.. _ddos_template_ssl_l4: ddos template ssl-l4 ==================== SSL-L4 template Configuration ssl-l4 Specification -------------------- ===================================== ================================================================================ **Parameter** **Value** ===================================== ================================================================================ **Type** *Collection* **Object Key(s)** *ssl-l4-tmpl-name* **Collection Name** :ref:`1203_ssl-l4_list` **Collection URI** /axapi/v3/ddos/template/ssl-l4 **Element Name** ssl-l4 **Element URI** /axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name} **Element Attributes** ssl-l4_attributes **Partition Visibility** shared **Schema** :download:`ssl-l4 schema ` ===================================== ================================================================================ **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/template/ssl-l4 .. raw:: html :ref:`1203_ssl-l4_attributes` .. raw:: html
Create List .. raw:: html POST .. raw:: html /axapi/v3/ddos/template/ssl-l4 .. raw:: html :ref:`1203_ssl-l4_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name} .. raw:: html :ref:`1203_ssl-l4_attributes` .. raw:: html
Get List .. raw:: html GET .. raw:: html /axapi/v3/ddos/template/ssl-l4 .. raw:: html :ref:`1203_ssl-l4_list` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name} .. raw:: html :ref:`1203_ssl-l4_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name} .. raw:: html :ref:`1203_ssl-l4_attributes` .. raw:: html
Replace List .. raw:: html PUT .. raw:: html /axapi/v3/ddos/template/ssl-l4 .. raw:: html :ref:`1203_ssl-l4_list` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name} .. raw:: html :ref:`1203_ssl-l4_attributes` .. raw:: html
.. _1203_ssl-l4_list: ssl-l4-list ----------- ssl-l4-list is **JSON List** of :ref:`1203_ssl-l4_attributes` ssl-l4-list : [ { :ref:`1203_ssl-l4_attributes` }, { :ref:`1203_ssl-l4_attributes` }, ... ] .. _1203_ssl-l4_attributes: ssl-l4 attributes ----------------- **action** **Description** 'drop': drop; 'reset': reset; **Type:** string **Supported Values:** drop, reset **Default:** drop **allow-non-tls** **Description** Allow Non-TLS (SSLv3 and lower) traffic (Warning: security may be compromised) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **auth-config-cfg** **Description:** auth-config-cfg is a **JSON Block**. Please see below for :ref:`1203_auth-config-cfg` **Type:** Object **cert-cfg** **Description:** cert-cfg is a **JSON Block**. Please see below for :ref:`1203_cert-cfg` **Type:** Object **disable** **Description** Disable this template **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **multi-pu-threshold-distribution** **Description:** multi-pu-threshold-distribution is a **JSON Block**. Please see below for :ref:`1203_multi-pu-threshold-distribution` **Type:** Object **renegotiation** **Description** Configure renegotiation limiting for SSL (Number of renegotiation allowed) **Type:** number **Range:** 0-7 **request-rate-limit** **Description** Configure rate limiting for SSL **Type:** number **Range:** 1-16000000 **server-name-list** **Type:** List **ssl-l4-tmpl-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-traffic-check** **Description:** ssl-traffic-check is a **JSON Block**. Please see below for :ref:`1203_ssl-traffic-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name}/ssl-traffic-check ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1203_cert-cfg: cert-cfg ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **cert** **Description** SSL certificate **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **key** **Description** SSL key **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **key-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **key-passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1203_auth-config-cfg: auth-config-cfg ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **auth-handshake-fail-action** **Description** 'blacklist-src': Blacklist-src when auth handshake fails; **Type:** string **Supported Values:** blacklist-src **timeout** **Description** Connection timeout **Type:** number **Range:** 1-31 **Default:** 5 **trials** **Description** Number of failed handshakes **Type:** number **Range:** 0-15 **Default:** 5 .. _1203_ssl-traffic-check: ssl-traffic-check ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **check-resumed-connection** **Description** Apply checks to SSL connections initialized by ACK packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **header-action** **Description** 'drop': Drop packets with bad ssl header; 'ignore': Forward packets with bad ssl header; **Type:** string **Supported Values:** drop, ignore **header-inspection** **Description** Inspect ssl header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1203_multi-pu-threshold-distribution: multi-pu-threshold-distribution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **multi-pu-threshold-distribution-disable** **Description** 'disable': Destination side rate limit only. Default: Enable; **Type:** string **Supported Values:** disable **Mutual Exclusion:** multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive **multi-pu-threshold-distribution-value** **Description** Destination side rate limit only. Default: 0 **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive .. _1203_server-name-list: server-name-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **server-cert** **Description** Server Certificate associated to SNI (Server Certificate Name) **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **server-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **server-key** **Description** Server Private Key associated to SNI (Server Private Key Name) **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **server-name** **Description** Server name indication in Client hello extension (Server name String) **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **server-passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters