{ "id":"/axapi/v3/ddos/zone-template/tcp/{name}", "type":"object", "node-type":"list", "title":"tcp", "partition-visibility":"shared", "description":"TCP template Configuration", "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "age":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "default":2, "partition-visibility":"shared", "description":"Session age in minutes", "optional":true }, "concurrent":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable concurrent port access for non-matching ports (DST support only)", "optional":true }, "syn-cookie":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable SYN Cookie", "optional":true }, "create-conn-on-syn-only":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable connection establishment on SYN only", "optional":true }, "filter-match-type":{ "type":"string", "format":"enum", "default":"default", "partition-visibility":"shared", "description":"'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; ", "enum":[ "default", "stop-on-first-match" ], "optional":true }, "out-of-seq-cfg":{ "type":"object", "properties":{ "out-of-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":64000, "partition-visibility":"shared", "not":"per-conn-out-of-seq-rate-limit", "description":"Take action if out-of-seq pkts exceed configured threshold" }, "out-of-seq-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"out-of-seq-action", "description":"Configure action-list to take for out-of-seq exceed" }, "out-of-seq-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"out-of-seq-action-list-name", "description":"'drop': Drop packets for out-of-seq exceed (Default); 'blacklist-src': help Blacklist-src for out-of-seq exceed; 'ignore': help Ignore out-of-seq exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "per-conn-out-of-seq-rate-cfg":{ "type":"object", "properties":{ "per-conn-out-of-seq-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"out-of-seq", "description":"Take action if out-of-seq pkt rate exceed configured threshold" }, "per-conn-out-of-seq-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"per-conn-out-of-seq-rate-action", "description":"Configure action-list to take for out-of-seq rate exceed" }, "per-conn-out-of-seq-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"per-conn-out-of-seq-rate-action-list-name", "description":"'drop': Drop packets for out-of-seq rate exceed (Default); 'blacklist-src': help Blacklist-src for out-of-seq rate exceed; 'ignore': help Ignore out-of-seq rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "max-rexmit-syn-per-flow-cfg":{ "type":"object", "properties":{ "max-rexmit-syn-per-flow":{ "type":"number", "format":"number", "minimum":1, "maximum":6, "partition-visibility":"shared", "description":"Maximum number of re-transmit SYN per flow" }, "max-rexmit-syn-per-flow-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure action-list to take for max-rexmit-syn-per-flow exceed" }, "max-rexmit-syn-per-flow-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': Drop SYN packets for max-rexmit-syn-per-flow exceed (Default); 'blacklist-src': help Blacklist-src for max-rexmit-syn-per-flow exceed; ", "enum":[ "drop", "blacklist-src" ] } } }, "retransmit-cfg":{ "type":"object", "properties":{ "retransmit":{ "type":"number", "format":"number", "minimum":1, "maximum":64000, "partition-visibility":"shared", "not":"per-conn-retransmit-rate-limit", "description":"Take action if retransmit pkts exceed configured threshold" }, "retransmit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"retransmit-action", "description":"Configure action-list to take for retransmit exceed" }, "retransmit-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"retransmit-action-list-name", "description":"'drop': Drop packets for retrans exceed (Default); 'blacklist-src': help Blacklist-src for retrans exceed; 'ignore': help Ignore retrans exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "per-conn-retransmit-rate-cfg":{ "type":"object", "properties":{ "per-conn-retransmit-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"retransmit", "description":"Take action if retransmit pkt rate exceed configured threshold" }, "per-conn-retransmit-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"per-conn-retransmit-rate-action", "description":"Configure action-list to take for retransmit rate exceed" }, "per-conn-retransmit-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"per-conn-retransmit-rate-action-list-name", "description":"'drop': Drop packets for retrans rate exceed (Default); 'blacklist-src': help Blacklist-src for retrans rate exceed; 'ignore': help Ignore retrans rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "zero-win-cfg":{ "type":"object", "properties":{ "zero-win":{ "type":"number", "format":"number", "minimum":1, "maximum":250, "partition-visibility":"shared", "not":"per-conn-zero-win-rate-limit", "description":"Take action if zero window pkts exceed configured threshold" }, "zero-win-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"zero-win-action", "description":"Configure action-list to take for zero window exceed" }, "zero-win-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"zero-win-action-list-name", "description":"'drop': Drop packets for zero-win exceed (Default); 'blacklist-src': help Blacklist-src for zero-win exceed; 'ignore': Ignore zero-win exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "per-conn-zero-win-rate-cfg":{ "type":"object", "properties":{ "per-conn-zero-win-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"zero-win", "description":"Take action if zero window pkt rate exceed configured threshold" }, "per-conn-zero-win-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"per-conn-zero-win-rate-action", "description":"Configure action-list to take for zero window rate exceed" }, "per-conn-zero-win-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"per-conn-zero-win-rate-action-list-name", "description":"'drop': Drop packets for zero-win rate exceed (Default); 'blacklist-src': help Blacklist-src for zero-win rate exceed; 'ignore': Ignore zero-win rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "per-conn-pkt-rate-cfg":{ "type":"object", "properties":{ "per-conn-pkt-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Packet rate limit per connection per rate-interval" }, "per-conn-pkt-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"per-conn-pkt-rate-action", "description":"Configure action-list to take for per-conn-pkt-rate exceed" }, "per-conn-pkt-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"per-conn-pkt-rate-action-list-name", "description":"'drop': Drop packets for per-conn-pkt-rate exceed (Default); 'blacklist-src': help Blacklist-src for per-conn-pkt-rate exceed; 'ignore': Ignore per-conn-pkt-rate-exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "per-conn-rate-interval":{ "type":"string", "format":"enum", "default":"1sec", "partition-visibility":"shared", "description":"'100ms': 100ms; '1sec': 1sec; '10sec': 10sec; ", "enum":[ "100ms", "1sec", "10sec" ], "optional":true }, "dst":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "syn-rate-limit":{ "type":"object", "properties":{ "dst-syn-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "dst-syn-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': Drop packets for syn-rate exceed (Default); 'ignore': Ignore syn-rate-exceed; ", "enum":[ "drop", "ignore" ] } } } } } } }, "src":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "syn-rate-limit":{ "type":"object", "properties":{ "src-syn-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "src-syn-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-syn-rate-action", "description":"Configure action-list to take for syn-rate exceed" }, "src-syn-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"src-syn-rate-action-list-name", "description":"'drop': Drop packets for syn-rate exceed (Default); 'blacklist-src': Blacklist-src for syn-rate exceed; 'ignore': Ignore syn-rate-exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } } } } } }, "allow-synack-skip-authentications":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow create sessions on SYNACK without syn-auth and ack-auth (ASYM Mode only)", "optional":true }, "synack-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"track-together-with-syn", "description":"Config SYNACK rate limit", "optional":true }, "track-together-with-syn":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"synack-rate-limit", "description":"SYNACK will be counted in Dst Syn-rate limit", "optional":true }, "allow-syn-otherflags":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Treat TCP SYN+PSH as a TCP SYN (DST tcp ports support only)", "optional":true }, "allow-tcp-tfo":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow TCP Fast Open", "optional":true }, "conn-rate-limit-on-syn-only":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Only count SYN-initiated connections towards connection-rate tracking", "optional":true }, "action-on-syn-rto-retry-count":{ "type":"number", "format":"number", "minimum":2, "maximum":10, "partition-visibility":"shared", "description":"Take action if syn-auth RTO-authentication fail over retry time(default:5)", "optional":true }, "action-on-ack-rto-retry-count":{ "type":"number", "format":"number", "minimum":2, "maximum":10, "partition-visibility":"shared", "description":"Take action if ack-auth RTO-authentication fail over retry time(default:5)", "optional":true }, "ack-authentication-synack-reset":{ "type":"number", "format":"flag", "plat-neg-list":["soft-ax"], "default":0, "partition-visibility":"shared", "description":"Reset client TCP SYN+ACK for authentication (DST support only)", "optional":true }, "known-resp-src-port-cfg":{ "type":"object", "properties":{ "known-resp-src-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Take action if src-port is less than 1024" }, "known-resp-src-port-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"known-resp-src-port-action", "description":"Configure action-list to take for well-known src-port" }, "known-resp-src-port-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"known-resp-src-port-action-list-name", "description":"'drop': Drop packets from well-known src-port(Default); 'blacklist-src': Blacklist-src from well-known src-port; 'ignore': Ignore well-known src-port; ", "enum":[ "drop", "blacklist-src", "ignore" ] }, "exclude-src-resp-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Exclude src port equal to dst port" } } }, "syn-authentication":{ "type":"object", "properties":{ "syn-auth-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not-list":[ "syn-auth-timeout", "syn-auth-min-delay" ], "description":"'send-rst': Send reset to all concurrent client