.. _ddos_zone_template: ddos zone-template ================== Define a DDOS zone-template zone-template Specification --------------------------- ===================================== =========================================================== **Parameter** **Value** ===================================== =========================================================== **Type** *Intermediate Resource* **Element Name** zone-template **Element URI** /axapi/v3/ddos/zone-template **Element Attributes** zone-template_attributes **Partition Visibility** shared **Schema** :download:`zone-template schema ` ===================================== =========================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Get Object .. raw:: html GET .. raw:: html /axapi/v3/ddos/zone-template .. raw:: html zone-template_attributes .. raw:: html
.. _1277_zone-template_attributes: zone-template attributes ------------------------ **dns-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/dns/{name} ` **encap-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/encap/{encap-tmpl-name} ` **http-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/http/{http-tmpl-name} ` **icmp-v4-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name} ` **icmp-v6-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name} ` **ip-proto-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/ip-proto/{name} ` **logging-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/logging/{logging-tmpl-name} ` **quic-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/quic/{quic-tmpl-name} ` **sip-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/sip/{sip-tmpl-name} ` **ssl-l4-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/ssl-l4/{ssl-l4-tmpl-name} ` **tcp-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/tcp/{name} ` **udp-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/udp/{name} ` .. _1277_logging-list: logging-list ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **enable-action-logging** **Description** Log action taken **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-format-cef** **Description** Log in CEF format **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-format-custom** **Description** Customize log format **Type:** string **Format:** string-rlx **Maximum Length:** 512 characters **Maximum Length:** 1 characters **logging-tmpl-name** **Description** DDOS Logging Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Default:** default **use-obj-name** **Description** Show obj name instead of ip in the log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_tcp-list: tcp-list ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ack-authentication** **Description:** ack-authentication is a **JSON Block**. Please see below for :ref:`1277_tcp-list_ack-authentication` **Type:** Object **ack-authentication-synack-reset** **Description** Reset client TCP SYN+ACK for authentication (DST support only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **action-on-ack-rto-retry-count** **Description** Take action if ack-auth RTO-authentication fail over retry time(default:5) **Type:** number **Range:** 2-10 **action-on-syn-rto-retry-count** **Description** Take action if syn-auth RTO-authentication fail over retry time(default:5) **Type:** number **Range:** 2-10 **age** **Description** Session age in minutes **Type:** number **Range:** 1-63 **Default:** 2 **allow-syn-otherflags** **Description** Treat TCP SYN+PSH as a TCP SYN (DST tcp ports support only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-synack-skip-authentications** **Description** Allow create sessions on SYNACK without syn-auth and ack-auth (ASYM Mode only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-tcp-tfo** **Description** Allow TCP Fast Open **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **concurrent** **Description** Enable concurrent port access for non-matching ports (DST support only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **conn-rate-limit-on-syn-only** **Description** Only count SYN-initiated connections towards connection-rate tracking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **create-conn-on-syn-only** **Description** Enable connection establishment on SYN only **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`1277_tcp-list_dst` **Type:** Object **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/tcp/{name}/filter/{tcp-filter-name} ` **filter-match-type** **Description** 'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; **Type:** string **Supported Values:** default, stop-on-first-match **Default:** default **known-resp-src-port-cfg** **Description:** known-resp-src-port-cfg is a **JSON Block**. Please see below for :ref:`1277_tcp-list_known-resp-src-port-cfg` **Type:** Object **max-rexmit-syn-per-flow-cfg** **Description:** max-rexmit-syn-per-flow-cfg is a **JSON Block**. Please see below for :ref:`1277_tcp-list_max-rexmit-syn-per-flow-cfg` **Type:** Object **name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **out-of-seq-cfg** **Description:** out-of-seq-cfg is a **JSON Block**. Please see below for :ref:`1277_tcp-list_out-of-seq-cfg` **Type:** Object **per-conn-out-of-seq-rate-cfg** **Description:** per-conn-out-of-seq-rate-cfg is a **JSON Block**. Please see below for :ref:`1277_tcp-list_per-conn-out-of-seq-rate-cfg` **Type:** Object **per-conn-pkt-rate-cfg** **Description:** per-conn-pkt-rate-cfg is a **JSON Block**. Please see below for :ref:`1277_tcp-list_per-conn-pkt-rate-cfg` **Type:** Object **per-conn-rate-interval** **Description** '100ms': 100ms; '1sec': 1sec; '10sec': 10sec; **Type:** string **Supported Values:** 100ms, 1sec, 10sec **Default:** 1sec **per-conn-retransmit-rate-cfg** **Description:** per-conn-retransmit-rate-cfg is a **JSON Block**. Please see below for :ref:`1277_tcp-list_per-conn-retransmit-rate-cfg` **Type:** Object **per-conn-zero-win-rate-cfg** **Description:** per-conn-zero-win-rate-cfg is a **JSON Block**. Please see below for :ref:`1277_tcp-list_per-conn-zero-win-rate-cfg` **Type:** Object **progression-tracking** **Description:** progression-tracking is a **JSON Block**. Please see below for :ref:`1277_tcp-list_progression-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking ` **retransmit-cfg** **Description:** retransmit-cfg is a **JSON Block**. Please see below for :ref:`1277_tcp-list_retransmit-cfg` **Type:** Object **src** **Description:** src is a **JSON Block**. Please see below for :ref:`1277_tcp-list_src` **Type:** Object **syn-authentication** **Description:** syn-authentication is a **JSON Block**. Please see below for :ref:`1277_tcp-list_syn-authentication` **Type:** Object **syn-cookie** **Description** Enable SYN Cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **synack-rate-limit** **Description** Config SYNACK rate limit **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** synack-rate-limit and track-together-with-syn are mutually exclusive **track-together-with-syn** **Description** SYNACK will be counted in Dst Syn-rate limit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** track-together-with-syn and synack-rate-limit are mutually exclusive **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zero-win-cfg** **Description:** zero-win-cfg is a **JSON Block**. Please see below for :ref:`1277_tcp-list_zero-win-cfg` **Type:** Object .. _1277_tcp-list_syn-authentication: tcp-list_syn-authentication ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **allow-ra** **Description** Allow RA packets to be used for auth **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **syn-auth-fail-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Send reset to client (Applicable to retransmit-check only); **Type:** string **Supported Values:** drop, blacklist-src, reset **Mutual Exclusion:** syn-auth-fail-action and syn-auth-fail-action-list-name are mutually exclusive **syn-auth-fail-action-list-name** **Description** Configure action-list to take for failing the authentication. **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** syn-auth-fail-action-list-name and syn-auth-fail-action are mutually exclusive **syn-auth-min-delay** **Description** Minimum delay (in 100ms intervals) between SYN retransmits for retransmit-check to pass **Type:** number **Range:** 1-80 **Mutual Exclusion:** syn-auth-min-delay and syn-auth-type are mutually exclusive **syn-auth-pass-action** **Description** 'authenticate-src': authenticate-src (Default); **Type:** string **Supported Values:** authenticate-src **Mutual Exclusion:** syn-auth-pass-action and syn-auth-pass-action-list-name are mutually exclusive **syn-auth-pass-action-list-name** **Description** Configure action-list to take for passing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** syn-auth-pass-action-list-name and syn-auth-pass-action are mutually exclusive **syn-auth-rto** **Description** Estimate the RTO and apply the exponential back-off for authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **syn-auth-timeout** **Description** syn retransmit timeout in seconds(default timeout: 5 seconds) **Type:** number **Range:** 1-31 **Mutual Exclusion:** syn-auth-timeout and syn-auth-type are mutually exclusive **syn-auth-type** **Description** 'send-rst': Send reset to client after syn cookie check pass; 'force-rst-by-ack': Send client a bad ack after syn cookie check pass; 'force-rst-by-synack': Send client a bad synack after syn cookie check pass; **Type:** string **Supported Values:** send-rst, force-rst-by-ack, force-rst-by-synack, send-rst-once **Mutual Exclusion:** syn-auth-type, syn-auth-timeout, and syn-auth-min-delay are mutually exclusive .. _1277_tcp-list_ack-authentication: tcp-list_ack-authentication ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ack-auth-fail-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Send reset to client; **Type:** string **Supported Values:** drop, blacklist-src, reset **Mutual Exclusion:** ack-auth-fail-action and ack-auth-fail-action-list-name are mutually exclusive **ack-auth-fail-action-list-name** **Description** Configure action-list to take for failing the authentication. **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** ack-auth-fail-action-list-name and ack-auth-fail-action are mutually exclusive **ack-auth-min-delay** **Description** Minimum delay (in 100ms intervals) between ACK retransmits for retransmit-check to pass **Type:** number **Range:** 1-80 **ack-auth-only** **Description** Apply retransmit-check only once per source address for authentication purpose **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ack-auth-pass-action** **Description** 'authenticate-src': authenticate-src (Default); **Type:** string **Supported Values:** authenticate-src **Mutual Exclusion:** ack-auth-pass-action and ack-auth-pass-action-list-name are mutually exclusive **ack-auth-pass-action-list-name** **Description** Configure action-list to take for passing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** ack-auth-pass-action-list-name and ack-auth-pass-action are mutually exclusive **ack-auth-rto** **Description** Estimate the RTO and apply the exponential back-off for authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ack-auth-timeout** **Description** ack retransmit timeout in seconds(default timeout: 5 seconds) **Type:** number **Range:** 1-31 .. _1277_tcp-list_retransmit-cfg: tcp-list_retransmit-cfg ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **retransmit** **Description** Take action if retransmit pkts exceed configured threshold **Type:** number **Range:** 1-64000 **Mutual Exclusion:** retransmit and per-conn-retransmit-rate-limit are mutually exclusive **retransmit-action** **Description** 'drop': Drop packets for retrans exceed (Default); 'blacklist-src': help Blacklist-src for retrans exceed; 'ignore': help Ignore retrans exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** retransmit-action and retransmit-action-list-name are mutually exclusive **retransmit-action-list-name** **Description** Configure action-list to take for retransmit exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** retransmit-action-list-name and retransmit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_tcp-list_dst: tcp-list_dst ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1277_tcp-list_dst_rate-limit` **Type:** Object .. _1277_tcp-list_dst_rate-limit: tcp-list_dst_rate-limit ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **syn-rate-limit** **Description:** syn-rate-limit is a **JSON Block**. Please see below for :ref:`1277_tcp-list_dst_rate-limit_syn-rate-limit` **Type:** Object .. _1277_tcp-list_dst_rate-limit_syn-rate-limit: tcp-list_dst_rate-limit_syn-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-syn-rate-action** **Description** 'drop': Drop packets for syn-rate exceed (Default); 'ignore': Ignore syn-rate-exceed; **Type:** string **Supported Values:** drop, ignore **Default:** drop **dst-syn-rate-limit** **Description** **Type:** number **Range:** 1-16000000 .. _1277_tcp-list_per-conn-retransmit-rate-cfg: tcp-list_per-conn-retransmit-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **per-conn-retransmit-rate-action** **Description** 'drop': Drop packets for retrans rate exceed (Default); 'blacklist-src': help Blacklist-src for retrans rate exceed; 'ignore': help Ignore retrans rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** per-conn-retransmit-rate-action and per-conn-retransmit-rate-action-list-name are mutually exclusive **per-conn-retransmit-rate-action-list-name** **Description** Configure action-list to take for retransmit rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** per-conn-retransmit-rate-action-list-name and per-conn-retransmit-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **per-conn-retransmit-rate-limit** **Description** Take action if retransmit pkt rate exceed configured threshold **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** per-conn-retransmit-rate-limit and retransmit are mutually exclusive .. _1277_tcp-list_per-conn-zero-win-rate-cfg: tcp-list_per-conn-zero-win-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **per-conn-zero-win-rate-action** **Description** 'drop': Drop packets for zero-win rate exceed (Default); 'blacklist-src': help Blacklist-src for zero-win rate exceed; 'ignore': Ignore zero-win rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** per-conn-zero-win-rate-action and per-conn-zero-win-rate-action-list-name are mutually exclusive **per-conn-zero-win-rate-action-list-name** **Description** Configure action-list to take for zero window rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** per-conn-zero-win-rate-action-list-name and per-conn-zero-win-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **per-conn-zero-win-rate-limit** **Description** Take action if zero window pkt rate exceed configured threshold **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** per-conn-zero-win-rate-limit and zero-win are mutually exclusive .. _1277_tcp-list_per-conn-pkt-rate-cfg: tcp-list_per-conn-pkt-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **per-conn-pkt-rate-action** **Description** 'drop': Drop packets for per-conn-pkt-rate exceed (Default); 'blacklist-src': help Blacklist-src for per-conn-pkt-rate exceed; 'ignore': Ignore per-conn-pkt-rate-exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** per-conn-pkt-rate-action and per-conn-pkt-rate-action-list-name are mutually exclusive **per-conn-pkt-rate-action-list-name** **Description** Configure action-list to take for per-conn-pkt-rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** per-conn-pkt-rate-action-list-name and per-conn-pkt-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **per-conn-pkt-rate-limit** **Description** Packet rate limit per connection per rate-interval **Type:** number **Range:** 1-16000000 .. _1277_tcp-list_max-rexmit-syn-per-flow-cfg: tcp-list_max-rexmit-syn-per-flow-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **max-rexmit-syn-per-flow** **Description** Maximum number of re-transmit SYN per flow **Type:** number **Range:** 1-6 **max-rexmit-syn-per-flow-action** **Description** 'drop': Drop SYN packets for max-rexmit-syn-per-flow exceed (Default); 'blacklist-src': help Blacklist-src for max-rexmit-syn-per-flow exceed; **Type:** string **Supported Values:** drop, blacklist-src **Default:** drop **max-rexmit-syn-per-flow-action-list-name** **Description** Configure action-list to take for max-rexmit-syn-per-flow exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_tcp-list_src: tcp-list_src ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1277_tcp-list_src_rate-limit` **Type:** Object .. _1277_tcp-list_src_rate-limit: tcp-list_src_rate-limit ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **syn-rate-limit** **Description:** syn-rate-limit is a **JSON Block**. Please see below for :ref:`1277_tcp-list_src_rate-limit_syn-rate-limit` **Type:** Object .. _1277_tcp-list_src_rate-limit_syn-rate-limit: tcp-list_src_rate-limit_syn-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-syn-rate-action** **Description** 'drop': Drop packets for syn-rate exceed (Default); 'blacklist-src': Blacklist-src for syn-rate exceed; 'ignore': Ignore syn-rate-exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** src-syn-rate-action and src-syn-rate-action-list-name are mutually exclusive **src-syn-rate-action-list-name** **Description** Configure action-list to take for syn-rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-syn-rate-action-list-name and src-syn-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **src-syn-rate-limit** **Description** **Type:** number **Range:** 1-16000000 .. _1277_tcp-list_progression-tracking: tcp-list_progression-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **connection-tracking** **Description:** connection-tracking is a **JSON Block**. Please see below for :ref:`1277_tcp-list_progression-tracking_connection-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking/connection-tracking ` **first-request-max-time** **Description** Set the maximum wait time from connection creation until the first data is transmitted over the connection (100 ms) **Type:** number **Range:** 1-65535 **ignore-TLS-handshake** **Description** Ignore TLS handshake **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **profiling-connection-life-model** **Description** Enable auto-config progression tracking learning for connection model **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **profiling-request-response-model** **Description** Enable auto-config progression tracking learning for Request Response model **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **profiling-time-window-model** **Description** Enable auto-config progression tracking learning for time window model **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **progression-tracking-action** **Description** 'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; **Type:** string **Supported Values:** drop, blacklist-src **Default:** drop **Mutual Exclusion:** progression-tracking-action and progression-tracking-action-list-name are mutually exclusive **progression-tracking-action-list-name** **Description** Configure action-list to take when progression tracking violation exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** progression-tracking-action-list-name and progression-tracking-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **progression-tracking-enabled** **Description** 'enable-check': Enable Progression Tracking Check; **Type:** string **Supported Values:** enable-check **request-length-max** **Description** Set the maximum request length **Type:** number **Range:** 1-65535 **request-length-min** **Description** Set the minimum request length **Type:** number **Range:** 1-65535 **request-response-model** **Description** 'enable': Enable Request Response Model; 'disable': Disable Request Response Model; **Type:** string **Supported Values:** enable, disable **Default:** enable **request-to-response-max-time** **Description** Set the maximum request to response time (100 ms) **Type:** number **Range:** 1-65535 **response-length-max** **Description** Set the maximum response length **Type:** number **Range:** 1-4294967295 **response-length-min** **Description** Set the minimum response length **Type:** number **Range:** 1-65535 **response-request-max-ratio** **Description** Set the maximum response to request ratio (in unit of 0.1% [1:1000]) **Type:** number **Range:** 1-4294967295 **response-request-min-ratio** **Description** Set the minimum response to request ratio (in unit of 0.1% [1:1000]) **Type:** number **Range:** 1-65535 **response-to-request-max-time** **Description** Set the maximum response to request time (100 ms) **Type:** number **Range:** 1-65535 **time-window-tracking** **Description:** time-window-tracking is a **JSON Block**. Please see below for :ref:`1277_tcp-list_progression-tracking_time-window-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking/time-window-tracking ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **violation** **Description** Set the violation threshold **Type:** number **Range:** 1-255 .. _1277_tcp-list_progression-tracking_connection-tracking: tcp-list_progression-tracking_connection-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **conn-duration-max** **Description** Set the maximum duration time (in unit of 100ms, up to 24 hours) **Type:** number **Range:** 1-2147483647 **conn-duration-min** **Description** Set the minimum duration time (in unit of 100ms, up to 24 hours) **Type:** number **Range:** 1-864000 **conn-rcvd-max** **Description** Set the maximum total received byte **Type:** number **Range:** 1-2147483647 **conn-rcvd-min** **Description** Set the minimum total received byte **Type:** number **Range:** 1-2147483647 **conn-rcvd-sent-ratio-max** **Description** Set the maximum received to sent ratio (in unit of milli-, 0.001) **Type:** number **Range:** 1-2147483647 **conn-rcvd-sent-ratio-min** **Description** Set the minimum received to sent ratio (in unit of milli-, 0.001) **Type:** number **Range:** 1-65535 **conn-sent-max** **Description** Set the maximum total sent byte **Type:** number **Range:** 1-2147483647 **conn-sent-min** **Description** Set the minimum total sent byte **Type:** number **Range:** 1-65535 **conn-violation** **Description** Set the violation threshold **Type:** number **Range:** 1-255 **progression-tracking-conn-action** **Description** 'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; **Type:** string **Supported Values:** drop, blacklist-src **Default:** drop **Mutual Exclusion:** progression-tracking-conn-action and progression-tracking-conn-action-list-name are mutually exclusive **progression-tracking-conn-action-list-name** **Description** Configure action-list to take when progression tracking violation exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** progression-tracking-conn-action-list-name and progression-tracking-conn-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **progression-tracking-conn-enabled** **Description** 'enable-check': Enable General Progression Tracking per Connection; **Type:** string **Supported Values:** enable-check **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_tcp-list_progression-tracking_time-window-tracking: tcp-list_progression-tracking_time-window-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **progression-tracking-win-enabled** **Description** 'enable-check': Enable Progression Tracking per Time Window; **Type:** string **Supported Values:** enable-check **progression-tracking-windows-action** **Description** 'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; **Type:** string **Supported Values:** drop, blacklist-src **Default:** drop **Mutual Exclusion:** progression-tracking-windows-action and progression-tracking-windows-action-list-name are mutually exclusive **progression-tracking-windows-action-list-name** **Description** Configure action-list to take when progression tracking violation exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** progression-tracking-windows-action-list-name and progression-tracking-windows-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **window-rcvd-max** **Description** Set the maximum total received byte **Type:** number **Range:** 1-65535 **window-rcvd-min** **Description** Set the minimum total received byte **Type:** number **Range:** 1-65535 **window-rcvd-sent-ratio-max** **Description** Set the maximum received to sent ratio (in unit of 0.1% [1:1000]) **Type:** number **Range:** 1-65535 **window-rcvd-sent-ratio-min** **Description** Set the minimum received to sent ratio (in unit of 0.1% [1:1000]) **Type:** number **Range:** 1-65535 **window-sent-max** **Description** Set the maximum total sent byte **Type:** number **Range:** 1-65535 **window-sent-min** **Description** Set the minimum total sent byte **Type:** number **Range:** 1-65535 **window-violation** **Description** Set the violation threshold **Type:** number **Range:** 1-255 .. _1277_tcp-list_filter-list: tcp-list_filter-list ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **byte-offset-filter** **Description** Filter using Berkeley Packet Filter syntax **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **tcp-filter-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; **Type:** string **Supported Values:** drop, ignore, blacklist-src, authenticate-src **Default:** drop **Mutual Exclusion:** tcp-filter-action and tcp-filter-action-list-name are mutually exclusive **tcp-filter-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** tcp-filter-action-list-name and tcp-filter-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **tcp-filter-inverse-match** **Description** Inverse the result of the matching **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-filter-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp-filter-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **tcp-filter-seq** **Description** Sequence number **Type:** number **Range:** 1-200 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_tcp-list_known-resp-src-port-cfg: tcp-list_known-resp-src-port-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **exclude-src-resp-port** **Description** Exclude src port equal to dst port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **known-resp-src-port** **Description** Take action if src-port is less than 1024 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **known-resp-src-port-action** **Description** 'drop': Drop packets from well-known src-port(Default); 'blacklist-src': Blacklist-src from well-known src-port; 'ignore': Ignore well-known src-port; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** known-resp-src-port-action and known-resp-src-port-action-list-name are mutually exclusive **known-resp-src-port-action-list-name** **Description** Configure action-list to take for well-known src-port **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** known-resp-src-port-action-list-name and known-resp-src-port-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_tcp-list_zero-win-cfg: tcp-list_zero-win-cfg ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **zero-win** **Description** Take action if zero window pkts exceed configured threshold **Type:** number **Range:** 1-250 **Mutual Exclusion:** zero-win and per-conn-zero-win-rate-limit are mutually exclusive **zero-win-action** **Description** 'drop': Drop packets for zero-win exceed (Default); 'blacklist-src': help Blacklist-src for zero-win exceed; 'ignore': Ignore zero-win exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** zero-win-action and zero-win-action-list-name are mutually exclusive **zero-win-action-list-name** **Description** Configure action-list to take for zero window exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** zero-win-action-list-name and zero-win-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_tcp-list_per-conn-out-of-seq-rate-cfg: tcp-list_per-conn-out-of-seq-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **per-conn-out-of-seq-rate-action** **Description** 'drop': Drop packets for out-of-seq rate exceed (Default); 'blacklist-src': help Blacklist-src for out-of-seq rate exceed; 'ignore': help Ignore out-of-seq rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** per-conn-out-of-seq-rate-action and per-conn-out-of-seq-rate-action-list-name are mutually exclusive **per-conn-out-of-seq-rate-action-list-name** **Description** Configure action-list to take for out-of-seq rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** per-conn-out-of-seq-rate-action-list-name and per-conn-out-of-seq-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **per-conn-out-of-seq-rate-limit** **Description** Take action if out-of-seq pkt rate exceed configured threshold **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** per-conn-out-of-seq-rate-limit and out-of-seq are mutually exclusive .. _1277_tcp-list_out-of-seq-cfg: tcp-list_out-of-seq-cfg ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **out-of-seq** **Description** Take action if out-of-seq pkts exceed configured threshold **Type:** number **Range:** 1-64000 **Mutual Exclusion:** out-of-seq and per-conn-out-of-seq-rate-limit are mutually exclusive **out-of-seq-action** **Description** 'drop': Drop packets for out-of-seq exceed (Default); 'blacklist-src': help Blacklist-src for out-of-seq exceed; 'ignore': help Ignore out-of-seq exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** out-of-seq-action and out-of-seq-action-list-name are mutually exclusive **out-of-seq-action-list-name** **Description** Configure action-list to take for out-of-seq exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** out-of-seq-action-list-name and out-of-seq-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_quic-list: quic-list ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **fixed-bit-check-disable** **Description** Disable fixed-bit malform check **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **quic-tmpl-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **version-supported-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/quic/{quic-tmpl-name}/version-supported/{version-start}+{version-end} ` .. _1277_quic-list_version-supported-list: quic-list_version-supported-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **malformed-check** **Description:** malformed-check is a **JSON Block**. Please see below for :ref:`1277_quic-list_version-supported-list_malformed-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/quic/{quic-tmpl-name}/version-supported/{version-start}+{version-end}/malformed-check ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **version-action** **Description** 'drop': Drop packets; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, blacklist-src **Mutual Exclusion:** version-action and version-action-list-name are mutually exclusive **version-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** version-action-list-name and version-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **version-end** **Description** Version supported range end **Type:** string **Format:** time **Maximum Length:** 4294967295 characters **Maximum Length:** 1 characters **version-start** **Description** Configure versions supported **Type:** string **Format:** time **Maximum Length:** 4294967295 characters **Maximum Length:** 1 characters .. _1277_quic-list_version-supported-list_malformed-check: quic-list_version-supported-list_malformed-check ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **malformed-check-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, blacklist-src **Mutual Exclusion:** malformed-check-action and malformed-check-action-list-name are mutually exclusive **malformed-check-action-list-name** **Description** Configure action-list to take. Overwrites version action **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** malformed-check-action-list-name and malformed-check-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **malformed-enable** **Description** 'enable': Enable malformed check; **Type:** string **Supported Values:** enable **Default:** enable **max-destination-cid-length** **Description** Set the maximum destination CID length **Type:** number **Range:** 0-255 **Default:** 255 **max-source-cid-length** **Description** Set the maximum source CID length **Type:** number **Range:** 0-255 **Default:** 255 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_ssl-l4-list: ssl-l4-list ^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **allow-non-tls** **Description** Allow Non-TLS (SSLv3 and lower) traffic (Warning: security may be compromised) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **auth-handshake** **Description:** auth-handshake is a **JSON Block**. Please see below for :ref:`1277_ssl-l4-list_auth-handshake` **Type:** Object **disable** **Description** Disable this template **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`1277_ssl-l4-list_dst` **Type:** Object **multi-pu-threshold-distribution** **Description:** multi-pu-threshold-distribution is a **JSON Block**. Please see below for :ref:`1277_ssl-l4-list_multi-pu-threshold-distribution` **Type:** Object **renegotiation** **Description:** renegotiation is a **JSON Block**. Please see below for :ref:`1277_ssl-l4-list_renegotiation` **Type:** Object **src** **Description:** src is a **JSON Block**. Please see below for :ref:`1277_ssl-l4-list_src` **Type:** Object **ssl-l4-tmpl-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-traffic-check** **Description:** ssl-traffic-check is a **JSON Block**. Please see below for :ref:`1277_ssl-l4-list_ssl-traffic-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/ssl-l4/{ssl-l4-tmpl-name}/ssl-traffic-check ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_ssl-l4-list_auth-handshake: ssl-l4-list_auth-handshake ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **auth-handshake-fail-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, blacklist-src, reset **Mutual Exclusion:** auth-handshake-fail-action and auth-handshake-fail-action-list-name are mutually exclusive **auth-handshake-fail-action-list-name** **Description** Configure action-list to take for failing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** auth-handshake-fail-action-list-name and auth-handshake-fail-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **auth-handshake-pass-action** **Description** 'authenticate-src': authenticate-src (Default); **Type:** string **Supported Values:** authenticate-src **Mutual Exclusion:** auth-handshake-pass-action and auth-handshake-pass-action-list-name are mutually exclusive **auth-handshake-pass-action-list-name** **Description** Configure action-list to take for passing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** auth-handshake-pass-action-list-name and auth-handshake-pass-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **auth-handshake-timeout** **Description** Connection timeout (default 5 seconds) and trials (default 5 times) (DST support only) **Type:** number **Range:** 1-31 **Default:** 5 **auth-handshake-trials** **Description** Number of failed handshakes before entry marked black **Type:** number **Range:** 0-15 **Default:** 5 **cert-cfg** **Description:** cert-cfg is a **JSON Block**. Please see below for :ref:`1277_ssl-l4-list_auth-handshake_cert-cfg` **Type:** Object **server-name-list** **Type:** List .. _1277_ssl-l4-list_auth-handshake_cert-cfg: ssl-l4-list_auth-handshake_cert-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **cert** **Description** SSL certificate **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **key** **Description** SSL key **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **key-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **key-passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1277_ssl-l4-list_auth-handshake_server-name-list: ssl-l4-list_auth-handshake_server-name-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **server-cert** **Description** Server Certificate associated to SNI (Server Certificate Name) **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **server-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **server-key** **Description** Server Private Key associated to SNI (Server Private Key Name) **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **server-name** **Description** Server name indication in Client hello extension (Server name String) **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **server-passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1277_ssl-l4-list_src: ssl-l4-list_src ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1277_ssl-l4-list_src_rate-limit` **Type:** Object .. _1277_ssl-l4-list_src_rate-limit: ssl-l4-list_src_rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **request** **Description:** request is a **JSON Block**. Please see below for :ref:`1277_ssl-l4-list_src_rate-limit_request` **Type:** Object .. _1277_ssl-l4-list_src_rate-limit_request: ssl-l4-list_src_rate-limit_request ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-request-rate-limit** **Description** **Type:** number **Range:** 1-16000000 **src-request-rate-limit-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, reset **Mutual Exclusion:** src-request-rate-limit-action and src-request-rate-limit-action-list-name are mutually exclusive **src-request-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-request-rate-limit-action-list-name and src-request-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_ssl-l4-list_dst: ssl-l4-list_dst ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1277_ssl-l4-list_dst_rate-limit` **Type:** Object .. _1277_ssl-l4-list_dst_rate-limit: ssl-l4-list_dst_rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **request** **Description:** request is a **JSON Block**. Please see below for :ref:`1277_ssl-l4-list_dst_rate-limit_request` **Type:** Object .. _1277_ssl-l4-list_dst_rate-limit_request: ssl-l4-list_dst_rate-limit_request ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-request-rate-limit** **Description** **Type:** number **Range:** 1-16000000 **dst-request-rate-limit-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, reset **Mutual Exclusion:** dst-request-rate-limit-action and dst-request-rate-limit-action-list-name are mutually exclusive **dst-request-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-request-rate-limit-action-list-name and dst-request-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_ssl-l4-list_ssl-traffic-check: ssl-l4-list_ssl-traffic-check ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **check-resumed-connection** **Description** Apply checks to SSL connections initialized by ACK packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **header-action** **Description** 'drop': Drop packets with bad ssl header; 'ignore': Forward packets with bad ssl header; **Type:** string **Supported Values:** drop, ignore **header-inspection** **Description** Inspect ssl header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_ssl-l4-list_multi-pu-threshold-distribution: ssl-l4-list_multi-pu-threshold-distribution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **multi-pu-threshold-distribution-disable** **Description** 'disable': Destination side rate limit only. Default: Enable; **Type:** string **Supported Values:** disable **Mutual Exclusion:** multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive **multi-pu-threshold-distribution-value** **Description** Destination side rate limit only. Default: 0 **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive .. _1277_ssl-l4-list_renegotiation: ssl-l4-list_renegotiation ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **num-renegotiation** **Description** Number of renegotiation allowed **Type:** number **Range:** 0-7 **ssl-l4-reneg-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** ssl-l4-reneg-action and ssl-l4-reneg-action-list-name are mutually exclusive **ssl-l4-reneg-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** ssl-l4-reneg-action-list-name and ssl-l4-reneg-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_ip-proto-list: ip-proto-list ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/ip-proto/{name}/filter/{other-filter-name} ` **filter-match-type** **Description** 'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; **Type:** string **Supported Values:** default, stop-on-first-match **Default:** default **name** **Description** DDOS Ip-proto Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_ip-proto-list_filter-list: ip-proto-list_filter-list ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **byte-offset-filter** **Description** Filter using Berkeley Packet Filter syntax **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **other-filter-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; **Type:** string **Supported Values:** drop, ignore, blacklist-src, authenticate-src **Mutual Exclusion:** other-filter-action and other-filter-action-list-name are mutually exclusive **other-filter-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** other-filter-action-list-name and other-filter-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **other-filter-inverse-match** **Description** Inverse the result of the matching **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **other-filter-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **other-filter-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **other-filter-seq** **Description** Sequence number **Type:** number **Range:** 1-200 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_dns-list: dns-list ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **allow-query-class** **Description:** allow-query-class is a **JSON Block**. Please see below for :ref:`1277_dns-list_allow-query-class` **Type:** Object **allow-record-type** **Description:** allow-record-type is a **JSON Block**. Please see below for :ref:`1277_dns-list_allow-record-type` **Type:** Object **dns-any-check** **Description** Drop DNS queries of Type ANY **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-any-check-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Default:** drop **Mutual Exclusion:** dns-any-check-action and dns-any-check-action-list-name are mutually exclusive **dns-any-check-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dns-any-check-action-list-name and dns-any-check-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **dns-udp-authentication** **Description:** dns-udp-authentication is a **JSON Block**. Please see below for :ref:`1277_dns-list_dns-udp-authentication` **Type:** Object **domain-group-name** **Description** Apply a domain-group to the DNS template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`1277_dns-list_dst` **Type:** Object **fqdn-label-count-cfg** **Description:** fqdn-label-count-cfg is a **JSON Block**. Please see below for :ref:`1277_dns-list_fqdn-label-count-cfg` **Type:** Object **fqdn-label-len-cfg** **Type:** List **malformed-query-check** **Description:** malformed-query-check is a **JSON Block**. Please see below for :ref:`1277_dns-list_malformed-query-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/dns/{name}/malformed-query-check ` **multi-pu-threshold-distribution** **Description:** multi-pu-threshold-distribution is a **JSON Block**. Please see below for :ref:`1277_dns-list_multi-pu-threshold-distribution` **Type:** Object **name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **on-no-match** **Description** 'permit': permit; 'deny': deny (default); **Type:** string **Supported Values:** permit, deny **Default:** deny **src** **Description:** src is a **JSON Block**. Please see below for :ref:`1277_dns-list_src` **Type:** Object **symtimeout-cfg** **Description:** symtimeout-cfg is a **JSON Block**. Please see below for :ref:`1277_dns-list_symtimeout-cfg` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_dns-list_src: dns-list_src ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1277_dns-list_src_rate-limit` **Type:** Object .. _1277_dns-list_src_rate-limit: dns-list_src_rate-limit ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **nxdomain** **Description:** nxdomain is a **JSON Block**. Please see below for :ref:`1277_dns-list_src_rate-limit_nxdomain` **Type:** Object **request** **Description:** request is a **JSON Block**. Please see below for :ref:`1277_dns-list_src_rate-limit_request` **Type:** Object .. _1277_dns-list_src_rate-limit_request: dns-list_src_rate-limit_request ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-dns-request-rate-limit-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** src-dns-request-rate-limit-action and src-dns-request-rate-limit-action-list-name are mutually exclusive **src-dns-request-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-dns-request-rate-limit-action-list-name and src-dns-request-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **type** **Description:** type is a **JSON Block**. Please see below for :ref:`1277_dns-list_src_rate-limit_request_type` **Type:** Object .. _1277_dns-list_src_rate-limit_request_type: dns-list_src_rate-limit_request_type ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **A-cfg** **Description:** A-cfg is a **JSON Block**. Please see below for :ref:`1277_dns-list_src_rate-limit_request_type_A-cfg` **Type:** Object **AAAA-cfg** **Description:** AAAA-cfg is a **JSON Block**. Please see below for :ref:`1277_dns-list_src_rate-limit_request_type_AAAA-cfg` **Type:** Object **CNAME-cfg** **Description:** CNAME-cfg is a **JSON Block**. Please see below for :ref:`1277_dns-list_src_rate-limit_request_type_CNAME-cfg` **Type:** Object **MX-cfg** **Description:** MX-cfg is a **JSON Block**. Please see below for :ref:`1277_dns-list_src_rate-limit_request_type_MX-cfg` **Type:** Object **NS-cfg** **Description:** NS-cfg is a **JSON Block**. Please see below for :ref:`1277_dns-list_src_rate-limit_request_type_NS-cfg` **Type:** Object **SRV-cfg** **Description:** SRV-cfg is a **JSON Block**. Please see below for :ref:`1277_dns-list_src_rate-limit_request_type_SRV-cfg` **Type:** Object **dns-type-cfg** **Type:** List .. _1277_dns-list_src_rate-limit_request_type_SRV-cfg: dns-list_src_rate-limit_request_type_SRV-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **SRV** **Description** Service locator **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-dns-srv-rate** **Description** DNS request rate **Type:** number **Range:** 1-16000000 .. _1277_dns-list_src_rate-limit_request_type_CNAME-cfg: dns-list_src_rate-limit_request_type_CNAME-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **CNAME** **Description** Canonical name record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-dns-cname-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_dns-list_src_rate-limit_request_type_dns-type-cfg: dns-list_src_rate-limit_request_type_dns-type-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **src-dns-request-type** **Description** Other type value **Type:** number **Range:** 1-65535 **src-dns-request-type-rate** **Description** request rate limit **Type:** number **Range:** 1-16000000 .. _1277_dns-list_src_rate-limit_request_type_AAAA-cfg: dns-list_src_rate-limit_request_type_AAAA-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **AAAA** **Description** IPv6 address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-dns-aaaa-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_dns-list_src_rate-limit_request_type_A-cfg: dns-list_src_rate-limit_request_type_A-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **A** **Description** Address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-dns-a-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_dns-list_src_rate-limit_request_type_MX-cfg: dns-list_src_rate-limit_request_type_MX-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **MX** **Description** Mail exchange record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-dns-mx-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_dns-list_src_rate-limit_request_type_NS-cfg: dns-list_src_rate-limit_request_type_NS-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **NS** **Description** Name server record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-dns-ns-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_dns-list_src_rate-limit_nxdomain: dns-list_src_rate-limit_nxdomain ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns-nxdomain-rate** **Description** Limiting rate **Type:** number **Range:** 1-16000000 **dns-nxdomain-rate-limit-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** dns-nxdomain-rate-limit-action and dns-nxdomain-rate-limit-action-list-name are mutually exclusive **dns-nxdomain-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dns-nxdomain-rate-limit-action-list-name and dns-nxdomain-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_dns-list_fqdn-label-count-cfg: dns-list_fqdn-label-count-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **fqdn-label-count-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Send reset to client; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** fqdn-label-count-action and fqdn-label-count-action-list-name are mutually exclusive **fqdn-label-count-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fqdn-label-count-action-list-name and fqdn-label-count-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **label-count** **Description** Maximum number of FQDN labels per FQDN **Type:** number **Range:** 1-10 .. _1277_dns-list_malformed-query-check: dns-list_malformed-query-check ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns-malformed-query-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** dns-malformed-query-action and dns-malformed-query-action-list-name are mutually exclusive **dns-malformed-query-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dns-malformed-query-action-list-name and dns-malformed-query-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **non-query-opcode-check** **Description** 'disable': When malform check is enabled, TPS always drops DNS query with non query opcode, this option disables this opcode check; **Type:** string **Supported Values:** disable **skip-multi-packet-check** **Description** Bypass DNS fragmented and TCP segmented Queries(Default: dropped) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **validation-type** **Description** 'basic-header-check': Basic header validation for DNS TCP/UDP queries; 'extended-header-check': Extended header/query validation for DNS TCP/UDP queries; 'disable': Disable Malform query validation for DNS TCP/UDP; **Type:** string **Supported Values:** basic-header-check, extended-header-check, disable .. _1277_dns-list_dst: dns-list_dst ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1277_dns-list_dst_rate-limit` **Type:** Object .. _1277_dns-list_dst_rate-limit: dns-list_dst_rate-limit ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **domain-group-rate-exceed-action** **Description** 'drop': Drop the query (default); 'tunnel-encap-packet': Encapsulate the query and send on a tunnel; **Type:** string **Supported Values:** drop, tunnel-encap-packet **Default:** drop **domain-group-rate-per-service** **Description** Enable per service domain rate checking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **encap-template** **Description** DDOS encap template to sepcify the tunnel endpoint **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **fqdn** **Description:** fqdn is a **JSON Block**. Please see below for :ref:`1277_dns-list_dst_rate-limit_fqdn` **Type:** Object **request** **Description:** request is a **JSON Block**. Please see below for :ref:`1277_dns-list_dst_rate-limit_request` **Type:** Object .. _1277_dns-list_dst_rate-limit_request: dns-list_dst_rate-limit_request ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-dns-request-rate-limit-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, reset, blacklist-src **Mutual Exclusion:** dst-dns-request-rate-limit-action and dst-dns-request-rate-limit-action-list-name are mutually exclusive **dst-dns-request-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-dns-request-rate-limit-action-list-name and dst-dns-request-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **type** **Description:** type is a **JSON Block**. Please see below for :ref:`1277_dns-list_dst_rate-limit_request_type` **Type:** Object .. _1277_dns-list_dst_rate-limit_request_type: dns-list_dst_rate-limit_request_type ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **A-cfg** **Description:** A-cfg is a **JSON Block**. Please see below for :ref:`1277_dns-list_dst_rate-limit_request_type_A-cfg` **Type:** Object **AAAA-cfg** **Description:** AAAA-cfg is a **JSON Block**. Please see below for :ref:`1277_dns-list_dst_rate-limit_request_type_AAAA-cfg` **Type:** Object **CNAME-cfg** **Description:** CNAME-cfg is a **JSON Block**. Please see below for :ref:`1277_dns-list_dst_rate-limit_request_type_CNAME-cfg` **Type:** Object **MX-cfg** **Description:** MX-cfg is a **JSON Block**. Please see below for :ref:`1277_dns-list_dst_rate-limit_request_type_MX-cfg` **Type:** Object **NS-cfg** **Description:** NS-cfg is a **JSON Block**. Please see below for :ref:`1277_dns-list_dst_rate-limit_request_type_NS-cfg` **Type:** Object **SRV-cfg** **Description:** SRV-cfg is a **JSON Block**. Please see below for :ref:`1277_dns-list_dst_rate-limit_request_type_SRV-cfg` **Type:** Object **dns-type-cfg** **Type:** List .. _1277_dns-list_dst_rate-limit_request_type_SRV-cfg: dns-list_dst_rate-limit_request_type_SRV-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **SRV** **Description** Service locator **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-srv-rate** **Description** DNS request rate **Type:** number **Range:** 1-16000000 .. _1277_dns-list_dst_rate-limit_request_type_CNAME-cfg: dns-list_dst_rate-limit_request_type_CNAME-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **CNAME** **Description** Canonical name record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-cname-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_dns-list_dst_rate-limit_request_type_dns-type-cfg: dns-list_dst_rate-limit_request_type_dns-type-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dns-request-type** **Description** Other type value **Type:** number **Range:** 1-65535 **dns-request-type-rate** **Description** request rate limit **Type:** number **Range:** 1-16000000 .. _1277_dns-list_dst_rate-limit_request_type_AAAA-cfg: dns-list_dst_rate-limit_request_type_AAAA-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **AAAA** **Description** IPv6 address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-aaaa-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_dns-list_dst_rate-limit_request_type_A-cfg: dns-list_dst_rate-limit_request_type_A-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **A** **Description** Address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-a-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_dns-list_dst_rate-limit_request_type_MX-cfg: dns-list_dst_rate-limit_request_type_MX-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **MX** **Description** Mail exchange record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-mx-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_dns-list_dst_rate-limit_request_type_NS-cfg: dns-list_dst_rate-limit_request_type_NS-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **NS** **Description** Name server record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-ns-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_dns-list_dst_rate-limit_fqdn: dns-list_dst_rate-limit_fqdn ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns-fqdn-rate-cfg** **Type:** List **dns-fqdn-rate-limit-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, reset, blacklist-src **Mutual Exclusion:** dns-fqdn-rate-limit-action and dns-fqdn-rate-limit-action-list-name are mutually exclusive **dns-fqdn-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dns-fqdn-rate-limit-action-list-name and dns-fqdn-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_dns-list_dst_rate-limit_fqdn_dns-fqdn-rate-cfg: dns-list_dst_rate-limit_fqdn_dns-fqdn-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dns-fqdn-rate** **Description** Limiting rate (Range: 5-8000 for FQDN domain based rate limiting, 5-16000000 for FQDN label count based rate limiting) **Type:** number **Range:** 5-16000000 **fqdn-rate-label-count** **Description** FQDN label count (Range: 1-8) **Type:** number **Range:** 1-8 **fqdn-rate-suffix** **Description** Suffix count **Type:** number **Range:** 1-5 **per** **Description** 'domain-name': Domain Name; 'src-ip': Source IP address; 'label-count': FQDN label count; **Type:** string **Supported Values:** domain-name, src-ip, label-count **per-domain-per-src-ip** **Description** Use both Domain Name and Source IP address for rate-limiting **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1277_dns-list_allow-record-type: dns-list_allow-record-type ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **allow-a-type** **Description** Address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-aaaa-type** **Description** IPv6 address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-cname-type** **Description** Canonical name record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-mx-type** **Description** Mail exchange record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-ns-type** **Description** Name server record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-record-type-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, blacklist-src, reset **Mutual Exclusion:** allow-record-type-action and allow-record-type-action-list-name are mutually exclusive **allow-record-type-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** allow-record-type-action-list-name and allow-record-type-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **allow-srv-type** **Description** Service locator **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **record-num-cfg** **Type:** List .. _1277_dns-list_allow-record-type_record-num-cfg: dns-list_allow-record-type_record-num-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **allow-num-type** **Description** Other record type value **Type:** number **Range:** 1-65535 .. _1277_dns-list_allow-query-class: dns-list_allow-query-class ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **allow-any-query-class** **Description** ANY query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-chaos-query-class** **Description** CHAOS query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-csnet-query-class** **Description** CSNET query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-hesiod-query-class** **Description** HESIOD query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-internet-query-class** **Description** INTERNET query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-none-query-class** **Description** NONE query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-query-class-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, blacklist-src, reset **Mutual Exclusion:** allow-query-class-action and allow-query-class-action-list-name are mutually exclusive **allow-query-class-action-list-name** **Description** Configure action-list to take when query class doesn't match **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** allow-query-class-action-list-name and allow-query-class-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_dns-list_dns-udp-authentication: dns-list_dns-udp-authentication ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns-udp-auth-fail-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, blacklist-src **Mutual Exclusion:** dns-udp-auth-fail-action and dns-udp-auth-fail-action-list-name are mutually exclusive **dns-udp-auth-fail-action-list-name** **Description** Configure action-list to take for failing the authentication. (Applicable to dns-udp retry only) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dns-udp-auth-fail-action-list-name and dns-udp-auth-fail-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **dns-udp-auth-pass-action** **Description** 'authenticate-src': authenticate-src (Default); **Type:** string **Supported Values:** authenticate-src **Mutual Exclusion:** dns-udp-auth-pass-action and dns-udp-auth-pass-action-list-name are mutually exclusive **dns-udp-auth-pass-action-list-name** **Description** Configure action-list to take for passing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dns-udp-auth-pass-action-list-name and dns-udp-auth-pass-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **force-tcp-cfg** **Description:** force-tcp-cfg is a **JSON Block**. Please see below for :ref:`1277_dns-list_dns-udp-authentication_force-tcp-cfg` **Type:** Object **min-delay** **Description** Optional minimum delay between DNS retransmits for authentication to pass, unit is specified by min-delay-interval **Type:** number **Range:** 1-80 **Mutual Exclusion:** min-delay and force-tcp are mutually exclusive **min-delay-interval** **Description** '100ms': 100ms; '1sec': 1sec; **Type:** string **Supported Values:** 100ms, 1sec **udp-timeout** **Description** UDP authentication timeout in seconds **Type:** number **Range:** 1-16 **Mutual Exclusion:** udp-timeout and force-tcp are mutually exclusive .. _1277_dns-list_dns-udp-authentication_force-tcp-cfg: dns-list_dns-udp-authentication_force-tcp-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **force-tcp** **Description** Force DNS request over TCP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** force-tcp, udp-timeout, and min-delay are mutually exclusive **force-tcp-ignore-client-source-port** **Description** Allow client to retransmit DNS request using different source port during udp-auth (supported in asymmetric mode only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **force-tcp-min-delay** **Description** Optional minimum delay (seconds) between DNS retransmits for authentication to pass **Type:** number **Range:** 1-15 **force-tcp-timeout** **Description** UDP authentication timeout in seconds **Type:** number **Range:** 1-16 .. _1277_dns-list_multi-pu-threshold-distribution: dns-list_multi-pu-threshold-distribution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **multi-pu-threshold-distribution-disable** **Description** 'disable': Destination side rate limit only. Default: Enable; **Type:** string **Supported Values:** disable **Mutual Exclusion:** multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive **multi-pu-threshold-distribution-value** **Description** Destination side rate limit only. Default: 0 **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive .. _1277_dns-list_fqdn-label-len-cfg: dns-list_fqdn-label-len-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **fqdn-label-length-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** fqdn-label-length-action and fqdn-label-length-action-list-name are mutually exclusive **fqdn-label-length-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fqdn-label-length-action-list-name and fqdn-label-length-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **fqdn-label-suffix** **Description** Number of suffixes **Type:** number **Range:** 1-5 **label-length** **Description** Maximum length of FQDN label **Type:** number **Range:** 1-63 .. _1277_dns-list_symtimeout-cfg: dns-list_symtimeout-cfg ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sym-timeout** **Description** Timeout for DNS Symmetric session **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sym-timeout-value** **Description** Session timeout value in seconds **Type:** number **Range:** 1-31 .. _1277_icmp-v4-list: icmp-v4-list ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}/filter/{icmp-filter-name} ` **filter-match-type** **Description** 'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; **Type:** string **Supported Values:** default, stop-on-first-match **Default:** default **icmp-tmpl-name** **Description** DDOS ICMPv4 Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}/type/{type-number} ` **type-other** **Description:** type-other is a **JSON Block**. Please see below for :ref:`1277_icmp-v4-list_type-other` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}/type-other ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_icmp-v4-list_type-list: icmp-v4-list_type-list ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dst-code-other-rate** **Description** Specify the rate with other code **Type:** number **Range:** 1-16000000 **dst-code-other-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** dst-code-other-rate-action and dst-code-other-rate-action-list-name are mutually exclusive **dst-code-other-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-code-other-rate-action-list-name and dst-code-other-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **icmp-type-action** **Description** 'drop': Reject this ICMP type; 'blacklist-src': Blacklist-src this ICMP type; 'ignore': Ignore this ICMP type; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** icmp-type-action