.. _ddos_template_http: ddos template http ================== HTTP template Configuration http Specification ------------------ ===================================== ============================================================================ **Parameter** **Value** ===================================== ============================================================================ **Type** *Collection* **Object Key(s)** *http-tmpl-name* **Collection Name** :ref:`1189_http_list` **Collection URI** /axapi/v3/ddos/template/http **Element Name** http **Element URI** /axapi/v3/ddos/template/http/{http-tmpl-name} **Element Attributes** http_attributes **Partition Visibility** shared **Schema** :download:`http schema ` ===================================== ============================================================================ **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/template/http .. raw:: html :ref:`1189_http_attributes` .. raw:: html
Create List .. raw:: html POST .. raw:: html /axapi/v3/ddos/template/http .. raw:: html :ref:`1189_http_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/ddos/template/http/{http-tmpl-name} .. raw:: html :ref:`1189_http_attributes` .. raw:: html
Get List .. raw:: html GET .. raw:: html /axapi/v3/ddos/template/http .. raw:: html :ref:`1189_http_list` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/template/http/{http-tmpl-name} .. raw:: html :ref:`1189_http_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/ddos/template/http/{http-tmpl-name} .. raw:: html :ref:`1189_http_attributes` .. raw:: html
Replace List .. raw:: html PUT .. raw:: html /axapi/v3/ddos/template/http .. raw:: html :ref:`1189_http_list` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/ddos/template/http/{http-tmpl-name} .. raw:: html :ref:`1189_http_attributes` .. raw:: html
.. _1189_http_list: http-list --------- http-list is **JSON List** of :ref:`1189_http_attributes` http-list : [ { :ref:`1189_http_attributes` }, { :ref:`1189_http_attributes` }, ... ] .. _1189_http_attributes: http attributes --------------- **action** **Description** 'drop': Drop packets for the connection; 'reset': Send RST for the connection; **Type:** string **Supported Values:** drop, reset **Default:** drop **agent-filter** **Description:** agent-filter is a **JSON Block**. Please see below for :ref:`1189_agent-filter` **Type:** Object **challenge-cookie-name** **Description** Set the cookie name used to send back to client. Default is sto-idd **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Default:** sto-idd **challenge-interval** **Description** Specify the challenge interval. Default is 8 seconds **Type:** number **Range:** 1-31 **Default:** 8 **challenge-keep-cookie** **Description** Keep the challenge cookie from client and forward to backend. Default is do not keep **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **challenge-method** **Description** 'http-redirect': http-redirect; 'javascript': javascript; **Type:** string **Supported Values:** http-redirect, javascript **challenge-redirect-code** **Description** '302': 302 Found; '307': 307 Temporary Redirect; **Type:** string **Supported Values:** 302, 307 **Default:** 302 **challenge-uri-encode** **Description** Encode the challenge phrase in uri instead of in http cookie. Default encoded in http cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable** **Description** Disable this template **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disallow-connect-method** **Description** Do not allow HTTP Connect method (asymmetric mode only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **filter-header-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/template/http/{http-tmpl-name}/filter-header/{http-filter-header-seq} ` **http-tmpl-name** **Description** DDOS HTTP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **idle-timeout** **Description** Set the the idle timeout value in seconds for HTTP connections **Type:** number **Range:** 1-63 **ignore-zero-payload** **Description** Don't reset idle timer on packets with zero payload length from clients **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malformed-http** **Description:** malformed-http is a **JSON Block**. Please see below for :ref:`1189_malformed-http` **Type:** Object **mss-cfg** **Description:** mss-cfg is a **JSON Block**. Please see below for :ref:`1189_mss-cfg` **Type:** Object **multi-pu-threshold-distribution** **Description:** multi-pu-threshold-distribution is a **JSON Block**. Please see below for :ref:`1189_multi-pu-threshold-distribution` **Type:** Object **non-http-bypass** **Description** Bypass non-http traffic instead of dropping **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **out-of-order-queue-size** **Description** Set the number of packets for the out-of-order HTTP queue (asym mode only) **Type:** number **Range:** 0-15 **Default:** 3 **out-of-order-queue-timeout** **Description** Set the timeout value in seconds for out-of-order queue in HTTP (asym mode only) **Type:** number **Range:** 0-15 **Default:** 3 **post-rate-limit** **Description** Configure rate limiting for HTTP POST request **Type:** number **Range:** 1-16000000 **referer-filter** **Description:** referer-filter is a **JSON Block**. Please see below for :ref:`1189_referer-filter` **Type:** Object **request-header** **Description:** request-header is a **JSON Block**. Please see below for :ref:`1189_request-header` **Type:** Object **request-rate-limit** **Description:** request-rate-limit is a **JSON Block**. Please see below for :ref:`1189_request-rate-limit` **Type:** Object **response-rate-limit** **Description:** response-rate-limit is a **JSON Block**. Please see below for :ref:`1189_response-rate-limit` **Type:** Object **slow-read-drop** **Description:** slow-read-drop is a **JSON Block**. Please see below for :ref:`1189_slow-read-drop` **Type:** Object **use-hdr-ip-cfg** **Description:** use-hdr-ip-cfg is a **JSON Block**. Please see below for :ref:`1189_use-hdr-ip-cfg` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1189_request-rate-limit: request-rate-limit ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **request-rate** **Description** HTTP request rate limit **Type:** number **Range:** 1-16000000 **uri** **Type:** List .. _1189_request-rate-limit_uri: request-rate-limit_uri ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **contains-cfg** **Description:** contains-cfg is a **JSON Block**. Please see below for :ref:`1189_request-rate-limit_uri_contains-cfg` **Type:** Object **ends-cfg** **Description:** ends-cfg is a **JSON Block**. Please see below for :ref:`1189_request-rate-limit_uri_ends-cfg` **Type:** Object **equal-cfg** **Description:** equal-cfg is a **JSON Block**. Please see below for :ref:`1189_request-rate-limit_uri_equal-cfg` **Type:** Object **starts-cfg** **Description:** starts-cfg is a **JSON Block**. Please see below for :ref:`1189_request-rate-limit_uri_starts-cfg` **Type:** Object .. _1189_request-rate-limit_uri_equal-cfg: request-rate-limit_uri_equal-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **url-equals** **Description** Request rate-limit HTTP URI matching a specified pattern **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **url-equals-rate** **Description** Request rate limit **Type:** number **Range:** 1-16000000 .. _1189_request-rate-limit_uri_starts-cfg: request-rate-limit_uri_starts-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **url-starts-with** **Description** Request rate-limit HTTP URI strting with a specified pattern **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **url-starts-with-rate** **Description** Request rate limit **Type:** number **Range:** 1-16000000 .. _1189_request-rate-limit_uri_contains-cfg: request-rate-limit_uri_contains-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **url-contains** **Description** Request rate-limit HTTP URI containing a specified pattern **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **url-contains-rate** **Description** Request rate limit **Type:** number **Range:** 1-16000000 .. _1189_request-rate-limit_uri_ends-cfg: request-rate-limit_uri_ends-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **url-ends-with** **Description** Request rate-limit HTTP URI ending with a specified pattern **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **url-ends-with-rate** **Description** Request rate limit **Type:** number **Range:** 1-16000000 .. _1189_multi-pu-threshold-distribution: multi-pu-threshold-distribution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **multi-pu-threshold-distribution-disable** **Description** 'disable': Destination side rate limit only. Default: Enable; **Type:** string **Supported Values:** disable **Mutual Exclusion:** multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive **multi-pu-threshold-distribution-value** **Description** Destination side rate limit only. Default: 0 **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive .. _1189_malformed-http: malformed-http ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **malformed-http-bad-chunk-mon-enabled** **Description** Enabling bad chunk monitoring. Default is disabled **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malformed-http-enabled** **Description** Enabling ddos malformed http protection. Default value is disabled. **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malformed-http-max-content-length** **Description** Set the maximum content-length header. Default value is 4294967295 bytes **Type:** number **Range:** 1-4294967295 **Default:** 4294967295 **malformed-http-max-header-name-size** **Description** Set the maxinum header name length. Default value is 64. **Type:** number **Range:** 1-64 **Default:** 64 **malformed-http-max-line-size** **Description** Set the maximum line size. Default value is 32512 **Type:** number **Range:** 1-65280 **Default:** 32512 **malformed-http-max-num-headers** **Description** Set the maximum number of headers. Default value is 90 **Type:** number **Range:** 1-90 **Default:** 90 **malformed-http-max-req-line-size** **Description** Set the maximum request line size. Default value is 32512 **Type:** number **Range:** 1-65280 **Default:** 32512 .. _1189_request-header: request-header ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **timeout** **Description** **Type:** number **Range:** 1-63 .. _1189_agent-filter: agent-filter ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **agent-contains-cfg** **Type:** List **agent-ends-cfg** **Type:** List **agent-equals-cfg** **Type:** List **agent-filter-blacklist** **Description** Blacklist the source if the user-agent matches **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **agent-starts-cfg** **Type:** List .. _1189_agent-filter_agent-contains-cfg: agent-filter_agent-contains-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **agent-contains** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1189_agent-filter_agent-ends-cfg: agent-filter_agent-ends-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **agent-ends-with** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1189_agent-filter_agent-equals-cfg: agent-filter_agent-equals-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **agent-equals** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1189_agent-filter_agent-starts-cfg: agent-filter_agent-starts-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **agent-starts-with** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1189_filter-header-list: filter-header-list ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-header-blacklist** **Description** Also blacklist the source when action is taken **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **http-filter-header-count-only** **Description** Take no action and continue processing the next filter **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **http-filter-header-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **http-filter-header-seq** **Description** Sequence number **Type:** number **Range:** 1-5 **http-filter-header-unmatched** **Description** action taken when it does not match **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **http-filter-header-whitelist** **Description** Whitelist the source after filter passes, packets are dropped until then **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1189_response-rate-limit: response-rate-limit ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **obj-size** **Description:** obj-size is a **JSON Block**. Please see below for :ref:`1189_response-rate-limit_obj-size` **Type:** Object .. _1189_response-rate-limit_obj-size: response-rate-limit_obj-size ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **between-cfg** **Type:** List **greater-cfg** **Type:** List **less-cfg** **Type:** List .. _1189_response-rate-limit_obj-size_between-cfg: response-rate-limit_obj-size_between-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **obj-between-rate** **Description** Response rate limit **Type:** number **Range:** 1-16000000 **obj-between1** **Description** Response size configuration **Type:** number **Range:** 1-16000000 **obj-between2** **Description** Response size configuration **Type:** number **Range:** 1-16000000 .. _1189_response-rate-limit_obj-size_greater-cfg: response-rate-limit_obj-size_greater-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **obj-greater** **Description** Response size configuration **Type:** number **Range:** 1-16000000 **obj-greater-rate** **Description** Response rate limit **Type:** number **Range:** 1-16000000 .. _1189_response-rate-limit_obj-size_less-cfg: response-rate-limit_obj-size_less-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **obj-less** **Description** Response size configuration **Type:** number **Range:** 1-16000000 **obj-less-rate** **Description** Response rate limit **Type:** number **Range:** 1-16000000 .. _1189_mss-cfg: mss-cfg ^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **mss-percent** **Description** Configure percentage of mss such that if a packet size is below the mss times mss-percent, packet is considered bad. **Type:** number **Range:** 1-100 **mss-timeout** **Description** Configure DDOS detection based on mss and packet size **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **number-packets** **Description** Specify percentage of mss. Default is 0, mss-timeout is not enabled. **Type:** number **Range:** 1-31 .. _1189_referer-filter: referer-filter ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ref-filter-blacklist** **Description** Blacklist the source if the referer matches **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **referer-contains-cfg** **Type:** List **referer-ends-cfg** **Type:** List **referer-equals-cfg** **Type:** List **referer-starts-cfg** **Type:** List .. _1189_referer-filter_referer-equals-cfg: referer-filter_referer-equals-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **referer-equals** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1189_referer-filter_referer-starts-cfg: referer-filter_referer-starts-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **referer-starts-with** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1189_referer-filter_referer-contains-cfg: referer-filter_referer-contains-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **referer-contains** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1189_referer-filter_referer-ends-cfg: referer-filter_referer-ends-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **referer-ends-with** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1189_slow-read-drop: slow-read-drop ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **min-window-count** **Description** Number of packets **Type:** number **Range:** 1-31 **min-window-size** **Description** minimum window size **Type:** number **Range:** 1-65535 .. _1189_use-hdr-ip-cfg: use-hdr-ip-cfg ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **l7-hdr-name** **Description** Set the http header name to parse for client ip. Default is X-Forwarded-For **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Default:** X-Forwarded-For **use-hdr-ip-as-source** **Description** Mitigate on src ip specified by http header for example X-Forwarded-For header. Default is disabled **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0