auth attempts after syn cookie check pass; 'force-rst-by-ack': Send client a bad ack after syn cookie check pass; 'force-rst-by-synack': Send client a bad synack after syn cookie check pass; 'send-rst-once': Send RST to one client concurrent auth attempts; ", "enum":[ "send-rst", "force-rst-by-ack", "force-rst-by-synack", "send-rst-once" ] }, "syn-auth-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "not":"syn-auth-type", "description":"syn retransmit timeout in seconds(default timeout: 5 seconds)" }, "syn-auth-min-delay":{ "type":"number", "format":"number", "minimum":1, "maximum":80, "partition-visibility":"shared", "not":"syn-auth-type", "description":"Minimum delay (in 100ms intervals) between SYN retransmits for retransmit-check to pass" }, "syn-auth-rto":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Estimate the RTO and apply the exponential back-off for authentication" }, "syn-auth-pass-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"syn-auth-pass-action", "description":"Configure action-list to take for passing the authentication" }, "syn-auth-pass-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"syn-auth-pass-action-list-name", "description":"'authenticate-src': authenticate-src (Default); ", "enum":[ "authenticate-src" ] }, "syn-auth-fail-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"syn-auth-fail-action", "description":"Configure action-list to take for failing the authentication." }, "syn-auth-fail-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"syn-auth-fail-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Send reset to client (Applicable to retransmit-check only); ", "enum":[ "drop", "blacklist-src", "reset" ] }, "allow-ra":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow RA packets to be used for auth" } } }, "ack-authentication":{ "type":"object", "properties":{ "ack-auth-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "description":"ack retransmit timeout in seconds(default timeout: 5 seconds)" }, "ack-auth-min-delay":{ "type":"number", "format":"number", "minimum":1, "maximum":80, "partition-visibility":"shared", "description":"Minimum delay (in 100ms intervals) between ACK retransmits for retransmit-check to pass" }, "ack-auth-only":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Apply retransmit-check only once per source address for authentication purpose" }, "ack-auth-rto":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Estimate the RTO and apply the exponential back-off for authentication" }, "ack-auth-pass-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"ack-auth-pass-action", "description":"Configure action-list to take for passing the authentication" }, "ack-auth-pass-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"ack-auth-pass-action-list-name", "description":"'authenticate-src': authenticate-src (Default); ", "enum":[ "authenticate-src" ] }, "ack-auth-fail-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"ack-auth-fail-action", "description":"Configure action-list to take for failing the authentication." }, "ack-auth-fail-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"ack-auth-fail-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Send reset to client; ", "enum":[ "drop", "blacklist-src", "reset" ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "progression-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking", "properties":{ "progression-tracking-enabled":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'enable-check': Enable Progression Tracking Check; ", "enum":[ "enable-check" ] }, "request-response-model":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': Enable Request Response Model; 'disable': Disable Request Response Model; ", "enum":[ "enable", "disable" ] }, "violation":{ "type":"number", "format":"number", "minimum":1, "maximum":255, "partition-visibility":"shared", "description":"Set the violation threshold" }, "ignore-TLS-handshake":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Ignore TLS handshake" }, "response-length-max":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set the maximum response length" }, "response-length-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum response length" }, "request-length-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum request length" }, "request-length-max":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum request length" }, "response-request-min-ratio":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum response to request ratio (in unit of 0.1% [1:1000])" }, "response-request-max-ratio":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set the maximum response to request ratio (in unit of 0.1% [1:1000])" }, "first-request-max-time":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum wait time from connection creation until the first data is transmitted over the connection (100 ms)" }, "request-to-response-max-time":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum request to response time (100 ms)" }, "response-to-request-max-time":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum response to request time (100 ms)" }, "profiling-request-response-model":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable auto-config progression tracking learning for Request Response model" }, "profiling-connection-life-model":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable auto-config progression tracking learning for connection model" }, "profiling-time-window-model":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable auto-config progression tracking learning for time window model" }, "progression-tracking-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"progression-tracking-action", "description":"Configure action-list to take when progression tracking violation exceed" }, "progression-tracking-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"progression-tracking-action-list-name", "description":"'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; ", "enum":[ "drop", "blacklist-src" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "connection-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking/connection-tracking", "properties":{ "progression-tracking-conn-enabled":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'enable-check': Enable General Progression Tracking per Connection; ", "enum":[ "enable-check" ] }, "conn-sent-max":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Set the maximum total sent byte" }, "conn-sent-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum total sent byte" }, "conn-rcvd-max":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Set the maximum total received byte" }, "conn-rcvd-min":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Set the minimum total received byte" }, "conn-rcvd-sent-ratio-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum received to sent ratio (in unit of milli-, 0.001)" }, "conn-rcvd-sent-ratio-max":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Set the maximum received to sent ratio (in unit of milli-, 0.001)" }, "conn-duration-max":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Set the maximum duration time (in unit of 100ms, up to 24 hours)" }, "conn-duration-min":{ "type":"number", "format":"number", "minimum":1, "maximum":864000, "partition-visibility":"shared", "description":"Set the minimum duration time (in unit of 100ms, up to 24 hours)" }, "conn-violation":{ "type":"number", "format":"number", "minimum":1, "maximum":255, "partition-visibility":"shared", "description":"Set the violation threshold" }, "progression-tracking-conn-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"progression-tracking-conn-action", "description":"Configure action-list to take when progression tracking violation exceed" }, "progression-tracking-conn-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"progression-tracking-conn-action-list-name", "description":"'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; ", "enum":[ "drop", "blacklist-src" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "time-window-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking/time-window-tracking", "properties":{ "progression-tracking-win-enabled":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'enable-check': Enable Progression Tracking per Time Window; ", "enum":[ "enable-check" ] }, "window-sent-max":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum total sent byte" }, "window-sent-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum total sent byte" }, "window-rcvd-max":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum total received byte" }, "window-rcvd-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum total received byte" }, "window-rcvd-sent-ratio-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum received to sent ratio (in unit of 0.1% [1:1000])" }, "window-rcvd-sent-ratio-max":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum received to sent ratio (in unit of 0.1% [1:1000])" }, "window-violation":{ "type":"number", "format":"number", "minimum":1, "maximum":255, "partition-visibility":"shared", "description":"Set the violation threshold" }, "progression-tracking-windows-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"progression-tracking-windows-action", "description":"Configure action-list to take when progression tracking violation exceed" }, "progression-tracking-windows-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"progression-tracking-windows-action-list-name", "description":"'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; ", "enum":[ "drop", "blacklist-src" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/tcp/{name}/filter/{tcp-filter-name}", "array":[ { "properties":{ "tcp-filter-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "tcp-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":200, "partition-visibility":"shared", "description":"Sequence number", "optional":true }, "tcp-filter-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "tcp-filter-inverse-match":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Inverse the result of the matching", "optional":true }, "byte-offset-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Filter using Berkeley Packet Filter syntax", "optional":true }, "tcp-filter-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"tcp-filter-action", "description":"Configure action-list to take", "optional":true }, "tcp-filter-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"tcp-filter-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; ", "enum":[ "drop", "ignore", "blacklist-src", "authenticate-src" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "tcp-filter-name" ] } ] } }, "object-keys":[ "name" ], "required":[ "name" ] }