and icmp-type-action-list-name are mutually exclusive **icmp-type-action-list-name** **Description** Configure action-list to take for this ICMP type **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** icmp-type-action-list-name and icmp-type-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **src-code-other-rate** **Description** Specify the rate with other code **Type:** number **Range:** 1-16000000 **src-code-other-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** src-code-other-rate-action and src-code-other-rate-action-list-name are mutually exclusive **src-code-other-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-code-other-rate-action-list-name and src-code-other-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **type-number** **Description** Specify ICMP type number **Type:** number **Range:** 0-255 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **v4-dst-code-cfg** **Type:** List **v4-dst-rate-cfg** **Description:** v4-dst-rate-cfg is a **JSON Block**. Please see below for :ref:`1277_icmp-v4-list_type-list_v4-dst-rate-cfg` **Type:** Object **v4-src-code-cfg** **Type:** List **v4-src-rate-cfg** **Description:** v4-src-rate-cfg is a **JSON Block**. Please see below for :ref:`1277_icmp-v4-list_type-list_v4-src-rate-cfg` **Type:** Object .. _1277_icmp-v4-list_type-list_v4-src-rate-cfg: icmp-v4-list_type-list_v4-src-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-type-rate** **Description** Specify the whole src rate for this type **Type:** number **Range:** 1-16000000 **src-type-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** src-type-rate-action and src-type-rate-action-list-name are mutually exclusive **src-type-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-type-rate-action-list-name and src-type-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_icmp-v4-list_type-list_v4-dst-code-cfg: icmp-v4-list_type-list_v4-dst-code-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dst-code-number** **Description** Specify the ICMP code for this dst rate **Type:** number **Range:** 0-255 **dst-code-rate** **Description** Specify the rate with the code **Type:** number **Range:** 1-16000000 **dst-code-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** dst-code-rate-action and dst-code-rate-action-list-name are mutually exclusive **dst-code-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-code-rate-action-list-name and dst-code-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_icmp-v4-list_type-list_v4-src-code-cfg: icmp-v4-list_type-list_v4-src-code-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **src-code-number** **Description** Specify the ICMP code for this src rate **Type:** number **Range:** 0-255 **src-code-rate** **Description** Specify the rate with the code **Type:** number **Range:** 1-16000000 **src-code-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** src-code-rate-action and src-code-rate-action-list-name are mutually exclusive **src-code-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-code-rate-action-list-name and src-code-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_icmp-v4-list_type-list_v4-dst-rate-cfg: icmp-v4-list_type-list_v4-dst-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-type-rate** **Description** Specify the whole dst rate for this type **Type:** number **Range:** 1-16000000 **dst-type-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** dst-type-rate-action and dst-type-rate-action-list-name are mutually exclusive **dst-type-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-type-rate-action-list-name and dst-type-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_icmp-v4-list_type-other: icmp-v4-list_type-other ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`1277_icmp-v4-list_type-other_dst` **Type:** Object **icmp-type-other-action** **Description** 'drop': Reject wildcard ICMP type; 'blacklist-src': Blacklist-src wildcard ICMP type; 'ignore': Ignore wildcard ICMP type; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** icmp-type-other-action and icmp-type-other-action-list-name are mutually exclusive **icmp-type-other-action-list-name** **Description** Configure action-list to take for wildcard ICMP match **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** icmp-type-other-action-list-name and icmp-type-other-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **src** **Description:** src is a **JSON Block**. Please see below for :ref:`1277_icmp-v4-list_type-other_src` **Type:** Object **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_icmp-v4-list_type-other_src: icmp-v4-list_type-other_src ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-type-other-rate** **Description** Specify the whole src rate for wildcard ICMP type **Type:** number **Range:** 1-16000000 **src-type-other-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** src-type-other-rate-action and src-type-other-rate-action-list-name are mutually exclusive **src-type-other-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-type-other-rate-action-list-name and src-type-other-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_icmp-v4-list_type-other_dst: icmp-v4-list_type-other_dst ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-type-other-rate** **Description** Specify the whole dst rate for wildcard ICMP type **Type:** number **Range:** 1-16000000 **dst-type-other-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** dst-type-other-rate-action and dst-type-other-rate-action-list-name are mutually exclusive **dst-type-other-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-type-other-rate-action-list-name and dst-type-other-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_icmp-v4-list_filter-list: icmp-v4-list_filter-list ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **byte-offset-filter** **Description** filter using Berkeley packet filter syntax **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **icmp-filter-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, blacklist-src **Default:** drop **Mutual Exclusion:** icmp-filter-action and icmp-filter-action-list-name are mutually exclusive **icmp-filter-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** icmp-filter-action-list-name and icmp-filter-action are mutually exclusive **icmp-filter-inverse-match** **Description** Inverse the result of matching **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **icmp-filter-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-filter-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **icmp-filter-seq** **Description** sequence number **Type:** number **Range:** 1-200 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_encap-list: encap-list ^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **encap-tmpl-name** **Description** DDOS Tunnel Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **preserve-source-ip** **Description** Use original source ip for encapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tunnel-encap** **Description:** tunnel-encap is a **JSON Block**. Please see below for :ref:`1277_encap-list_tunnel-encap` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_encap-list_tunnel-encap: encap-list_tunnel-encap ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-cfg** **Description:** gre-cfg is a **JSON Block**. Please see below for :ref:`1277_encap-list_tunnel-encap_gre-cfg` **Type:** Object **ip-cfg** **Description:** ip-cfg is a **JSON Block**. Please see below for :ref:`1277_encap-list_tunnel-encap_ip-cfg` **Type:** Object .. _1277_encap-list_tunnel-encap_ip-cfg: encap-list_tunnel-encap_ip-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **always** **Description:** always is a **JSON Block**. Please see below for :ref:`1277_encap-list_tunnel-encap_ip-cfg_always` **Type:** Object **ip-encap** **Description** Enable Tunnel encapsulation using IP in IP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1277_encap-list_tunnel-encap_ip-cfg_always: encap-list_tunnel-encap_ip-cfg_always ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ipv4-addr** **Description** IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv4-address **ipv6-addr** **Description** IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv6-address .. _1277_encap-list_tunnel-encap_gre-cfg: encap-list_tunnel-encap_gre-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-always** **Description:** gre-always is a **JSON Block**. Please see below for :ref:`1277_encap-list_tunnel-encap_gre-cfg_gre-always` **Type:** Object **gre-encap** **Description** Enable Tunnel encapsulation using GRE **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1277_encap-list_tunnel-encap_gre-cfg_gre-always: encap-list_tunnel-encap_gre-cfg_gre-always ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-ipv4** **Description** IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv4-address **gre-ipv6** **Description** IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv6-address **key-ipv4** **Description** Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters **key-ipv6** **Description** Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters .. _1277_udp-list: udp-list ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Configure session age(in minutes) for UDP sessions **Type:** number **Range:** 1-63 **Default:** 2 **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/udp/{name}/filter/{udp-filter-name} ` **filter-match-type** **Description** 'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; **Type:** string **Supported Values:** default, stop-on-first-match **Default:** default **known-resp-src-port-cfg** **Description:** known-resp-src-port-cfg is a **JSON Block**. Please see below for :ref:`1277_udp-list_known-resp-src-port-cfg` **Type:** Object **max-payload-size-cfg** **Description:** max-payload-size-cfg is a **JSON Block**. Please see below for :ref:`1277_udp-list_max-payload-size-cfg` **Type:** Object **min-payload-size-cfg** **Description:** min-payload-size-cfg is a **JSON Block**. Please see below for :ref:`1277_udp-list_min-payload-size-cfg` **Type:** Object **name** **Description** DDOS UDP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ntp-monlist-cfg** **Description:** ntp-monlist-cfg is a **JSON Block**. Please see below for :ref:`1277_udp-list_ntp-monlist-cfg` **Type:** Object **per-conn-pkt-rate-cfg** **Description:** per-conn-pkt-rate-cfg is a **JSON Block**. Please see below for :ref:`1277_udp-list_per-conn-pkt-rate-cfg` **Type:** Object **per-conn-rate-interval** **Description** '100ms': 100ms; '1sec': 1sec; **Type:** string **Supported Values:** 100ms, 1sec **Default:** 1sec **previous-salt-timeout** **Description** Token-Authentication previous salt-prefix timeout in minutes, default is 1 min **Type:** number **Range:** 1-10080 **Default:** 1 **public-ipv4-addr** **Description** IP address **Type:** string **Format:** ipv4-address **public-ipv6-addr** **Description** IPV6 address **Type:** string **Format:** ipv6-address **spoof-detect-fail-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src for spoof-detect fail; **Type:** string **Supported Values:** drop, blacklist-src **Mutual Exclusion:** spoof-detect-fail-action and spoof-detect-fail-action-list-name are mutually exclusive **spoof-detect-fail-action-list-name** **Description** Configure action-list to take for failing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** spoof-detect-fail-action-list-name and spoof-detect-fail-action are mutually exclusive **spoof-detect-min-delay** **Description** Optional minimum delay between UDP retransmits for authentication to pass, unit is specified by min-delay-interval **Type:** number **Range:** 1-80 **spoof-detect-min-delay-interval** **Description** '100ms': 100ms; '1sec': 1sec; **Type:** string **Supported Values:** 100ms, 1sec **Default:** 1sec **spoof-detect-pass-action** **Description** 'authenticate-src': authenticate-src (Default); **Type:** string **Supported Values:** authenticate-src **Mutual Exclusion:** spoof-detect-pass-action and spoof-detect-pass-action-list-name are mutually exclusive **spoof-detect-pass-action-list-name** **Description** Configure action-list to take for passing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** spoof-detect-pass-action-list-name and spoof-detect-pass-action are mutually exclusive **spoof-detect-retry-timeout** **Description** Timeout in seconds **Type:** number **Range:** 1-31 **token-authentication** **Description** Enable Token Authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **token-authentication-formula** **Description** 'md5_Salt-SrcIp-SrcPort-DstIp-DstPort': md5 of Salt-SrcIp-SrcPort-DstIp-DstPort; 'md5_Salt-DstIp-DstPort': md5 of Salt-DstIp-DstPort; 'md5_Salt-SrcIp-DstIp': md5 of Salt-SrcIp-DstIp; 'md5_Salt-SrcPort-DstPort': md5 of Salt-SrcPort-DstPort; 'md5_Salt-UintDstIp-DstPort': Using the uint value of IP for md5 of Salt-DstIp-DstPort; 'sha1_Salt-SrcIp-SrcPort-DstIp-DstPort': sha1 of Salt-SrcIp-SrcPort-DstIp-DstPort; 'sha1_Salt-DstIp-DstPort': sha1 of Salt-DstIp-DstPort; 'sha1_Salt-SrcIp-DstIp': sha1 of Salt-SrcIp-DstIp; 'sha1_Salt-SrcPort-DstPort': sha1 of Salt-SrcPort-DstPort; 'sha1_Salt-UintDstIp-DstPort': Using the uint value of IP for sha1 of Salt-DstIp-DstPort; **Type:** string **Supported Values:** md5_Salt-SrcIp-SrcPort-DstIp-DstPort, md5_Salt-DstIp-DstPort, md5_Salt-SrcIp-DstIp, md5_Salt-SrcPort-DstPort, md5_Salt-UintDstIp-DstPort, sha1_Salt-SrcIp-SrcPort-DstIp-DstPort, sha1_Salt-DstIp-DstPort, sha1_Salt-SrcIp-DstIp, sha1_Salt-SrcPort-DstPort, sha1_Salt-UintDstIp-DstPort **token-authentication-hw-assist-disable** **Description** token-authentication disable hardware assistance **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **token-authentication-public-address** **Description** The server public IP address **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **token-authentication-salt-prefix** **Description** token-authentication salt-prefix **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **token-authentication-salt-prefix-curr** **Description** **Type:** number **Range:** 1-4294967295 **token-authentication-salt-prefix-prev** **Description** **Type:** number **Range:** 1-4294967295 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_udp-list_ntp-monlist-cfg: udp-list_ntp-monlist-cfg ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ntp-monlist** **Description** Take action for ntp monlist request/response **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ntp-monlist-action** **Description** 'drop': Drop packets for ntp-monlist (Default); 'blacklist-src': Blacklist-src for ntp-monlist; 'ignore': Ignore ntp-monlist; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** ntp-monlist-action and ntp-monlist-action-list-name are mutually exclusive **ntp-monlist-action-list-name** **Description** Configure action-list to take for ntp-monlist **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** ntp-monlist-action-list-name and ntp-monlist-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_udp-list_known-resp-src-port-cfg: udp-list_known-resp-src-port-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **exclude-src-resp-port** **Description** Exclude src port equal to dst port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **known-resp-src-port** **Description** Take action if src-port is less than 1024 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **known-resp-src-port-action** **Description** 'drop': Drop packets from well-known src-port(Default); 'blacklist-src': Blacklist-src from well-known src-port; 'ignore': Ignore well-known src-port; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** known-resp-src-port-action and known-resp-src-port-action-list-name are mutually exclusive **known-resp-src-port-action-list-name** **Description** Configure action-list to take for well-known src-port **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** known-resp-src-port-action-list-name and known-resp-src-port-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_udp-list_per-conn-pkt-rate-cfg: udp-list_per-conn-pkt-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **per-conn-pkt-rate-action** **Description** 'drop': Drop packets for per-conn-pkt-rate exceed (Default); 'blacklist-src': help Blacklist-src for per-conn-pkt-rate