always":{ "type":"object", "properties":{ "gre-ipv4":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "key-ipv4":{ "type":"string", "format":"string", "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" }, "gre-ipv6":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "key-ipv6":{ "type":"string", "format":"string", "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" } } } } } } }, "preserve-source-ip":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use original source ip for encapsulation", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "encap-tmpl-name" ] } ] }, "logging-list":{ "type":"array", "minItems":1, "items":{ "type":"logging" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/logging/{logging-tmpl-name}", "array":[ { "properties":{ "logging-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "default":"default", "partition-visibility":"shared", "description":"DDOS Logging Template Name", "optional":false }, "log-format-cef":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Log in CEF format", "optional":true }, "use-obj-name":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Show obj name instead of ip in the log", "optional":true }, "log-format-custom":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":512, "partition-visibility":"shared", "description":"Customize log format", "optional":true }, "enable-action-logging":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Log action taken", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "logging-tmpl-name" ] } ] }, "ssl-l4-list":{ "type":"array", "minItems":1, "items":{ "type":"ssl-l4" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/ssl-l4/{ssl-l4-tmpl-name}", "array":[ { "properties":{ "ssl-l4-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable this template", "optional":true }, "multi-pu-threshold-distribution":{ "type":"object", "properties":{ "multi-pu-threshold-distribution-value":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-disable", "description":"Destination side rate limit only. Default: 0" }, "multi-pu-threshold-distribution-disable":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-value", "description":"'disable': Destination side rate limit only. Default: Enable; ", "enum":[ "disable" ] } } }, "renegotiation":{ "type":"object", "properties":{ "num-renegotiation":{ "type":"number", "format":"number", "minimum":0, "maximum":7, "partition-visibility":"shared", "description":"Number of renegotiation allowed" }, "ssl-l4-reneg-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"ssl-l4-reneg-action", "description":"Configure action-list to take" }, "ssl-l4-reneg-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"ssl-l4-reneg-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] } } }, "allow-non-tls":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow Non-TLS (SSLv3 and lower) traffic (Warning: security may be compromised)", "optional":true }, "auth-handshake":{ "type":"object", "properties":{ "auth-handshake-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "default":5, "partition-visibility":"shared", "description":"Connection timeout (default 5 seconds) and trials (default 5 times) (DST support only)" }, "auth-handshake-trials":{ "type":"number", "format":"number", "minimum":0, "maximum":15, "default":5, "partition-visibility":"shared", "description":"Number of failed handshakes before entry marked black" }, "cert-cfg":{ "type":"object", "properties":{ "cert":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"SSL certificate" }, "key":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"SSL key" }, "key-passphrase":{ "type":"string", "format":"password", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Password Phrase" }, "key-encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)" } } }, "server-name-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "server-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Server name indication in Client hello extension (Server name String)" }, "server-cert":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Server Certificate associated to SNI (Server Certificate Name)" }, "server-key":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Server Private Key associated to SNI (Server Private Key Name)" }, "server-passphrase":{ "type":"string", "format":"password", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Password Phrase" }, "server-encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)" } } } ] }, "auth-handshake-pass-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"auth-handshake-pass-action", "description":"Configure action-list to take for passing the authentication" }, "auth-handshake-pass-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"auth-handshake-pass-action-list-name", "description":"'authenticate-src': authenticate-src (Default); ", "enum":[ "authenticate-src" ] }, "auth-handshake-fail-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"auth-handshake-fail-action", "description":"Configure action-list to take for failing the authentication" }, "auth-handshake-fail-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"auth-handshake-fail-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "blacklist-src", "reset" ] } } }, "src":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "request":{ "type":"object", "properties":{ "src-request-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "src-request-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-request-rate-limit-action", "description":"Configure action-list to take" }, "src-request-rate-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-request-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "reset" ] } } } } } } }, "dst":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "request":{ "type":"object", "properties":{ "dst-request-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "dst-request-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-request-rate-limit-action", "description":"Configure action-list to take" }, "dst-request-rate-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-request-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "reset" ] } } } } } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "ssl-traffic-check":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/ssl-l4/{ssl-l4-tmpl-name}/ssl-traffic-check", "properties":{ "header-inspection":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Inspect ssl header" }, "header-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets with bad ssl header; 'ignore': Forward packets with bad ssl header; ", "enum":[ "drop", "ignore" ] }, "check-resumed-connection":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Apply checks to SSL connections initialized by ACK packets" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "ssl-l4-tmpl-name" ] } ] }, "http-list":{ "type":"array", "minItems":1, "items":{ "type":"http" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/http/{http-tmpl-name}", "array":[ { "properties":{ "http-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS HTTP Template Name", "optional":false }, "disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable this template", "optional":true }, "multi-pu-threshold-distribution":{ "type":"object", "properties":{ "multi-pu-threshold-distribution-value":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-disable", "description":"Destination side rate limit only. Default: 0" }, "multi-pu-threshold-distribution-disable":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-value", "description":"'disable': Destination side rate limit only. Default: Enable; ", "enum":[ "disable" ] } } }, "mss-timeout":{ "type":"object", "properties":{ "mss-percent":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"Configure percentage of mss such that if a packet size is below the mss times mss-percent, packet is considered bad." }, "number-packets":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "description":"Specify percentage of mss. Default is 0, mss-timeout is not enabled." }, "mss-timeout-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"mss-timeout-action", "description":"Configure action-list to take" }, "mss-timeout-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"mss-timeout-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] } } }, "disallow-connect-method":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Do not allow HTTP Connect method (asymmetric mode only)", "optional":true }, "challenge":{ "type":"object", "properties":{ "challenge-method":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'http-redirect': http-redirect; 'javascript': javascript; ", "enum":[ "http-redirect", "javascript" ] }, "challenge-redirect-code":{ "type":"string", "format":"enum", "default":"302", "partition-visibility":"shared", "description":"'302': 302 Found; '307': 307 Temporary Redirect; ", "enum":[ "302", "307" ] }, "challenge-uri-encode":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Encode the challenge phrase in uri instead of in http cookie. Default encoded in http cookie" }, "challenge-cookie-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "default":"sto-idd", "partition-visibility":"shared", "description":"Set the cookie name used to send back to client. Default is sto-idd" }, "challenge-keep-cookie":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Keep the challenge cookie from client and forward to backend. Default is do not keep" }, "challenge-interval":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "default":8, "partition-visibility":"shared", "description":"Specify the challenge interval. Default is 8 seconds" }, "challenge-pass-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"challenge-pass-action", "description":"Configure action-list to take for passing the authentication" }, "challenge-pass-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"challenge-pass-action-list-name", "description":"'authenticate-src': Authenticate-src (Default); ", "enum":[ "authenticate-src" ] }, "challenge-fail-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"challenge-fail-action", "description":"Configure action-list to take for failing the authentication" }, "challenge-fail-action":{ "type":"string", "format":"enum", "default":"reset", "partition-visibility":"shared", "not":"challenge-fail-action-list-name", "description":"'blacklist-src': Blacklist-src; 'reset': Reset client connection(Default); ", "enum":[ "blacklist-src", "reset" ] } } }, "non-http-bypass":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Bypass non-http traffic instead of dropping", "optional":true }, "client-source-ip":{ "type":"object", "properties":{ "client-source-ip":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Mitigate on src ip specified by http header for example X-Forwarded-For header. Default is disabled" }, "http-header-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "default":"X-Forwarded-For", "partition-visibility":"shared", "description":"Set the http header name to parse for client ip. Default is X-Forwarded-For" } } }, "request-header":{ "type":"object", "properties":{ "timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared" }, "header-timeout-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"header-timeout-action", "description":"Configure action-list to take" }, "header-timeout-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"header-timeout-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "blacklist-src", "reset" ] } } }, "src":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "http-post":{ "type":"object", "properties":{ "src-post-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "src-post-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-post-rate-limit-action", "description":"Configure action-list to take" }, "src-post-rate-limit-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"src-post-rate-limit-action-list-name", "description":"'drop': Drop packets(Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "reset", "blacklist-src" ] } } }, "http-request":{ "type":"object", "properties":{ "src-request-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "src-request-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-request-rate-limit-action", "description":"Configure action-list to take" }, "src-request-rate-limit-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"src-request-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "reset", "blacklist-src" ] } } } } } } }, "dst":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "http-post":{ "type":"object", "properties":{ "dst-post-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "dst-post-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-post-rate-limit-action", "description":"Configure action-list to take" }, "dst-post-rate-limit-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"dst-post-rate-limit-action-list-name", "description":"'drop': Drop packets(Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "reset", "blacklist-src" ] } } }, "http-request":{ "type":"object", "properties":{ "dst-request-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "dst-request-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-request-rate-limit-action", "description":"Configure action-list to take" }, "dst-request-rate-limit-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"dst-request-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "reset", "blacklist-src" ] } } }, "response-size":{ "type":"object", "properties":{ "less-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "obj-less":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response size configuration" }, "obj-less-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response rate limit" } } } ] }, "greater-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "obj-greater":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response size configuration" }, "obj-greater-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response rate limit" } } } ] }, "between-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "obj-between1":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response size configuration" }, "obj-between2":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response size configuration" }, "obj-between-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response rate limit" } } } ] }, "response-size-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"response-size-action", "description":"Configure action-list to take" }, "response-size-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"response-size-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] } } } } } } }, "slow-read":{ "type":"object", "properties":{ "min-window-size":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"minimum window size" }, "min-window-count":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "description":"Number of packets" }, "slow-read-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"slow-read-action", "description":"Configure action-list to take" }, "slow-read-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"slow-read-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'ignore': Take no action; 'reset': Reset client connection; ", "enum":[ "drop", "blacklist-src", "ignore", "reset" ] } } }, "out-of-order-queue-size":{ "type":"number", "format":"number", "minimum":0, "maximum":15, "default":3, "partition-visibility":"shared", "description":"Set the number of packets for the out-of-order HTTP queue (asym mode only)", "optional":true }, "out-of-order-queue-timeout":{ "type":"number", "format":"number", "minimum":0, "maximum":15, "default":3, "partition-visibility":"shared", "description":"Set the timeout value in seconds for out-of-order queue in HTTP (asym mode only)", "optional":true }, "idle-timeout":{ "type":"object", "properties":{ "idle-timeout-value":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"Set the the idle timeout value in seconds for HTTP connections" }, "ignore-zero-payload":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Don't reset idle timer on packets with zero payload length from clients" }, "idle-timeout-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"idle-timeout-action", "description":"Configure action-list to take" }, "idle-timeout-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"idle-timeout-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "blacklist-src", "reset" ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/http/{http-tmpl-name}/filter/{http-filter-name}", "array":[ { "properties":{ "http-filter-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "http-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":200, "partition-visibility":"shared", "description":"Sequence number", "optional":true }, "http-header-cfg":{ "type":"object", "properties":{ "http-filter-header-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression" }, "http-filter-header-inverse-match":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared" } } }, "http-referer-cfg":{ "type":"object", "properties":{ "referer-equals-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-referer-equals":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] }, "referer-contains-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-referer-contains":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] }, "referer-starts-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-referer-starts-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] }, "referer-ends-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-referer-ends-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] } } }, "http-agent-cfg":{ "type":"object", "properties":{ "agent-equals-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-agent-equals":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] }, "agent-contains-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-agent-contains":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] }, "agent-starts-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-agent-starts-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] }, "agent-ends-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-agent-ends-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] } } }, "http-uri-cfg":{ "type":"object", "properties":{ "uri-equal-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-uri-equals":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared" } } } ] }, "uri-contains-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-uri-contains":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared" } } } ] }, "uri-starts-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-uri-starts-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared" } } } ] }, "uri-ends-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-uri-ends-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared" } } } ] } } }, "dst":{ "type":"object", "properties":{ "http-filter-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Set rate limit" } } }, "http-filter-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"http-filter-action", "description":"Configure action-list to take", "optional":true }, "http-filter-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"http-filter-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "authenticate-src", "reset" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "http-filter-name" ] } ] }, "malformed-http":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/http/{http-tmpl-name}/malformed-http", "properties":{ "malformed-http":{ "type":"string", "format":"enum", "default":"check", "partition-visibility":"shared", "description":"'check': Configure malformed HTTP parameters; ", "enum":[ "check" ] }, "malformed-http-max-line-size":{ "type":"number", "format":"number", "minimum":1, "maximum":65280, "default":32512, "partition-visibility":"shared", "description":"Set the maximum line size. Default value is 32512" }, "malformed-http-max-num-headers":{ "type":"number", "format":"number", "minimum":1, "maximum":90, "default":90, "partition-visibility":"shared", "description":"Set the maximum number of headers. Default value is 90" }, "malformed-http-max-req-line-size":{ "type":"number", "format":"number", "minimum":1, "maximum":65280, "default":32512, "partition-visibility":"shared", "description":"Set the maximum request line size. Default value is 32512" }, "malformed-http-max-header-name-size":{ "type":"number", "format":"number", "minimum":1, "maximum":64, "default":64, "partition-visibility":"shared", "description":"Set the maxinum header name length. Default value is 64." }, "malformed-http-max-content-length":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "default":4294967295, "partition-visibility":"shared", "description":"Set the maxinum content-length header. Default value is 4294967295 bytes" }, "malformed-http-bad-chunk-mon-enabled":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enabling bad chunk monitoring. Default is disabled" }, "malformed-http-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"malformed-http-action", "description":"Configure action-list to take" }, "malformed-http-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"malformed-http-action-list-name", "description":"'drop': Drop packets (Default); 'reset': Reset client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "reset", "blacklist-src" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "http-tmpl-name" ] } ] }, "dns-list":{ "type":"array", "minItems":1, "items":{ "type":"dns" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/dns/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "dns-any-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Drop DNS queries of Type ANY", "optional":true }, "dns-any-check-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dns-any-check-action", "description":"Configure action-list to take", "optional":true }, "dns-any-check-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"dns-any-check-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ], "optional":true }, "multi-pu-threshold-distribution":{ "type":"object", "properties":{ "multi-pu-threshold-distribution-value":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-disable", "description":"Destination side rate limit only. Default: 0" }, "multi-pu-threshold-distribution-disable":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-value", "description":"'disable': Destination side rate limit only. Default: Enable; ", "enum":[ "disable" ] } } }, "dns-udp-authentication":{ "type":"object", "properties":{ "force-tcp-cfg":{ "type":"object", "properties":{ "force-tcp":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "udp-timeout", "min-delay" ], "description":"Force DNS request over TCP" }, "force-tcp-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":16, "partition-visibility":"shared", "description":"UDP authentication timeout in seconds" }, "force-tcp-min-delay":{ "type":"number", "format":"number", "minimum":1, "maximum":15, "partition-visibility":"shared", "description":"Optional minimum delay (seconds) between DNS retransmits for authentication to pass" }, "force-tcp-ignore-client-source-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow client to retransmit DNS request using different source port during udp-auth (supported in asymmetric mode only)" } } }, "udp-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":16, "partition-visibility":"shared", "not":"force-tcp", "description":"UDP authentication timeout in seconds" }, "min-delay":{ "type":"number", "format":"number", "minimum":1, "maximum":80, "partition-visibility":"shared", "not":"force-tcp", "description":"Optional minimum delay between DNS retransmits for authentication to pass, unit is specified by min-delay-interval" }, "min-delay-interval":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'100ms': 100ms; '1sec': 1sec; ", "enum":[ "100ms", "1sec" ] }, "dns-udp-auth-pass-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dns-udp-auth-pass-action", "description":"Configure action-list to take for passing the authentication" }, "dns-udp-auth-pass-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dns-udp-auth-pass-action-list-name", "description":"'authenticate-src': authenticate-src (Default); ", "enum":[ "authenticate-src" ] }, "dns-udp-auth-fail-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dns-udp-auth-fail-action", "description":"Configure action-list to take for failing the authentication. (Applicable to dns-udp retry only)" }, "dns-udp-auth-fail-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dns-udp-auth-fail-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "blacklist-src" ] } } }, "fqdn-label-len-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "label-length":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"Maximum length of FQDN label" }, "fqdn-label-suffix":{ "type":"number", "format":"number", "minimum":1, "maximum":5, "partition-visibility":"shared", "description":"Number of suffixes" }, "fqdn-label-length-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"fqdn-label-length-action", "description":"Configure action-list to take" }, "fqdn-label-length-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"fqdn-label-length-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] } } } ] }, "fqdn-label-count-cfg":{ "type":"object", "properties":{ "label-count":{ "type":"number", "format":"number", "minimum":1, "maximum":10, "partition-visibility":"shared", "description":"Maximum number of FQDN labels per FQDN" }, "fqdn-label-count-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"fqdn-label-count-action", "description":"Configure action-list to take" }, "fqdn-label-count-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"fqdn-label-count-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Send reset to client; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] } } }, "src":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "nxdomain":{ "type":"object", "properties":{ "dns-nxdomain-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Limiting rate" }, "dns-nxdomain-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dns-nxdomain-rate-limit-action", "description":"Configure action-list to take" }, "dns-nxdomain-rate-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dns-nxdomain-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] } } }, "request":{ "type":"object", "properties":{ "type":{ "type":"object", "properties":{ "A-cfg":{ "type":"object", "properties":{ "A":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Address record" }, "src-dns-a-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "AAAA-cfg":{ "type":"object", "properties":{ "AAAA":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"IPv6 address record" }, "src-dns-aaaa-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "CNAME-cfg":{ "type":"object", "properties":{ "CNAME":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Canonical name record" }, "src-dns-cname-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "MX-cfg":{ "type":"object", "properties":{ "MX":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Mail exchange record" }, "src-dns-mx-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "NS-cfg":{ "type":"object", "properties":{ "NS":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Name server record" }, "src-dns-ns-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "SRV-cfg":{ "type":"object", "properties":{ "SRV":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Service locator" }, "src-dns-srv-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"DNS request rate" } } }, "dns-type-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "src-dns-request-type":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Other type value" }, "src-dns-request-type-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"request rate limit" } } } ] } } }, "src-dns-request-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-dns-request-rate-limit-action", "description":"Configure action-list to take" }, "src-dns-request-rate-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-dns-request-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] } } } } } } }, "dst":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "fqdn":{ "type":"object", "properties":{ "dns-fqdn-rate-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "dns-fqdn-rate":{ "type":"number", "format":"number", "minimum":5, "maximum":16000000, "partition-visibility":"shared", "description":"Limiting rate (Range: 5-8000 for FQDN domain based rate limiting, 5-16000000 for FQDN label count based rate limiting)" }, "per":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'domain-name': Domain Name; 'src-ip': Source IP address; 'label-count': FQDN label count; ", "enum":[ "domain-name", "src-ip", "label-count" ] }, "per-domain-per-src-ip":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use both Domain Name and Source IP address for rate-limiting" }, "fqdn-rate-suffix":{ "type":"number", "format":"number", "minimum":1, "maximum":5, "partition-visibility":"shared", "description":"Suffix count" }, "fqdn-rate-label-count":{ "type":"number", "format":"number", "minimum":1, "maximum":8, "partition-visibility":"shared", "description":"FQDN label count (Range: 1-8)" } } } ] }, "dns-fqdn-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dns-fqdn-rate-limit-action", "description":"Configure action-list to take" }, "dns-fqdn-rate-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dns-fqdn-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "reset", "blacklist-src" ] } } }, "domain-group-rate-exceed-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': Drop the query (default); 'tunnel-encap-packet': Encapsulate the query and send on a tunnel; ", "enum":[ "drop", "tunnel-encap-packet" ] }, "encap-template":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template to sepcify the tunnel endpoint" }, "domain-group-rate-per-service":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable per service domain rate checking" }, "request":{ "type":"object", "properties":{ "type":{ "type":"object", "properties":{ "A-cfg":{ "type":"object", "properties":{ "A":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Address record" }, "dns-a-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "AAAA-cfg":{ "type":"object", "properties":{ "AAAA":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"IPv6 address record" }, "dns-aaaa-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "CNAME-cfg":{ "type":"object", "properties":{ "CNAME":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Canonical name record" }, "dns-cname-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "MX-cfg":{ "type":"object", "properties":{ "MX":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Mail exchange record" }, "dns-mx-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "NS-cfg":{ "type":"object", "properties":{ "NS":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Name server record" }, "dns-ns-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "SRV-cfg":{ "type":"object", "properties":{ "SRV":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Service locator" }, "dns-srv-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"DNS request rate" } } }, "dns-type-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "dns-request-type":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Other type value" }, "dns-request-type-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"request rate limit" } } } ] } } }, "dst-dns-request-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-dns-request-rate-limit-action", "description":"Configure action-list to take" }, "dst-dns-request-rate-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-dns-request-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "reset", "blacklist-src" ] } } } } } } }, "domain-group-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Apply a domain-group to the DNS template", "optional":true }, "on-no-match":{ "type":"string", "format":"enum", "default":"deny", "partition-visibility":"shared", "description":"'permit': permit; 'deny': deny (default); ", "enum":[ "permit", "deny" ], "optional":true }, "symtimeout-cfg":{ "type":"object", "properties":{ "sym-timeout":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Timeout for DNS Symmetric session" }, "sym-timeout-value":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "description":"Session timeout value in seconds" } } }, "allow-query-class":{ "type":"object", "properties":{ "allow-internet-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"INTERNET query class" }, "allow-csnet-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"CSNET query class" }, "allow-chaos-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"CHAOS query class" }, "allow-hesiod-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"HESIOD query class" }, "allow-none-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"NONE query class" }, "allow-any-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"ANY query class" }, "allow-query-class-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"allow-query-class-action", "description":"Configure action-list to take when query class doesn't match" }, "allow-query-class-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"allow-query-class-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "blacklist-src", "reset" ] } } }, "allow-record-type":{ "type":"object", "properties":{ "allow-a-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Address record" }, "allow-aaaa-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"IPv6 address record" }, "allow-cname-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Canonical name record" }, "allow-mx-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Mail exchange record" }, "allow-ns-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Name server record" }, "allow-srv-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Service locator" }, "record-num-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "allow-num-type":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Other record type value" } } } ] }, "allow-record-type-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"allow-record-type-action", "description":"Configure action-list to take" }, "allow-record-type-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"allow-record-type-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "blacklist-src", "reset" ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "malformed-query-check":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/dns/{name}/malformed-query-check", "properties":{ "validation-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'basic-header-check': Basic header validation for DNS TCP/UDP queries; 'extended-header-check': Extended header/query validation for DNS TCP/UDP queries; 'disable': Disable Malform query validation for DNS TCP/UDP; ", "enum":[ "basic-header-check", "extended-header-check", "disable" ] }, "non-query-opcode-check":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'disable': When malform check is enabled, TPS always drops DNS query with non query opcode, this option disables this opcode check; ", "enum":[ "disable" ] }, "skip-multi-packet-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Bypass DNS fragmented and TCP segmented Queries(Default: dropped)" }, "dns-malformed-query-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dns-malformed-query-action", "description":"Configure action-list to take" }, "dns-malformed-query-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dns-malformed-query-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "name" ] } ] }, "quic-list":{ "type":"array", "minItems":1, "items":{ "type":"quic" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/quic/{quic-tmpl-name}", "array":[ { "properties":{ "quic-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "fixed-bit-check-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable fixed-bit malform check", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "version-supported-list":{ "type":"array", "minItems":1, "items":{ "type":"version-supported" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/quic/{quic-tmpl-name}/version-supported/{version-start}+{version-end}", "array":[ { "properties":{ "version-start":{ "type":"string", "format":"time", "minLength":1, "maxLength":4294967295, "partition-visibility":"shared", "description":"Configure versions supported", "optional":false }, "version-end":{ "type":"string", "format":"time", "minLength":1, "maxLength":4294967295, "partition-visibility":"shared", "description":"Version supported range end", "optional":false }, "version-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"version-action", "description":"Configure action-list to take", "optional":true }, "version-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"version-action-list-name", "description":"'drop': Drop packets; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "blacklist-src" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "malformed-check":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/quic/{quic-tmpl-name}/version-supported/{version-start}+{version-end}/malformed-check", "properties":{ "malformed-enable":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': Enable malformed check; ", "enum":[ "enable" ] }, "max-source-cid-length":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "default":255, "partition-visibility":"shared", "description":"Set the maximum source CID length" }, "max-destination-cid-length":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "default":255, "partition-visibility":"shared", "description":"Set the maximum destination CID length" }, "malformed-check-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"malformed-check-action", "description":"Configure action-list to take. Overwrites version action" }, "malformed-check-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"malformed-check-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "blacklist-src" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "version-start", "version-end" ] } ] } }, "required":[ "quic-tmpl-name" ] } ] }, "tcp-list":{ "type":"array", "minItems":1, "items":{ "type":"tcp" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/tcp/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "age":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "default":2, "partition-visibility":"shared", "description":"Session age in minutes", "optional":true }, "concurrent":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable concurrent port access for non-matching ports (DST support only)", "optional":true }, "syn-cookie":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable SYN Cookie", "optional":true }, "create-conn-on-syn-only":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable connection establishment on SYN only", "optional":true }, "filter-match-type":{ "type":"string", "format":"enum", "default":"default", "partition-visibility":"shared", "description":"'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; ", "enum":[ "default", "stop-on-first-match" ], "optional":true }, "out-of-seq-cfg":{ "type":"object", "properties":{ "out-of-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":64000, "partition-visibility":"shared", "not":"per-conn-out-of-seq-rate-limit", "description":"Take action if out-of-seq pkts exceed configured threshold" }, "out-of-seq-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"out-of-seq-action", "description":"Configure action-list to take for out-of-seq exceed" }, "out-of-seq-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"out-of-seq-action-list-name", "description":"'drop': Drop packets for out-of-seq exceed (Default); 'blacklist-src': help Blacklist-src for out-of-seq exceed; 'ignore': help Ignore out-of-seq exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "per-conn-out-of-seq-rate-cfg":{ "type":"object", "properties":{ "per-conn-out-of-seq-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"out-of-seq", "description":"Take action if out-of-seq pkt rate exceed configured threshold" }, "per-conn-out-of-seq-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"per-conn-out-of-seq-rate-action", "description":"Configure action-list to take for out-of-seq rate exceed" }, "per-conn-out-of-seq-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"per-conn-out-of-seq-rate-action-list-name", "description":"'drop': Drop packets for out-of-seq rate exceed (Default); 'blacklist-src': help Blacklist-src for out-of-seq rate exceed; 'ignore': help Ignore out-of-seq rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "max-rexmit-syn-per-flow-cfg":{ "type":"object", "properties":{ "max-rexmit-syn-per-flow":{ "type":"number", "format":"number", "minimum":1, "maximum":6, "partition-visibility":"shared", "description":"Maximum number of re-transmit SYN per flow" }, "max-rexmit-syn-per-flow-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure action-list to take for max-rexmit-syn-per-flow exceed" }, "max-rexmit-syn-per-flow-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': Drop SYN packets for max-rexmit-syn-per-flow exceed (Default); 'blacklist-src': help Blacklist-src for max-rexmit-syn-per-flow exceed; ", "enum":[ "drop", "blacklist-src" ] } } }, "retransmit-cfg":{ "type":"object", "properties":{ "retransmit":{ "type":"number", "format":"number", "minimum":1, "maximum":64000, "partition-visibility":"shared", "not":"per-conn-retransmit-rate-limit", "description":"Take action if retransmit pkts exceed configured threshold" }, "retransmit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"retransmit-action", "description":"Configure action-list to take for retransmit exceed" }, "retransmit-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"retransmit-action-list-name", "description":"'drop': Drop packets for retrans exceed (Default); 'blacklist-src': help Blacklist-src for retrans exceed; 'ignore': help Ignore retrans exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "per-conn-retransmit-rate-cfg":{ "type":"object", "properties":{ "per-conn-retransmit-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"retransmit", "description":"Take action if retransmit pkt rate exceed configured threshold" }, "per-conn-retransmit-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"per-conn-retransmit-rate-action", "description":"Configure action-list to take for retransmit rate exceed" }, "per-conn-retransmit-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"per-conn-retransmit-rate-action-list-name", "description":"'drop': Drop packets for retrans rate exceed (Default); 'blacklist-src': help Blacklist-src for retrans rate exceed; 'ignore': help Ignore retrans rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "zero-win-cfg":{ "type":"object", "properties":{ "zero-win":{ "type":"number", "format":"number", "minimum":1, "maximum":250, "partition-visibility":"shared", "not":"per-conn-zero-win-rate-limit", "description":"Take action if zero window pkts exceed configured threshold" }, "zero-win-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"zero-win-action", "description":"Configure action-list to take for zero window exceed" }, "zero-win-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"zero-win-action-list-name", "description":"'drop': Drop packets for zero-win exceed (Default); 'blacklist-src': help Blacklist-src for zero-win exceed; 'ignore': Ignore zero-win exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "per-conn-zero-win-rate-cfg":{ "type":"object", "properties":{ "per-conn-zero-win-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"zero-win", "description":"Take action if zero window pkt rate exceed configured threshold" }, "per-conn-zero-win-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"per-conn-zero-win-rate-action", "description":"Configure action-list to take for zero window rate exceed" }, "per-conn-zero-win-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"per-conn-zero-win-rate-action-list-name", "description":"'drop': Drop packets for zero-win rate exceed (Default); 'blacklist-src': help Blacklist-src for zero-win rate exceed; 'ignore': Ignore zero-win rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "per-conn-pkt-rate-cfg":{ "type":"object", "properties":{ "per-conn-pkt-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Packet rate limit per connection per rate-interval" }, "per-conn-pkt-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"per-conn-pkt-rate-action", "description":"Configure action-list to take for per-conn-pkt-rate exceed" }, "per-conn-pkt-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"per-conn-pkt-rate-action-list-name", "description":"'drop': Drop packets for per-conn-pkt-rate exceed (Default); 'blacklist-src': help Blacklist-src for per-conn-pkt-rate exceed; 'ignore': Ignore per-conn-pkt-rate-exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "per-conn-rate-interval":{ "type":"string", "format":"enum", "default":"1sec", "partition-visibility":"shared", "description":"'100ms': 100ms; '1sec': 1sec; '10sec': 10sec; ", "enum":[ "100ms", "1sec", "10sec" ], "optional":true }, "dst":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "syn-rate-limit":{ "type":"object", "properties":{ "dst-syn-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "dst-syn-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': Drop packets for syn-rate exceed (Default); 'ignore': Ignore syn-rate-exceed; ", "enum":[ "drop", "ignore" ] } } } } } } }, "src":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "syn-rate-limit":{ "type":"object", "properties":{ "src-syn-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "src-syn-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-syn-rate-action", "description":"Configure action-list to take for syn-rate exceed" }, "src-syn-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"src-syn-rate-action-list-name", "description":"'drop': Drop packets for syn-rate exceed (Default); 'blacklist-src': Blacklist-src for syn-rate exceed; 'ignore': Ignore syn-rate-exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } } } } } }, "allow-synack-skip-authentications":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow create sessions on SYNACK without syn-auth and ack-auth (ASYM Mode only)", "optional":true }, "synack-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"track-together-with-syn", "description":"Config SYNACK rate limit", "optional":true }, "track-together-with-syn":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"synack-rate-limit", "description":"SYNACK will be counted in Dst Syn-rate limit", "optional":true }, "allow-syn-otherflags":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Treat TCP SYN+PSH as a TCP SYN (DST tcp ports support only)", "optional":true }, "allow-tcp-tfo":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow TCP Fast Open", "optional":true }, "conn-rate-limit-on-syn-only":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Only count SYN-initiated connections towards connection-rate tracking", "optional":true }, "action-on-syn-rto-retry-count":{ "type":"number", "format":"number", "minimum":2, "maximum":10, "partition-visibility":"shared", "description":"Take action if syn-auth RTO-authentication fail over retry time(default:5)", "optional":true }, "action-on-ack-rto-retry-count":{ "type":"number", "format":"number", "minimum":2, "maximum":10, "partition-visibility":"shared", "description":"Take action if ack-auth RTO-authentication fail over retry time(default:5)", "optional":true }, "ack-authentication-synack-reset":{ "type":"number", "format":"flag", "plat-neg-list":["soft-ax"], "default":0, "partition-visibility":"shared", "description":"Reset client TCP SYN+ACK for authentication (DST support only)", "optional":true }, "known-resp-src-port-cfg":{ "type":"object", "properties":{ "known-resp-src-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Take action if src-port is less than 1024" }, "known-resp-src-port-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"known-resp-src-port-action", "description":"Configure action-list to take for well-known src-port" }, "known-resp-src-port-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"known-resp-src-port-action-list-name", "description":"'drop': Drop packets from well-known src-port(Default); 'blacklist-src': Blacklist-src from well-known src-port; 'ignore': Ignore well-known src-port; ", "enum":[ "drop", "blacklist-src", "ignore" ] }, "exclude-src-resp-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Exclude src port equal to dst port" } } }, "syn-authentication":{ "type":"object", "properties":{ "syn-auth-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not-list":[ "syn-auth-timeout", "syn-auth-min-delay" ], "description":"'send-rst': Send reset to all concurrent client auth attempts after syn cookie check pass; 'force-rst-by-ack': Send client a bad ack after syn cookie check pass; 'force-rst-by-synack': Send client a bad synack after syn cookie check pass; 'send-rst-once': Send RST to one client concurrent auth attempts; ", "enum":[ "send-rst", "force-rst-by-ack", "force-rst-by-synack", "send-rst-once" ] }, "syn-auth-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "not":"syn-auth-type", "description":"syn retransmit timeout in seconds(default timeout: 5 seconds)" }, "syn-auth-min-delay":{ "type":"number", "format":"number", "minimum":1, "maximum":80, "partition-visibility":"shared", "not":"syn-auth-type", "description":"Minimum delay (in 100ms intervals) between SYN retransmits for retransmit-check to pass" }, "syn-auth-rto":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Estimate the RTO and apply the exponential back-off for authentication" }, "syn-auth-pass-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"syn-auth-pass-action", "description":"Configure action-list to take for passing the authentication" }, "syn-auth-pass-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"syn-auth-pass-action-list-name", "description":"'authenticate-src': authenticate-src (Default); ", "enum":[ "authenticate-src" ] }, "syn-auth-fail-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"syn-auth-fail-action", "description":"Configure action-list to take for failing the authentication." }, "syn-auth-fail-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"syn-auth-fail-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Send reset to client (Applicable to retransmit-check only); ", "enum":[ "drop", "blacklist-src", "reset" ] }, "allow-ra":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow RA packets to be used for auth" } } }, "ack-authentication":{ "type":"object", "properties":{ "ack-auth-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "description":"ack retransmit timeout in seconds(default timeout: 5 seconds)" }, "ack-auth-min-delay":{ "type":"number", "format":"number", "minimum":1, "maximum":80, "partition-visibility":"shared", "description":"Minimum delay (in 100ms intervals) between ACK retransmits for retransmit-check to pass" }, "ack-auth-only":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Apply retransmit-check only once per source address for authentication purpose" }, "ack-auth-rto":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Estimate the RTO and apply the exponential back-off for authentication" }, "ack-auth-pass-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"ack-auth-pass-action", "description":"Configure action-list to take for passing the authentication" }, "ack-auth-pass-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"ack-auth-pass-action-list-name", "description":"'authenticate-src': authenticate-src (Default); ", "enum":[ "authenticate-src" ] }, "ack-auth-fail-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"ack-auth-fail-action", "description":"Configure action-list to take for failing the authentication." }, "ack-auth-fail-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"ack-auth-fail-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Send reset to client; ", "enum":[ "drop", "blacklist-src", "reset" ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "progression-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking", "properties":{ "progression-tracking-enabled":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'enable-check': Enable Progression Tracking Check; ", "enum":[ "enable-check" ] }, "request-response-model":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': Enable Request Response Model; 'disable': Disable Request Response Model; ", "enum":[ "enable", "disable" ] }, "violation":{ "type":"number", "format":"number", "minimum":1, "maximum":255, "partition-visibility":"shared", "description":"Set the violation threshold" }, "ignore-TLS-handshake":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Ignore TLS handshake" }, "response-length-max":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set the maximum response length" }, "response-length-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum response length" }, "request-length-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum request length" }, "request-length-max":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum request length" }, "response-request-min-ratio":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum response to request ratio (in unit of 0.1% [1:1000])" }, "response-request-max-ratio":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set the maximum response to request ratio (in unit of 0.1% [1:1000])" }, "first-request-max-time":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum wait time from connection creation until the first data is transmitted over the connection (100 ms)" }, "request-to-response-max-time":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum request to response time (100 ms)" }, "response-to-request-max-time":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum response to request time (100 ms)" }, "profiling-request-response-model":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable auto-config progression tracking learning for Request Response model" }, "profiling-connection-life-model":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable auto-config progression tracking learning for connection model" }, "profiling-time-window-model":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable auto-config progression tracking learning for time window model" }, "progression-tracking-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"progression-tracking-action", "description":"Configure action-list to take when progression tracking violation exceed" }, "progression-tracking-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"progression-tracking-action-list-name", "description":"'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; ", "enum":[ "drop", "blacklist-src" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "connection-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking/connection-tracking", "properties":{ "progression-tracking-conn-enabled":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'enable-check': Enable General Progression Tracking per Connection; ", "enum":[ "enable-check" ] }, "conn-sent-max":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Set the maximum total sent byte" }, "conn-sent-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum total sent byte" }, "conn-rcvd-max":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Set the maximum total received byte" }, "conn-rcvd-min":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Set the minimum total received byte" }, "conn-rcvd-sent-ratio-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum received to sent ratio (in unit of milli-, 0.001)" }, "conn-rcvd-sent-ratio-max":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Set the maximum received to sent ratio (in unit of milli-, 0.001)" }, "conn-duration-max":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Set the maximum duration time (in unit of 100ms, up to 24 hours)" }, "conn-duration-min":{ "type":"number", "format":"number", "minimum":1, "maximum":864000, "partition-visibility":"shared", "description":"Set the minimum duration time (in unit of 100ms, up to 24 hours)" }, "conn-violation":{ "type":"number", "format":"number", "minimum":1, "maximum":255, "partition-visibility":"shared", "description":"Set the violation threshold" }, "progression-tracking-conn-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"progression-tracking-conn-action", "description":"Configure action-list to take when progression tracking violation exceed" }, "progression-tracking-conn-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"progression-tracking-conn-action-list-name", "description":"'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; ", "enum":[ "drop", "blacklist-src" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "time-window-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking/time-window-tracking", "properties":{ "progression-tracking-win-enabled":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'enable-check': Enable Progression Tracking per Time Window; ", "enum":[ "enable-check" ] }, "window-sent-max":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum total sent byte" }, "window-sent-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum total sent byte" }, "window-rcvd-max":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum total received byte" }, "window-rcvd-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum total received byte" }, "window-rcvd-sent-ratio-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum received to sent ratio (in unit of 0.1% [1:1000])" }, "window-rcvd-sent-ratio-max":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum received to sent ratio (in unit of 0.1% [1:1000])" }, "window-violation":{ "type":"number", "format":"number", "minimum":1, "maximum":255, "partition-visibility":"shared", "description":"Set the violation threshold" }, "progression-tracking-windows-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"progression-tracking-windows-action", "description":"Configure action-list to take when progression tracking violation exceed" }, "progression-tracking-windows-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"progression-tracking-windows-action-list-name", "description":"'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; ", "enum":[ "drop", "blacklist-src" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/tcp/{name}/filter/{tcp-filter-name}", "array":[ { "properties":{ "tcp-filter-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "tcp-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":200, "partition-visibility":"shared", "description":"Sequence number", "optional":true }, "tcp-filter-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "tcp-filter-inverse-match":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Inverse the result of the matching", "optional":true }, "byte-offset-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Filter using Berkeley Packet Filter syntax", "optional":true }, "tcp-filter-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"tcp-filter-action", "description":"Configure action-list to take", "optional":true }, "tcp-filter-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"tcp-filter-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; ", "enum":[ "drop", "ignore", "blacklist-src", "authenticate-src" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "tcp-filter-name" ] } ] } }, "required":[ "name" ] } ] }, "udp-list":{ "type":"array", "minItems":1, "items":{ "type":"udp" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/udp/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS UDP Template Name", "optional":false }, "age":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "default":2, "partition-visibility":"shared", "description":"Configure session age(in minutes) for UDP sessions", "optional":true }, "per-conn-pkt-rate-cfg":{ "type":"object", "properties":{ "per-conn-pkt-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Packet rate limit per connection per rate-interval" }, "per-conn-pkt-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"per-conn-pkt-rate-action", "description":"Configure action-list to take for per-conn-pkt-rate exceed" }, "per-conn-pkt-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"per-conn-pkt-rate-action-list-name", "description":"'drop': Drop packets for per-conn-pkt-rate exceed (Default); 'blacklist-src': help Blacklist-src for per-conn-pkt-rate exceed; 'ignore': Ignore per-conn-pkt-rate-exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "per-conn-rate-interval":{ "type":"string", "format":"enum", "default":"1sec", "partition-visibility":"shared", "description":"'100ms': 100ms; '1sec': 1sec; ", "enum":[ "100ms", "1sec" ], "optional":true }, "filter-match-type":{ "type":"string", "format":"enum", "default":"default", "partition-visibility":"shared", "description":"'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; ", "enum":[ "default", "stop-on-first-match" ], "optional":true }, "spoof-detect-retry-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "description":"Timeout in seconds", "optional":true }, "spoof-detect-min-delay-interval":{ "type":"string", "format":"enum", "default":"1sec", "partition-visibility":"shared", "description":"'100ms': 100ms; '1sec': 1sec; ", "enum":[ "100ms", "1sec" ], "optional":true }, "spoof-detect-min-delay":{ "type":"number", "format":"number", "minimum":1, "maximum":80, "partition-visibility":"shared", "description":"Optional minimum delay between UDP retransmits for authentication to pass, unit is specified by min-delay-interval", "optional":true }, "spoof-detect-pass-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"spoof-detect-pass-action", "description":"Configure action-list to take for passing the authentication", "optional":true }, "spoof-detect-pass-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"spoof-detect-pass-action-list-name", "description":"'authenticate-src': authenticate-src (Default); ", "enum":[ "authenticate-src" ], "optional":true }, "spoof-detect-fail-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"spoof-detect-fail-action", "description":"Configure action-list to take for failing the authentication", "optional":true }, "spoof-detect-fail-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"spoof-detect-fail-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src for spoof-detect fail; ", "enum":[ "drop", "blacklist-src" ], "optional":true }, "token-authentication":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable Token Authentication", "optional":true }, "token-authentication-hw-assist-disable":{ "type":"number", "format":"flag", "plat-neg-list":["non-fpga,soft-ax", "soft-ax"], "default":0, "partition-visibility":"shared", "description":"token-authentication disable hardware assistance", "optional":true }, "token-authentication-salt-prefix":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"token-authentication salt-prefix", "optional":true }, "token-authentication-salt-prefix-curr":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "optional":true }, "token-authentication-salt-prefix-prev":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "optional":true }, "token-authentication-formula":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'md5_Salt-SrcIp-SrcPort-DstIp-DstPort': md5 of Salt-SrcIp-SrcPort-DstIp-DstPort; 'md5_Salt-DstIp-DstPort': md5 of Salt-DstIp-DstPort; 'md5_Salt-SrcIp-DstIp': md5 of Salt-SrcIp-DstIp; 'md5_Salt-SrcPort-DstPort': md5 of Salt-SrcPort-DstPort; 'md5_Salt-UintDstIp-DstPort': Using the uint value of IP for md5 of Salt-DstIp-DstPort; 'sha1_Salt-SrcIp-SrcPort-DstIp-DstPort': sha1 of Salt-SrcIp-SrcPort-DstIp-DstPort; 'sha1_Salt-DstIp-DstPort': sha1 of Salt-DstIp-DstPort; 'sha1_Salt-SrcIp-DstIp': sha1 of Salt-SrcIp-DstIp; 'sha1_Salt-SrcPort-DstPort': sha1 of Salt-SrcPort-DstPort; 'sha1_Salt-UintDstIp-DstPort': Using the uint value of IP for sha1 of Salt-DstIp-DstPort; ", "enum":[ "md5_Salt-SrcIp-SrcPort-DstIp-DstPort", "md5_Salt-DstIp-DstPort", "md5_Salt-SrcIp-DstIp", "md5_Salt-SrcPort-DstPort", "md5_Salt-UintDstIp-DstPort", "sha1_Salt-SrcIp-SrcPort-DstIp-DstPort", "sha1_Salt-DstIp-DstPort", "sha1_Salt-SrcIp-DstIp", "sha1_Salt-SrcPort-DstPort", "sha1_Salt-UintDstIp-DstPort" ], "optional":true }, "previous-salt-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":10080, "default":1, "partition-visibility":"shared", "description":"Token-Authentication previous salt-prefix timeout in minutes, default is 1 min", "optional":true }, "token-authentication-public-address":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"The server public IP address", "optional":true }, "public-ipv4-addr":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IP address", "optional":true }, "public-ipv6-addr":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"IPV6 address", "optional":true }, "known-resp-src-port-cfg":{ "type":"object", "properties":{ "known-resp-src-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Take action if src-port is less than 1024" }, "known-resp-src-port-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"known-resp-src-port-action", "description":"Configure action-list to take for well-known src-port" }, "known-resp-src-port-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"known-resp-src-port-action-list-name", "description":"'drop': Drop packets from well-known src-port(Default); 'blacklist-src': Blacklist-src from well-known src-port; 'ignore': Ignore well-known src-port; ", "enum":[ "drop", "blacklist-src", "ignore" ] }, "exclude-src-resp-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Exclude src port equal to dst port" } } }, "ntp-monlist-cfg":{ "type":"object", "properties":{ "ntp-monlist":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Take action for ntp monlist request/response" }, "ntp-monlist-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"ntp-monlist-action", "description":"Configure action-list to take for ntp-monlist" }, "ntp-monlist-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"ntp-monlist-action-list-name", "description":"'drop': Drop packets for ntp-monlist (Default); 'blacklist-src': Blacklist-src for ntp-monlist; 'ignore': Ignore ntp-monlist; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "max-payload-size-cfg":{ "type":"object", "properties":{ "max-payload-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1470, "partition-visibility":"shared", "description":"Maximum UDP payload size for each single packet" }, "max-payload-size-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":64, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"max-payload-size-action", "description":"Configure action-list to take for max-payload-size exceed" }, "max-payload-size-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"max-payload-size-action-list-name", "description":"'drop': Drop packets for max-payload-size exceed (Default); 'blacklist-src': Blacklist-src for max-payload-size exceed; 'ignore': Do nothing for max-payload-size exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "min-payload-size-cfg":{ "type":"object", "properties":{ "min-payload-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1470, "partition-visibility":"shared", "description":"Minimum UDP payload size for each single packet" }, "min-payload-size-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":64, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"min-payload-size-action", "description":"Configure action-list to take for min-payload-size exceed" }, "min-payload-size-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"min-payload-size-action-list-name", "description":"'drop': Drop packets for min-payload-size (Default); 'blacklist-src': Blacklist-src for min-payload-size; 'ignore': Do nothing for min-payload-size exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/udp/{name}/filter/{udp-filter-name}", "array":[ { "properties":{ "udp-filter-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "udp-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":200, "partition-visibility":"shared", "description":"Sequence number", "optional":true }, "udp-filter-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "udp-filter-inverse-match":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Inverse the result of the matching", "optional":true }, "byte-offset-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Filter using Berkeley Packet Filter syntax", "optional":true }, "udp-filter-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"udp-filter-action", "description":"Configure action-list to take", "optional":true }, "udp-filter-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"udp-filter-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; ", "enum":[ "drop", "ignore", "blacklist-src", "authenticate-src" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "udp-filter-name" ] } ] } }, "required":[ "name" ] } ] }, "ip-proto-list":{ "type":"array", "minItems":1, "items":{ "type":"ip-proto" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/ip-proto/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS Ip-proto Template Name", "optional":false }, "filter-match-type":{ "type":"string", "format":"enum", "default":"default", "partition-visibility":"shared", "description":"'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; ", "enum":[ "default", "stop-on-first-match" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/ip-proto/{name}/filter/{other-filter-name}", "array":[ { "properties":{ "other-filter-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "other-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":200, "partition-visibility":"shared", "description":"Sequence number", "optional":true }, "other-filter-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "other-filter-inverse-match":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Inverse the result of the matching", "optional":true }, "byte-offset-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Filter using Berkeley Packet Filter syntax", "optional":true }, "other-filter-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"other-filter-action", "description":"Configure action-list to take", "optional":true }, "other-filter-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"other-filter-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; ", "enum":[ "drop", "ignore", "blacklist-src", "authenticate-src" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "other-filter-name" ] } ] } }, "required":[ "name" ] } ] }, "icmp-v4-list":{ "type":"array", "minItems":1, "items":{ "type":"icmp-v4" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}", "array":[ { "properties":{ "icmp-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ICMPv4 Template Name", "optional":false }, "filter-match-type":{ "type":"string", "format":"enum", "default":"default", "partition-visibility":"shared", "description":"'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; ", "enum":[ "default", "stop-on-first-match" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "type-list":{ "type":"array", "minItems":1, "items":{ "type":"type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}/type/{type-number}", "array":[ { "properties":{ "type-number":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Specify ICMP type number", "optional":false }, "icmp-type-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"icmp-type-action", "description":"Configure action-list to take for this ICMP type", "optional":true }, "icmp-type-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"icmp-type-action-list-name", "description":"'drop': Reject this ICMP type; 'blacklist-src': Blacklist-src this ICMP type; 'ignore': Ignore this ICMP type; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "v4-src-rate-cfg":{ "type":"object", "properties":{ "src-type-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the whole src rate for this type" }, "src-type-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-type-rate-action", "description":"Configure action-list to take for rate exceed" }, "src-type-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-type-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "v4-src-code-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "src-code-number":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Specify the ICMP code for this src rate" }, "src-code-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the rate with the code" }, "src-code-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-code-rate-action", "description":"Configure action-list to take for rate exceed" }, "src-code-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-code-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } } ] }, "src-code-other-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the rate with other code", "optional":true }, "src-code-other-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-code-other-rate-action", "description":"Configure action-list to take for rate exceed", "optional":true }, "src-code-other-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-code-other-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "v4-dst-rate-cfg":{ "type":"object", "properties":{ "dst-type-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the whole dst rate for this type" }, "dst-type-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-type-rate-action", "description":"Configure action-list to take for rate exceed" }, "dst-type-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-type-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "v4-dst-code-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "dst-code-number":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Specify the ICMP code for this dst rate" }, "dst-code-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the rate with the code" }, "dst-code-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-code-rate-action", "description":"Configure action-list to take for rate exceed" }, "dst-code-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-code-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } } ] }, "dst-code-other-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the rate with other code", "optional":true }, "dst-code-other-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-code-other-rate-action", "description":"Configure action-list to take for rate exceed", "optional":true }, "dst-code-other-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-code-other-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type-number" ] } ] }, "type-other":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}/type-other", "properties":{ "icmp-type-other-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"icmp-type-other-action", "description":"Configure action-list to take for wildcard ICMP match" }, "icmp-type-other-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"icmp-type-other-action-list-name", "description":"'drop': Reject wildcard ICMP type; 'blacklist-src': Blacklist-src wildcard ICMP type; 'ignore': Ignore wildcard ICMP type; ", "enum":[ "drop", "blacklist-src", "ignore" ] }, "src":{ "type":"object", "properties":{ "src-type-other-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the whole src rate for wildcard ICMP type" }, "src-type-other-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-type-other-rate-action", "description":"Configure action-list to take for rate exceed" }, "src-type-other-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-type-other-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "dst":{ "type":"object", "properties":{ "dst-type-other-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the whole dst rate for wildcard ICMP type" }, "dst-type-other-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-type-other-rate-action", "description":"Configure action-list to take for rate exceed" }, "dst-type-other-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-type-other-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}/filter/{icmp-filter-name}", "array":[ { "properties":{ "icmp-filter-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "icmp-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":200, "partition-visibility":"shared", "description":"sequence number", "optional":true }, "icmp-filter-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "icmp-filter-inverse-match":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Inverse the result of matching", "optional":true }, "byte-offset-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"filter using Berkeley packet filter syntax", "optional":true }, "icmp-filter-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"icmp-filter-action", "description":"Configure action-list to take", "optional":true }, "icmp-filter-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"icmp-filter-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "blacklist-src" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "icmp-filter-name" ] } ] } }, "required":[ "icmp-tmpl-name" ] } ] }, "icmp-v6-list":{ "type":"array", "minItems":1, "items":{ "type":"icmp-v6" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}", "array":[ { "properties":{ "icmp-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ICMPv6 Template Name", "optional":false }, "filter-match-type":{ "type":"string", "format":"enum", "default":"default", "partition-visibility":"shared", "description":"'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; ", "enum":[ "default", "stop-on-first-match" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "type-list":{ "type":"array", "minItems":1, "items":{ "type":"type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}/type/{type-number}", "array":[ { "properties":{ "type-number":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Specify ICMP type number", "optional":false }, "icmp-type-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"icmp-type-action", "description":"Configure action-list to take for this ICMP type", "optional":true }, "icmp-type-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"icmp-type-action-list-name", "description":"'drop': Reject this ICMP type; 'blacklist-src': Blacklist-src this ICMP type; 'ignore': Ignore this ICMP type; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "v6-src-rate-cfg":{ "type":"object", "properties":{ "src-type-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the whole src rate for this type" }, "src-type-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-type-rate-action", "description":"Configure action-list to take for rate exceed" }, "src-type-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-type-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "v6-src-code-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "src-code-number":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Specify the ICMP code for this src rate" }, "src-code-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the rate with the code" }, "src-code-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-code-rate-action", "description":"Configure action-list to take for rate exceed" }, "src-code-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-code-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } } ] }, "src-code-other-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the rate with other code", "optional":true }, "src-code-other-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-code-other-rate-action", "description":"Configure action-list to take for rate exceed", "optional":true }, "src-code-other-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-code-other-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "v6-dst-rate-cfg":{ "type":"object", "properties":{ "dst-type-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the whole dst rate for this type" }, "dst-type-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-type-rate-action", "description":"Configure action-list to take for rate exceed" }, "dst-type-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-type-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "v6-dst-code-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "dst-code-number":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Specify the ICMP code for this dst rate" }, "dst-code-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the rate with the code" }, "dst-code-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-code-rate-action", "description":"Configure action-list to take for rate exceed" }, "dst-code-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-code-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } } ] }, "dst-code-other-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the rate with other code", "optional":true }, "dst-code-other-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-code-other-rate-action", "description":"Configure action-list to take for rate exceed", "optional":true }, "dst-code-other-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-code-other-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type-number" ] } ] }, "type-other":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}/type-other", "properties":{ "icmp-type-other-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"icmp-type-other-action", "description":"Configure action-list to take for wildcard ICMP match" }, "icmp-type-other-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"icmp-type-other-action-list-name", "description":"'drop': Reject wildcard ICMP type; 'blacklist-src': Blacklist-src wildcard ICMP type; 'ignore': Ignore wildcard ICMP type; ", "enum":[ "drop", "blacklist-src", "ignore" ] }, "src":{ "type":"object", "properties":{ "src-type-other-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the whole src rate for wildcard ICMP type" }, "src-type-other-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-type-other-rate-action", "description":"Configure action-list to take for rate exceed" }, "src-type-other-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-type-other-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "dst":{ "type":"object", "properties":{ "dst-type-other-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the whole dst rate for wildcard ICMP type" }, "dst-type-other-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-type-other-rate-action", "description":"Configure action-list to take for rate exceed" }, "dst-type-other-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-type-other-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}/filter/{icmp-filter-name}", "array":[ { "properties":{ "icmp-filter-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "icmp-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":200, "partition-visibility":"shared", "description":"sequence number", "optional":true }, "icmp-filter-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "icmp-filter-inverse-match":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Inverse the result of matching", "optional":true }, "byte-offset-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"filter using Berkeley packet filter syntax", "optional":true }, "icmp-filter-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"icmp-filter-action", "description":"list to take", "optional":true }, "icmp-filter-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"icmp-filter-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "blacklist-src" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "icmp-filter-name" ] } ] } }, "required":[ "icmp-tmpl-name" ] } ] }, "sip-list":{ "type":"array", "minItems":1, "items":{ "type":"sip" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/sip/{sip-tmpl-name}", "array":[ { "properties":{ "sip-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS SIP Template Name", "optional":false }, "multi-pu-threshold-distribution":{ "type":"object", "properties":{ "multi-pu-threshold-distribution-value":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-disable", "description":"Destination side rate limit only. Default: 0" }, "multi-pu-threshold-distribution-disable":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-value", "description":"'disable': Destination side rate limit only. Default: Enable; ", "enum":[ "disable" ] } } }, "src":{ "type":"object", "properties":{ "sip-request-rate-limit":{ "type":"object", "properties":{ "src-sip-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-sip-rate-action", "description":"Configure action-list to take" }, "src-sip-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"src-sip-rate-action-list-name", "description":"'drop': Drop packets(Default); 'ignore': Take no action; 'reset': Reset (sip-tcp) client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "reset", "blacklist-src" ] }, "method":{ "type":"object", "properties":{ "invite-cfg":{ "type":"object", "properties":{ "INVITE":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"INVITE method" }, "src-sip-invite-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "register-cfg":{ "type":"object", "properties":{ "REGISTER":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"REGISTER method" }, "src-sip-register-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "options-cfg":{ "type":"object", "properties":{ "OPTIONS":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"OPTIONS method" }, "src-sip-options-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "bye-cfg":{ "type":"object", "properties":{ "BYE":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"BYE method" }, "src-sip-bye-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "subscribe-cfg":{ "type":"object", "properties":{ "SUBSCRIBE":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"SUBSCRIBE method" }, "src-sip-subscribe-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "notify-cfg":{ "type":"object", "properties":{ "NOTIFY":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"NOTIFY method" }, "src-sip-notify-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "refer-cfg":{ "type":"object", "properties":{ "REFER":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"REFER method" }, "src-sip-refer-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "message-cfg":{ "type":"object", "properties":{ "MESSAGE":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"MESSAGE method" }, "src-sip-message-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "update-cfg":{ "type":"object", "properties":{ "UPDATE":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"UPDATE method" }, "src-sip-update-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } } } } } } } }, "dst":{ "type":"object", "properties":{ "sip-request-rate-limit":{ "type":"object", "properties":{ "dst-sip-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-sip-rate-action", "description":"Configure action-list to take" }, "dst-sip-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"dst-sip-rate-action-list-name", "description":"'drop': Drop packets(Default); 'ignore': Take no action; 'reset': Reset (sip-tcp) client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "reset", "blacklist-src" ] }, "method":{ "type":"object", "properties":{ "invite-cfg":{ "type":"object", "properties":{ "INVITE":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"INVITE method" }, "dst-sip-invite-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "register-cfg":{ "type":"object", "properties":{ "REGISTER":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"REGISTER method" }, "dst-sip-register-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "options-cfg":{ "type":"object", "properties":{ "OPTIONS":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"OPTIONS method" }, "dst-sip-options-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "bye-cfg":{ "type":"object", "properties":{ "BYE":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"BYE method" }, "dst-sip-bye-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "subscribe-cfg":{ "type":"object", "properties":{ "SUBSCRIBE":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"SUBSCRIBE method" }, "dst-sip-subscribe-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "notify-cfg":{ "type":"object", "properties":{ "NOTIFY":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"NOTIFY method" }, "dst-sip-notify-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "refer-cfg":{ "type":"object", "properties":{ "REFER":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"REFER method" }, "dst-sip-refer-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "message-cfg":{ "type":"object", "properties":{ "MESSAGE":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"MESSAGE method" }, "dst-sip-message-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "update-cfg":{ "type":"object", "properties":{ "UPDATE":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"UPDATE method" }, "dst-sip-update-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } } } } } } } }, "idle-timeout":{ "type":"object", "properties":{ "idle-timeout-value":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"Set the the idle timeout value for SIP-TCP connections" }, "ignore-zero-payload":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Don't reset idle timer on packets with zero payload length from clients" }, "idle-timeout-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"idle-timeout-action", "description":"Configure action-list to take" }, "idle-timeout-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"idle-timeout-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset (sip-tcp) client connection; ", "enum":[ "drop", "blacklist-src", "reset" ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "malformed-sip":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/sip/{sip-tmpl-name}/malformed-sip", "properties":{ "malformed-sip-check":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'enable-check': Enable malformed SIP parameters; ", "enum":[ "enable-check" ] }, "malformed-sip-max-line-size":{ "type":"number", "format":"number", "minimum":1, "maximum":32511, "default":32511, "partition-visibility":"shared", "description":"Set the maximum line size. Default value is 32511" }, "malformed-sip-max-uri-length":{ "type":"number", "format":"number", "minimum":1, "maximum":32511, "default":32511, "partition-visibility":"shared", "description":"Set the maximum uri size. Default value is 32511" }, "malformed-sip-max-header-name-length":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "default":63, "partition-visibility":"shared", "description":"Set the maximum header name length. Default value is 63" }, "malformed-sip-max-header-value-length":{ "type":"number", "format":"number", "minimum":1, "maximum":32511, "default":32511, "partition-visibility":"shared", "description":"Set the maximum header value length. Default value is 32511" }, "malformed-sip-call-id-max-length":{ "type":"number", "format":"number", "minimum":1, "maximum":32511, "default":32511, "partition-visibility":"shared", "description":"Set the maximum call-id length. Default value is 32511" }, "malformed-sip-sdp-max-length":{ "type":"number", "format":"number", "minimum":1, "maximum":32511, "default":32511, "partition-visibility":"shared", "description":"Set the maxinum SDP content length. Default value is 32511" }, "malformed-sip-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"malformed-sip-action", "description":"Configure action-list to take" }, "malformed-sip-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"malformed-sip-action-list-name", "description":"'drop': Drop packets (Default); 'reset': Reset (sip-tcp) client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "reset", "blacklist-src" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "filter-header-list":{ "type":"array", "minItems":1, "items":{ "type":"filter-header" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/sip/{sip-tmpl-name}/filter-header/{sip-filter-name}", "array":[ { "properties":{ "sip-filter-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "sip-filter-header-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":200, "partition-visibility":"shared", "description":"Sequence number", "optional":true }, "sip-header-cfg":{ "type":"object", "properties":{ "sip-filter-header-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression" }, "sip-filter-header-inverse-match":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared" } } }, "sip-filter-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"sip-filter-action", "description":"Configure action-list to take", "optional":true }, "sip-filter-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"sip-filter-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; 'reset': Reset client connection(for sip-tcp); ", "enum":[ "drop", "ignore", "blacklist-src", "authenticate-src", "reset" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "sip-filter-name" ] } ] } }, "required":[ "sip-tmpl-name" ] } ] } } }