exceed; 'ignore': Ignore per-conn-pkt-rate-exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** per-conn-pkt-rate-action and per-conn-pkt-rate-action-list-name are mutually exclusive **per-conn-pkt-rate-action-list-name** **Description** Configure action-list to take for per-conn-pkt-rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** per-conn-pkt-rate-action-list-name and per-conn-pkt-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **per-conn-pkt-rate-limit** **Description** Packet rate limit per connection per rate-interval **Type:** number **Range:** 1-16000000 .. _1277_udp-list_min-payload-size-cfg: udp-list_min-payload-size-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **min-payload-size** **Description** Minimum UDP payload size for each single packet **Type:** number **Range:** 1-1470 **min-payload-size-action** **Description** 'drop': Drop packets for min-payload-size (Default); 'blacklist-src': Blacklist-src for min-payload-size; 'ignore': Do nothing for min-payload-size exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** min-payload-size-action and min-payload-size-action-list-name are mutually exclusive **min-payload-size-action-list-name** **Description** Configure action-list to take for min-payload-size exceed **Type:** string **Format:** string-rlx **Maximum Length:** 64 characters **Maximum Length:** 1 characters **Mutual Exclusion:** min-payload-size-action-list-name and min-payload-size-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_udp-list_filter-list: udp-list_filter-list ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **byte-offset-filter** **Description** Filter using Berkeley Packet Filter syntax **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **udp-filter-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; **Type:** string **Supported Values:** drop, ignore, blacklist-src, authenticate-src **Default:** drop **Mutual Exclusion:** udp-filter-action and udp-filter-action-list-name are mutually exclusive **udp-filter-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** udp-filter-action-list-name and udp-filter-action are mutually exclusive **udp-filter-inverse-match** **Description** Inverse the result of the matching **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **udp-filter-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp-filter-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **udp-filter-seq** **Description** Sequence number **Type:** number **Range:** 1-200 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_udp-list_max-payload-size-cfg: udp-list_max-payload-size-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **max-payload-size** **Description** Maximum UDP payload size for each single packet **Type:** number **Range:** 1-1470 **max-payload-size-action** **Description** 'drop': Drop packets for max-payload-size exceed (Default); 'blacklist-src': Blacklist-src for max-payload-size exceed; 'ignore': Do nothing for max-payload-size exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** max-payload-size-action and max-payload-size-action-list-name are mutually exclusive **max-payload-size-action-list-name** **Description** Configure action-list to take for max-payload-size exceed **Type:** string **Format:** string-rlx **Maximum Length:** 64 characters **Maximum Length:** 1 characters **Mutual Exclusion:** max-payload-size-action-list-name and max-payload-size-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_http-list: http-list ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **challenge** **Description:** challenge is a **JSON Block**. Please see below for :ref:`1277_http-list_challenge` **Type:** Object **client-source-ip** **Description:** client-source-ip is a **JSON Block**. Please see below for :ref:`1277_http-list_client-source-ip` **Type:** Object **disable** **Description** Disable this template **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disallow-connect-method** **Description** Do not allow HTTP Connect method (asymmetric mode only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`1277_http-list_dst` **Type:** Object **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/http/{http-tmpl-name}/filter/{http-filter-name} ` **http-tmpl-name** **Description** DDOS HTTP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **idle-timeout** **Description:** idle-timeout is a **JSON Block**. Please see below for :ref:`1277_http-list_idle-timeout` **Type:** Object **malformed-http** **Description:** malformed-http is a **JSON Block**. Please see below for :ref:`1277_http-list_malformed-http` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/http/{http-tmpl-name}/malformed-http ` **mss-timeout** **Description:** mss-timeout is a **JSON Block**. Please see below for :ref:`1277_http-list_mss-timeout` **Type:** Object **multi-pu-threshold-distribution** **Description:** multi-pu-threshold-distribution is a **JSON Block**. Please see below for :ref:`1277_http-list_multi-pu-threshold-distribution` **Type:** Object **non-http-bypass** **Description** Bypass non-http traffic instead of dropping **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **out-of-order-queue-size** **Description** Set the number of packets for the out-of-order HTTP queue (asym mode only) **Type:** number **Range:** 0-15 **Default:** 3 **out-of-order-queue-timeout** **Description** Set the timeout value in seconds for out-of-order queue in HTTP (asym mode only) **Type:** number **Range:** 0-15 **Default:** 3 **request-header** **Description:** request-header is a **JSON Block**. Please see below for :ref:`1277_http-list_request-header` **Type:** Object **slow-read** **Description:** slow-read is a **JSON Block**. Please see below for :ref:`1277_http-list_slow-read` **Type:** Object **src** **Description:** src is a **JSON Block**. Please see below for :ref:`1277_http-list_src` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_http-list_client-source-ip: http-list_client-source-ip ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **client-source-ip** **Description** Mitigate on src ip specified by http header for example X-Forwarded-For header. Default is disabled **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **http-header-name** **Description** Set the http header name to parse for client ip. Default is X-Forwarded-For **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Default:** X-Forwarded-For .. _1277_http-list_dst: http-list_dst ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1277_http-list_dst_rate-limit` **Type:** Object .. _1277_http-list_dst_rate-limit: http-list_dst_rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **http-post** **Description:** http-post is a **JSON Block**. Please see below for :ref:`1277_http-list_dst_rate-limit_http-post` **Type:** Object **http-request** **Description:** http-request is a **JSON Block**. Please see below for :ref:`1277_http-list_dst_rate-limit_http-request` **Type:** Object **response-size** **Description:** response-size is a **JSON Block**. Please see below for :ref:`1277_http-list_dst_rate-limit_response-size` **Type:** Object .. _1277_http-list_dst_rate-limit_response-size: http-list_dst_rate-limit_response-size ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **between-cfg** **Type:** List **greater-cfg** **Type:** List **less-cfg** **Type:** List **response-size-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** response-size-action and response-size-action-list-name are mutually exclusive **response-size-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** response-size-action-list-name and response-size-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_http-list_dst_rate-limit_response-size_between-cfg: http-list_dst_rate-limit_response-size_between-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **obj-between-rate** **Description** Response rate limit **Type:** number **Range:** 1-16000000 **obj-between1** **Description** Response size configuration **Type:** number **Range:** 1-16000000 **obj-between2** **Description** Response size configuration **Type:** number **Range:** 1-16000000 .. _1277_http-list_dst_rate-limit_response-size_greater-cfg: http-list_dst_rate-limit_response-size_greater-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **obj-greater** **Description** Response size configuration **Type:** number **Range:** 1-16000000 **obj-greater-rate** **Description** Response rate limit **Type:** number **Range:** 1-16000000 .. _1277_http-list_dst_rate-limit_response-size_less-cfg: http-list_dst_rate-limit_response-size_less-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **obj-less** **Description** Response size configuration **Type:** number **Range:** 1-16000000 **obj-less-rate** **Description** Response rate limit **Type:** number **Range:** 1-16000000 .. _1277_http-list_dst_rate-limit_http-post: http-list_dst_rate-limit_http-post ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-post-rate-limit** **Description** **Type:** number **Range:** 1-16000000 **dst-post-rate-limit-action** **Description** 'drop': Drop packets(Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, reset, blacklist-src **Default:** drop **Mutual Exclusion:** dst-post-rate-limit-action and dst-post-rate-limit-action-list-name are mutually exclusive **dst-post-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-post-rate-limit-action-list-name and dst-post-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_http-list_dst_rate-limit_http-request: http-list_dst_rate-limit_http-request ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-request-rate** **Description** **Type:** number **Range:** 1-16000000 **dst-request-rate-limit-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, reset, blacklist-src **Default:** drop **Mutual Exclusion:** dst-request-rate-limit-action and dst-request-rate-limit-action-list-name are mutually exclusive **dst-request-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-request-rate-limit-action-list-name and dst-request-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_http-list_src: http-list_src ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1277_http-list_src_rate-limit` **Type:** Object .. _1277_http-list_src_rate-limit: http-list_src_rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **http-post** **Description:** http-post is a **JSON Block**. Please see below for :ref:`1277_http-list_src_rate-limit_http-post` **Type:** Object **http-request** **Description:** http-request is a **JSON Block**. Please see below for :ref:`1277_http-list_src_rate-limit_http-request` **Type:** Object .. _1277_http-list_src_rate-limit_http-post: http-list_src_rate-limit_http-post ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-post-rate-limit** **Description** **Type:** number **Range:** 1-16000000 **src-post-rate-limit-action** **Description** 'drop': Drop packets(Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, reset, blacklist-src **Default:** drop **Mutual Exclusion:** src-post-rate-limit-action and src-post-rate-limit-action-list-name are mutually exclusive **src-post-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-post-rate-limit-action-list-name and src-post-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_http-list_src_rate-limit_http-request: http-list_src_rate-limit_http-request ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-request-rate** **Description** **Type:** number **Range:** 1-16000000 **src-request-rate-limit-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, reset, blacklist-src **Default:** drop **Mutual Exclusion:** src-request-rate-limit-action and src-request-rate-limit-action-list-name are mutually exclusive **src-request-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-request-rate-limit-action-list-name and src-request-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_http-list_challenge: http-list_challenge ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **challenge-cookie-name** **Description** Set the cookie name used to send back to client. Default is sto-idd **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Default:** sto-idd **challenge-fail-action** **Description** 'blacklist-src': Blacklist-src; 'reset': Reset client connection(Default); **Type:** string **Supported Values:** blacklist-src, reset **Default:** reset **Mutual Exclusion:** challenge-fail-action and challenge-fail-action-list-name are mutually exclusive **challenge-fail-action-list-name** **Description** Configure action-list to take for failing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** challenge-fail-action-list-name and challenge-fail-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **challenge-interval** **Description** Specify the challenge interval. Default is 8 seconds **Type:** number **Range:** 1-31 **Default:** 8 **challenge-keep-cookie** **Description** Keep the challenge cookie from client and forward to backend. Default is do not keep **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **challenge-method** **Description** 'http-redirect': http-redirect; 'javascript': javascript; **Type:** string **Supported Values:** http-redirect, javascript **challenge-pass-action** **Description** 'authenticate-src': Authenticate-src (Default); **Type:** string **Supported Values:** authenticate-src **Mutual Exclusion:** challenge-pass-action and challenge-pass-action-list-name are mutually exclusive **challenge-pass-action-list-name** **Description** Configure action-list to take for passing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** challenge-pass-action-list-name and challenge-pass-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **challenge-redirect-code** **Description** '302': 302 Found; '307': 307 Temporary Redirect; **Type:** string **Supported Values:** 302, 307 **Default:** 302 **challenge-uri-encode** **Description** Encode the challenge phrase in uri instead of in http cookie. Default encoded in http cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1277_http-list_idle-timeout: http-list_idle-timeout ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **idle-timeout-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, blacklist-src, reset **Mutual Exclusion:** idle-timeout-action and idle-timeout-action-list-name are mutually exclusive **idle-timeout-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** idle-timeout-action-list-name and idle-timeout-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **idle-timeout-value** **Description** Set the the idle timeout value in seconds for HTTP connections **Type:** number **Range:** 1-63 **ignore-zero-payload** **Description** Don't reset idle timer on packets with zero payload length from clients **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1277_http-list_slow-read: http-list_slow-read ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **min-window-count** **Description** Number of packets **Type:** number **Range:** 1-31 **min-window-size** **Description** minimum window size **Type:** number **Range:** 1-65535 **slow-read-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'ignore': Take no action; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, blacklist-src, ignore, reset **Mutual Exclusion:** slow-read-action and slow-read-action-list-name are mutually exclusive **slow-read-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** slow-read-action-list-name and slow-read-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_http-list_multi-pu-threshold-distribution: http-list_multi-pu-threshold-distribution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **multi-pu-threshold-distribution-disable** **Description** 'disable': Destination side rate limit only. Default: Enable; **Type:** string **Supported Values:** disable **Mutual Exclusion:** multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive **multi-pu-threshold-distribution-value** **Description** Destination side rate limit only. Default: 0 **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive .. _1277_http-list_filter-list: http-list_filter-list ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`1277_http-list_filter-list_dst` **Type:** Object **http-agent-cfg** **Description:** http-agent-cfg is a **JSON Block**. Please see below for :ref:`1277_http-list_filter-list_http-agent-cfg` **Type:** Object **http-filter-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, authenticate-src, reset **Mutual Exclusion:** http-filter-action and http-filter-action-list-name are mutually exclusive **http-filter-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** http-filter-action-list-name and http-filter-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **http-filter-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http-filter-seq** **Description** Sequence number **Type:** number **Range:** 1-200 **http-header-cfg** **Description:** http-header-cfg is a **JSON Block**. Please see below for :ref:`1277_http-list_filter-list_http-header-cfg` **Type:** Object **http-referer-cfg** **Description:** http-referer-cfg is a **JSON Block**. Please see below for :ref:`1277_http-list_filter-list_http-referer-cfg` **Type:** Object **http-uri-cfg** **Description:** http-uri-cfg is a **JSON Block**. Please see below for :ref:`1277_http-list_filter-list_http-uri-cfg` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_http-list_filter-list_http-uri-cfg: http-list_filter-list_http-uri-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uri-contains-cfg** **Type:** List **uri-ends-cfg** **Type:** List **uri-equal-cfg** **Type:** List **uri-starts-cfg** **Type:** List .. _1277_http-list_filter-list_http-uri-cfg_uri-equal-cfg: http-list_filter-list_http-uri-cfg_uri-equal-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-uri-equals** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters .. _1277_http-list_filter-list_http-uri-cfg_uri-starts-cfg: http-list_filter-list_http-uri-cfg_uri-starts-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-uri-starts-with** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters .. _1277_http-list_filter-list_http-uri-cfg_uri-ends-cfg: http-list_filter-list_http-uri-cfg_uri-ends-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-uri-ends-with** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters .. _1277_http-list_filter-list_http-uri-cfg_uri-contains-cfg: http-list_filter-list_http-uri-cfg_uri-contains-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-uri-contains** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters .. _1277_http-list_filter-list_dst: http-list_filter-list_dst ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **http-filter-rate-limit** **Description** Set rate limit **Type:** number **Range:** 1-16000000 .. _1277_http-list_filter-list_http-agent-cfg: http-list_filter-list_http-agent-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **agent-contains-cfg** **Type:** List **agent-ends-cfg** **Type:** List **agent-equals-cfg** **Type:** List **agent-starts-cfg** **Type:** List .. _1277_http-list_filter-list_http-agent-cfg_agent-contains-cfg: http-list_filter-list_http-agent-cfg_agent-contains-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-agent-contains** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1277_http-list_filter-list_http-agent-cfg_agent-ends-cfg: http-list_filter-list_http-agent-cfg_agent-ends-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-agent-ends-with** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1277_http-list_filter-list_http-agent-cfg_agent-equals-cfg: http-list_filter-list_http-agent-cfg_agent-equals-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-agent-equals** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1277_http-list_filter-list_http-agent-cfg_agent-starts-cfg: http-list_filter-list_http-agent-cfg_agent-starts-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-agent-starts-with** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1277_http-list_filter-list_http-header-cfg: http-list_filter-list_http-header-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **http-filter-header-inverse-match** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **http-filter-header-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters .. _1277_http-list_filter-list_http-referer-cfg: http-list_filter-list_http-referer-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **referer-contains-cfg** **Type:** List **referer-ends-cfg** **Type:** List **referer-equals-cfg** **Type:** List **referer-starts-cfg** **Type:** List .. _1277_http-list_filter-list_http-referer-cfg_referer-equals-cfg: http-list_filter-list_http-referer-cfg_referer-equals-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-referer-equals** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1277_http-list_filter-list_http-referer-cfg_referer-starts-cfg: http-list_filter-list_http-referer-cfg_referer-starts-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-referer-starts-with** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1277_http-list_filter-list_http-referer-cfg_referer-contains-cfg: http-list_filter-list_http-referer-cfg_referer-contains-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-referer-contains** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1277_http-list_filter-list_http-referer-cfg_referer-ends-cfg: http-list_filter-list_http-referer-cfg_referer-ends-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-referer-ends-with** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1277_http-list_mss-timeout: http-list_mss-timeout ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **mss-percent** **Description** Configure percentage of mss such that if a packet size is below the mss times mss-percent, packet is considered bad. **Type:** number **Range:** 1-100 **mss-timeout-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** mss-timeout-action and mss-timeout-action-list-name are mutually exclusive **mss-timeout-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** mss-timeout-action-list-name and mss-timeout-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **number-packets** **Description** Specify percentage of mss. Default is 0, mss-timeout is not enabled. **Type:** number **Range:** 1-31 .. _1277_http-list_malformed-http: http-list_malformed-http ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **malformed-http** **Description** 'check': Configure malformed HTTP parameters; **Type:** string **Supported Values:** check **Default:** check **malformed-http-action** **Description** 'drop': Drop packets (Default); 'reset': Reset client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, reset, blacklist-src **Mutual Exclusion:** malformed-http-action and malformed-http-action-list-name are mutually exclusive **malformed-http-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** malformed-http-action-list-name and malformed-http-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **malformed-http-bad-chunk-mon-enabled** **Description** Enabling bad chunk monitoring. Default is disabled **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malformed-http-max-content-length** **Description** Set the maxinum content-length header. Default value is 4294967295 bytes **Type:** number **Range:** 1-4294967295 **Default:** 4294967295 **malformed-http-max-header-name-size** **Description** Set the maxinum header name length. Default value is 64. **Type:** number **Range:** 1-64 **Default:** 64 **malformed-http-max-line-size** **Description** Set the maximum line size. Default value is 32512 **Type:** number **Range:** 1-65280 **Default:** 32512 **malformed-http-max-num-headers** **Description** Set the maximum number of headers. Default value is 90 **Type:** number **Range:** 1-90 **Default:** 90 **malformed-http-max-req-line-size** **Description** Set the maximum request line size. Default value is 32512 **Type:** number **Range:** 1-65280 **Default:** 32512 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_http-list_request-header: http-list_request-header ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **header-timeout-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, blacklist-src, reset **Default:** drop **Mutual Exclusion:** header-timeout-action and header-timeout-action-list-name are mutually exclusive **header-timeout-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** header-timeout-action-list-name and header-timeout-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **timeout** **Description** **Type:** number **Range:** 1-63 .. _1277_sip-list: sip-list ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`1277_sip-list_dst` **Type:** Object **filter-header-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/sip/{sip-tmpl-name}/filter-header/{sip-filter-name} ` **idle-timeout** **Description:** idle-timeout is a **JSON Block**. Please see below for :ref:`1277_sip-list_idle-timeout` **Type:** Object **malformed-sip** **Description:** malformed-sip is a **JSON Block**. Please see below for :ref:`1277_sip-list_malformed-sip` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/sip/{sip-tmpl-name}/malformed-sip ` **multi-pu-threshold-distribution** **Description:** multi-pu-threshold-distribution is a **JSON Block**. Please see below for :ref:`1277_sip-list_multi-pu-threshold-distribution` **Type:** Object **sip-tmpl-name** **Description** DDOS SIP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **src** **Description:** src is a **JSON Block**. Please see below for :ref:`1277_sip-list_src` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_sip-list_src: sip-list_src ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sip-request-rate-limit** **Description:** sip-request-rate-limit is a **JSON Block**. Please see below for :ref:`1277_sip-list_src_sip-request-rate-limit` **Type:** Object .. _1277_sip-list_src_sip-request-rate-limit: sip-list_src_sip-request-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **method** **Description:** method is a **JSON Block**. Please see below for :ref:`1277_sip-list_src_sip-request-rate-limit_method` **Type:** Object **src-sip-rate-action** **Description** 'drop': Drop packets(Default); 'ignore': Take no action; 'reset': Reset (sip-tcp) client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, reset, blacklist-src **Default:** drop **Mutual Exclusion:** src-sip-rate-action and src-sip-rate-action-list-name are mutually exclusive **src-sip-rate-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-sip-rate-action-list-name and src-sip-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_sip-list_src_sip-request-rate-limit_method: sip-list_src_sip-request-rate-limit_method ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **bye-cfg** **Description:** bye-cfg is a **JSON Block**. Please see below for :ref:`1277_sip-list_src_sip-request-rate-limit_method_bye-cfg` **Type:** Object **invite-cfg** **Description:** invite-cfg is a **JSON Block**. Please see below for :ref:`1277_sip-list_src_sip-request-rate-limit_method_invite-cfg` **Type:** Object **message-cfg** **Description:** message-cfg is a **JSON Block**. Please see below for :ref:`1277_sip-list_src_sip-request-rate-limit_method_message-cfg` **Type:** Object **notify-cfg** **Description:** notify-cfg is a **JSON Block**. Please see below for :ref:`1277_sip-list_src_sip-request-rate-limit_method_notify-cfg` **Type:** Object **options-cfg** **Description:** options-cfg is a **JSON Block**. Please see below for :ref:`1277_sip-list_src_sip-request-rate-limit_method_options-cfg` **Type:** Object **refer-cfg** **Description:** refer-cfg is a **JSON Block**. Please see below for :ref:`1277_sip-list_src_sip-request-rate-limit_method_refer-cfg` **Type:** Object **register-cfg** **Description:** register-cfg is a **JSON Block**. Please see below for :ref:`1277_sip-list_src_sip-request-rate-limit_method_register-cfg` **Type:** Object **subscribe-cfg** **Description:** subscribe-cfg is a **JSON Block**. Please see below for :ref:`1277_sip-list_src_sip-request-rate-limit_method_subscribe-cfg` **Type:** Object **update-cfg** **Description:** update-cfg is a **JSON Block**. Please see below for :ref:`1277_sip-list_src_sip-request-rate-limit_method_update-cfg` **Type:** Object .. _1277_sip-list_src_sip-request-rate-limit_method_options-cfg: sip-list_src_sip-request-rate-limit_method_options-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **OPTIONS** **Description** OPTIONS method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-options-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_sip-list_src_sip-request-rate-limit_method_refer-cfg: sip-list_src_sip-request-rate-limit_method_refer-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **REFER** **Description** REFER method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-refer-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_sip-list_src_sip-request-rate-limit_method_bye-cfg: sip-list_src_sip-request-rate-limit_method_bye-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **BYE** **Description** BYE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-bye-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_sip-list_src_sip-request-rate-limit_method_subscribe-cfg: sip-list_src_sip-request-rate-limit_method_subscribe-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **SUBSCRIBE** **Description** SUBSCRIBE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-subscribe-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_sip-list_src_sip-request-rate-limit_method_register-cfg: sip-list_src_sip-request-rate-limit_method_register-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **REGISTER** **Description** REGISTER method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-register-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_sip-list_src_sip-request-rate-limit_method_invite-cfg: sip-list_src_sip-request-rate-limit_method_invite-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **INVITE** **Description** INVITE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-invite-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_sip-list_src_sip-request-rate-limit_method_message-cfg: sip-list_src_sip-request-rate-limit_method_message-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **MESSAGE** **Description** MESSAGE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-message-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_sip-list_src_sip-request-rate-limit_method_update-cfg: sip-list_src_sip-request-rate-limit_method_update-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **UPDATE** **Description** UPDATE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-update-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_sip-list_src_sip-request-rate-limit_method_notify-cfg: sip-list_src_sip-request-rate-limit_method_notify-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **NOTIFY** **Description** NOTIFY method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-notify-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_sip-list_dst: sip-list_dst ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sip-request-rate-limit** **Description:** sip-request-rate-limit is a **JSON Block**. Please see below for :ref:`1277_sip-list_dst_sip-request-rate-limit` **Type:** Object .. _1277_sip-list_dst_sip-request-rate-limit: sip-list_dst_sip-request-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-sip-rate-action** **Description** 'drop': Drop packets(Default); 'ignore': Take no action; 'reset': Reset (sip-tcp) client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, reset, blacklist-src **Default:** drop **Mutual Exclusion:** dst-sip-rate-action and dst-sip-rate-action-list-name are mutually exclusive **dst-sip-rate-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-sip-rate-action-list-name and dst-sip-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **method** **Description:** method is a **JSON Block**. Please see below for :ref:`1277_sip-list_dst_sip-request-rate-limit_method` **Type:** Object .. _1277_sip-list_dst_sip-request-rate-limit_method: sip-list_dst_sip-request-rate-limit_method ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **bye-cfg** **Description:** bye-cfg is a **JSON Block**. Please see below for :ref:`1277_sip-list_dst_sip-request-rate-limit_method_bye-cfg` **Type:** Object **invite-cfg** **Description:** invite-cfg is a **JSON Block**. Please see below for :ref:`1277_sip-list_dst_sip-request-rate-limit_method_invite-cfg` **Type:** Object **message-cfg** **Description:** message-cfg is a **JSON Block**. Please see below for :ref:`1277_sip-list_dst_sip-request-rate-limit_method_message-cfg` **Type:** Object **notify-cfg** **Description:** notify-cfg is a **JSON Block**. Please see below for :ref:`1277_sip-list_dst_sip-request-rate-limit_method_notify-cfg` **Type:** Object **options-cfg** **Description:** options-cfg is a **JSON Block**. Please see below for :ref:`1277_sip-list_dst_sip-request-rate-limit_method_options-cfg` **Type:** Object **refer-cfg** **Description:** refer-cfg is a **JSON Block**. Please see below for :ref:`1277_sip-list_dst_sip-request-rate-limit_method_refer-cfg` **Type:** Object **register-cfg** **Description:** register-cfg is a **JSON Block**. Please see below for :ref:`1277_sip-list_dst_sip-request-rate-limit_method_register-cfg` **Type:** Object **subscribe-cfg** **Description:** subscribe-cfg is a **JSON Block**. Please see below for :ref:`1277_sip-list_dst_sip-request-rate-limit_method_subscribe-cfg` **Type:** Object **update-cfg** **Description:** update-cfg is a **JSON Block**. Please see below for :ref:`1277_sip-list_dst_sip-request-rate-limit_method_update-cfg` **Type:** Object .. _1277_sip-list_dst_sip-request-rate-limit_method_options-cfg: sip-list_dst_sip-request-rate-limit_method_options-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **OPTIONS** **Description** OPTIONS method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-options-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_sip-list_dst_sip-request-rate-limit_method_refer-cfg: sip-list_dst_sip-request-rate-limit_method_refer-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **REFER** **Description** REFER method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-refer-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_sip-list_dst_sip-request-rate-limit_method_bye-cfg: sip-list_dst_sip-request-rate-limit_method_bye-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **BYE** **Description** BYE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-bye-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_sip-list_dst_sip-request-rate-limit_method_subscribe-cfg: sip-list_dst_sip-request-rate-limit_method_subscribe-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **SUBSCRIBE** **Description** SUBSCRIBE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-subscribe-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_sip-list_dst_sip-request-rate-limit_method_register-cfg: sip-list_dst_sip-request-rate-limit_method_register-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **REGISTER** **Description** REGISTER method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-register-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_sip-list_dst_sip-request-rate-limit_method_invite-cfg: sip-list_dst_sip-request-rate-limit_method_invite-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **INVITE** **Description** INVITE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-invite-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_sip-list_dst_sip-request-rate-limit_method_message-cfg: sip-list_dst_sip-request-rate-limit_method_message-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **MESSAGE** **Description** MESSAGE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-message-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_sip-list_dst_sip-request-rate-limit_method_update-cfg: sip-list_dst_sip-request-rate-limit_method_update-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **UPDATE** **Description** UPDATE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-update-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_sip-list_dst_sip-request-rate-limit_method_notify-cfg: sip-list_dst_sip-request-rate-limit_method_notify-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **NOTIFY** **Description** NOTIFY method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-notify-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1277_sip-list_idle-timeout: sip-list_idle-timeout ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **idle-timeout-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset (sip-tcp) client connection; **Type:** string **Supported Values:** drop, blacklist-src, reset **Mutual Exclusion:** idle-timeout-action and idle-timeout-action-list-name are mutually exclusive **idle-timeout-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** idle-timeout-action-list-name and idle-timeout-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **idle-timeout-value** **Description** Set the the idle timeout value for SIP-TCP connections **Type:** number **Range:** 1-63 **ignore-zero-payload** **Description** Don't reset idle timer on packets with zero payload length from clients **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1277_sip-list_multi-pu-threshold-distribution: sip-list_multi-pu-threshold-distribution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **multi-pu-threshold-distribution-disable** **Description** 'disable': Destination side rate limit only. Default: Enable; **Type:** string **Supported Values:** disable **Mutual Exclusion:** multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive **multi-pu-threshold-distribution-value** **Description** Destination side rate limit only. Default: 0 **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive .. _1277_sip-list_malformed-sip: sip-list_malformed-sip ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **malformed-sip-action** **Description** 'drop': Drop packets (Default); 'reset': Reset (sip-tcp) client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, reset, blacklist-src **Default:** drop **Mutual Exclusion:** malformed-sip-action and malformed-sip-action-list-name are mutually exclusive **malformed-sip-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** malformed-sip-action-list-name and malformed-sip-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **malformed-sip-call-id-max-length** **Description** Set the maximum call-id length. Default value is 32511 **Type:** number **Range:** 1-32511 **Default:** 32511 **malformed-sip-check** **Description** 'enable-check': Enable malformed SIP parameters; **Type:** string **Supported Values:** enable-check **malformed-sip-max-header-name-length** **Description** Set the maximum header name length. Default value is 63 **Type:** number **Range:** 1-63 **Default:** 63 **malformed-sip-max-header-value-length** **Description** Set the maximum header value length. Default value is 32511 **Type:** number **Range:** 1-32511 **Default:** 32511 **malformed-sip-max-line-size** **Description** Set the maximum line size. Default value is 32511 **Type:** number **Range:** 1-32511 **Default:** 32511 **malformed-sip-max-uri-length** **Description** Set the maximum uri size. Default value is 32511 **Type:** number **Range:** 1-32511 **Default:** 32511 **malformed-sip-sdp-max-length** **Description** Set the maxinum SDP content length. Default value is 32511 **Type:** number **Range:** 1-32511 **Default:** 32511 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_sip-list_filter-header-list: sip-list_filter-header-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **sip-filter-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; 'reset': Reset client connection(for sip-tcp); **Type:** string **Supported Values:** drop, ignore, blacklist-src, authenticate-src, reset **Mutual Exclusion:** sip-filter-action and sip-filter-action-list-name are mutually exclusive **sip-filter-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** sip-filter-action-list-name and sip-filter-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **sip-filter-header-seq** **Description** Sequence number **Type:** number **Range:** 1-200 **sip-filter-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip-header-cfg** **Description:** sip-header-cfg is a **JSON Block**. Please see below for :ref:`1277_sip-list_filter-header-list_sip-header-cfg` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_sip-list_filter-header-list_sip-header-cfg: sip-list_filter-header-list_sip-header-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sip-filter-header-inverse-match** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sip-filter-header-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters .. _1277_icmp-v6-list: icmp-v6-list ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}/filter/{icmp-filter-name} ` **filter-match-type** **Description** 'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; **Type:** string **Supported Values:** default, stop-on-first-match **Default:** default **icmp-tmpl-name** **Description** DDOS ICMPv6 Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}/type/{type-number} ` **type-other** **Description:** type-other is a **JSON Block**. Please see below for :ref:`1277_icmp-v6-list_type-other` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}/type-other ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_icmp-v6-list_type-list: icmp-v6-list_type-list ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dst-code-other-rate** **Description** Specify the rate with other code **Type:** number **Range:** 1-16000000 **dst-code-other-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** dst-code-other-rate-action and dst-code-other-rate-action-list-name are mutually exclusive **dst-code-other-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-code-other-rate-action-list-name and dst-code-other-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **icmp-type-action** **Description** 'drop': Reject this ICMP type; 'blacklist-src': Blacklist-src this ICMP type; 'ignore': Ignore this ICMP type; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** icmp-type-action and icmp-type-action-list-name are mutually exclusive **icmp-type-action-list-name** **Description** Configure action-list to take for this ICMP type **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** icmp-type-action-list-name and icmp-type-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **src-code-other-rate** **Description** Specify the rate with other code **Type:** number **Range:** 1-16000000 **src-code-other-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** src-code-other-rate-action and src-code-other-rate-action-list-name are mutually exclusive **src-code-other-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-code-other-rate-action-list-name and src-code-other-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **type-number** **Description** Specify ICMP type number **Type:** number **Range:** 0-255 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **v6-dst-code-cfg** **Type:** List **v6-dst-rate-cfg** **Description:** v6-dst-rate-cfg is a **JSON Block**. Please see below for :ref:`1277_icmp-v6-list_type-list_v6-dst-rate-cfg` **Type:** Object **v6-src-code-cfg** **Type:** List **v6-src-rate-cfg** **Description:** v6-src-rate-cfg is a **JSON Block**. Please see below for :ref:`1277_icmp-v6-list_type-list_v6-src-rate-cfg` **Type:** Object .. _1277_icmp-v6-list_type-list_v6-dst-rate-cfg: icmp-v6-list_type-list_v6-dst-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-type-rate** **Description** Specify the whole dst rate for this type **Type:** number **Range:** 1-16000000 **dst-type-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** dst-type-rate-action and dst-type-rate-action-list-name are mutually exclusive **dst-type-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-type-rate-action-list-name and dst-type-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_icmp-v6-list_type-list_v6-src-rate-cfg: icmp-v6-list_type-list_v6-src-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-type-rate** **Description** Specify the whole src rate for this type **Type:** number **Range:** 1-16000000 **src-type-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** src-type-rate-action and src-type-rate-action-list-name are mutually exclusive **src-type-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-type-rate-action-list-name and src-type-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_icmp-v6-list_type-list_v6-src-code-cfg: icmp-v6-list_type-list_v6-src-code-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **src-code-number** **Description** Specify the ICMP code for this src rate **Type:** number **Range:** 0-255 **src-code-rate** **Description** Specify the rate with the code **Type:** number **Range:** 1-16000000 **src-code-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** src-code-rate-action and src-code-rate-action-list-name are mutually exclusive **src-code-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-code-rate-action-list-name and src-code-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_icmp-v6-list_type-list_v6-dst-code-cfg: icmp-v6-list_type-list_v6-dst-code-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dst-code-number** **Description** Specify the ICMP code for this dst rate **Type:** number **Range:** 0-255 **dst-code-rate** **Description** Specify the rate with the code **Type:** number **Range:** 1-16000000 **dst-code-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** dst-code-rate-action and dst-code-rate-action-list-name are mutually exclusive **dst-code-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-code-rate-action-list-name and dst-code-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_icmp-v6-list_type-other: icmp-v6-list_type-other ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`1277_icmp-v6-list_type-other_dst` **Type:** Object **icmp-type-other-action** **Description** 'drop': Reject wildcard ICMP type; 'blacklist-src': Blacklist-src wildcard ICMP type; 'ignore': Ignore wildcard ICMP type; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** icmp-type-other-action and icmp-type-other-action-list-name are mutually exclusive **icmp-type-other-action-list-name** **Description** Configure action-list to take for wildcard ICMP match **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** icmp-type-other-action-list-name and icmp-type-other-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **src** **Description:** src is a **JSON Block**. Please see below for :ref:`1277_icmp-v6-list_type-other_src` **Type:** Object **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1277_icmp-v6-list_type-other_src: icmp-v6-list_type-other_src ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-type-other-rate** **Description** Specify the whole src rate for wildcard ICMP type **Type:** number **Range:** 1-16000000 **src-type-other-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** src-type-other-rate-action and src-type-other-rate-action-list-name are mutually exclusive **src-type-other-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-type-other-rate-action-list-name and src-type-other-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_icmp-v6-list_type-other_dst: icmp-v6-list_type-other_dst ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-type-other-rate** **Description** Specify the whole dst rate for wildcard ICMP type **Type:** number **Range:** 1-16000000 **dst-type-other-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** dst-type-other-rate-action and dst-type-other-rate-action-list-name are mutually exclusive **dst-type-other-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-type-other-rate-action-list-name and dst-type-other-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1277_icmp-v6-list_filter-list: icmp-v6-list_filter-list ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **byte-offset-filter** **Description** filter using Berkeley packet filter syntax **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **icmp-filter-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, blacklist-src **Default:** drop **Mutual Exclusion:** icmp-filter-action and icmp-filter-action-list-name are mutually exclusive **icmp-filter-action-list-name** **Description** list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** icmp-filter-action-list-name and icmp-filter-action are mutually exclusive **icmp-filter-inverse-match** **Description** Inverse the result of matching **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **icmp-filter-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-filter-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **icmp-filter-seq** **Description** sequence number **Type:** number **Range:** 1-200 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters