.. _slb_template: slb template ============ Define an SLB template template Specification ---------------------- ===================================== ===================================================== **Parameter** **Value** ===================================== ===================================================== **Type** *Intermediate Resource* **Element Name** template **Element URI** /axapi/v3/slb/template **Element Attributes** template_attributes **Partition Visibility** shared **Schema** :download:`template schema ` ===================================== ===================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Get Object .. raw:: html GET .. raw:: html /axapi/v3/slb/template .. raw:: html template_attributes .. raw:: html
.. _3055_template_attributes: template attributes ------------------- **cache-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/cache/{name} ` **cipher-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/cipher/{name} ` **client-ssh-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/client-ssh/{name} ` **client-ssl-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/client-ssl/{name} ` **connection-reuse-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/connection-reuse/{name} ` **dblb-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/dblb/{name} ` **diameter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/diameter/{name} ` **dns-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/dns/{name} ` **dns-logging-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/dns-logging/{name} ` **doh-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/doh/{name} ` **dynamic-service-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/dynamic-service/{name} ` **external-service-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/external-service/{name} ` **fix-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/fix/{name} ` **ftp-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/ftp/{name} ` **http-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/http/{name} ` **http-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/http-policy/{name} ` **imap-pop3-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/imap-pop3/{name} ` **link-block-as-down** **Description:** link-block-as-down is a **JSON Block**. Please see below for :ref:`3055_link-block-as-down` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/link-block-as-down ` **link-cost-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/link-cost/{name} ` **link-down-on-restart** **Description:** link-down-on-restart is a **JSON Block**. Please see below for :ref:`3055_link-down-on-restart` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/link-down-on-restart ` **link-probe-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/link-probe/{name} ` **logging-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/logging/{name} ` **monitor-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/monitor/{id} ` **mqtt-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/mqtt/{name} ` **persist** **Description:** persist is a **JSON Block**. Please see below for :ref:`3055_persist` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/persist ` **policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/policy/{name} ` **port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/port/{name} ` **quic-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/quic/{name} ` **reqmod-icap-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/reqmod-icap/{name} ` **respmod-icap-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/respmod-icap/{name} ` **server-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/server/{name} ` **server-ssh-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/server-ssh/{name} ` **server-ssl-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/server-ssl/{name} ` **sip-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/sip/{name} ` **smpp-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/smpp/{name} ` **smtp-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/smtp/{name} ` **ssli-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/ssli/{name} ` **tcp-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/tcp/{name} ` **tcp-proxy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/tcp-proxy/{name} ` **udp-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/udp/{name} ` **virtual-port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/virtual-port/{name} ` **virtual-server-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/virtual-server/{name} ` .. _3055_logging-list: logging-list ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **auto** **Description** 'auto': Configure auto NAT for logging, default is auto enabled; **Type:** string **Supported Values:** auto **Default:** auto **Mutual Exclusion:** auto and pool are mutually exclusive **format** **Description** Specify a format string for web logging (format string(less than 250 characters) for web logging) **Type:** string **Format:** string-rlx **Maximum Length:** 250 characters **Maximum Length:** 1 characters **keep-end** **Description** Number of unmasked characters at the end (default: 0) **Type:** number **Range:** 0-65535 **Default:** 0 **keep-start** **Description** Number of unmasked characters at the beginning (default: 0) **Type:** number **Range:** 0-65535 **Default:** 0 **local-logging** **Description** 1 to enable local logging (1 to enable local logging, default 0) **Type:** number **Range:** 0-1 **Default:** 0 **mask** **Description** Character to mask the matched pattern (default: X) **Type:** string **Maximum Length:** 1 characters **Maximum Length:** 1 characters **Default:** X **name** **Description** Logging Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **pcre-mask** **Description** Mask matched PCRE pattern in the log **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **pool** **Description** Specify NAT pool or pool group **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Mutual Exclusion:** pool, shared-partition-pool, and auto are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ip/nat/pool ` **pool-shared** **Description** Specify NAT pool or pool group **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ip/nat/pool ` **service-group** **Description** Bind a Service Group to the logging template (Service Group Name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **shared-partition-pool** **Description** Reference a NAT pool or pool group from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** shared-partition-pool and pool are mutually exclusive **shared-partition-tcp-proxy-template** **Description** Reference a TCP Proxy template from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** shared-partition-tcp-proxy-template and tcp-proxy are mutually exclusive **tcp-proxy** **Description** TCP Proxy Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** tcp-proxy and shared-partition-tcp-proxy-template are mutually exclusive **Reference Object:** :doc:`/axapi/v3/slb/template/tcp-proxy ` **template-tcp-proxy-shared** **Description** TCP Proxy Template name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/tcp-proxy ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_cache-list: cache-list ^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **accept-reload-req** **Description** Accept reload requests via cache-control directives in HTTP headers **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **age** **Description** Specify duration in seconds cached content valid, default is 3600 seconds (seconds that the cached content is valid (default 3600 seconds)) **Type:** number **Range:** 1-999999 **Default:** 3600 **default-policy-nocache** **Description** Specify default policy to be to not cache **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-insert-age** **Description** Disable insertion of age header in response served from RAM cache **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-insert-via** **Description** Disable insertion of via header in response served from RAM cache **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **local-uri-policy** **Type:** List **logging** **Description** Specify logging template (Logging Config name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/logging ` **max-cache-size** **Description** Specify maximum cache size in megabytes, default is 80MB (RAM cache size in megabytes (default 80MB)) **Type:** number **Range:** 1-4096 **Default:** 80 **max-content-size** **Description** Maximum size (bytes) of response that can be cached - default 81920 (80KB) **Type:** number **Range:** 0-268435455 **Default:** 81920 **min-content-size** **Description** Minimum size (bytes) of response that can be cached - default 512 **Type:** number **Range:** 0-268435455 **Default:** 512 **name** **Description** Specify cache template name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **packet-capture-template** **Description** Name of the packet capture template to be bind with this object **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/visibility/packet-capture/object-templates/slb-templ-cache-tmpl ` **remove-cookies** **Description** Remove cookies in response and cache **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **replacement-policy** **Description** 'LFU': LFU; **Type:** string **Supported Values:** LFU **Default:** LFU **sampling-enable** **Type:** List **uri-policy** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **verify-host** **Description** Verify request using host before sending response from RAM cache **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _3055_cache-list_local-uri-policy: cache-list_local-uri-policy ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **local-uri** **Description** Specify Local URI for caching (Specify URI pattern that the policy should be applied to, maximum 63 charaters) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_cache-list_sampling-enable: cache-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'hits': Cache hits; 'miss': Cache misses; 'bytes_served': Bytes served from cache; 'total_req': Total requests received; 'caching_req': Total requests to cache; 'nc_req_header': slbTemplateCacheNcReqHeader, help nc_req_header; 'nc_res_header': slbTemplateCacheNcResHeader, help nc_res_header; 'rv_success': some help string; 'rv_failure': slbTemplateCacheRvFailure, help rv_failure; 'ims_request': some help string; 'nm_response': some help string; 'rsp_type_CL': some help string; 'rsp_type_CE': some help string; 'rsp_type_304': some help string; 'rsp_type_other': some help string; 'rsp_no_compress': some help string; 'rsp_gzip': some help string; 'rsp_deflate': some help string; 'rsp_other': some help string; 'nocache_match': some help string; 'match': some help string; 'invalidate_match': some help string; 'content_toobig': slbTemplateCacheContentToobig, help content_toobig; 'content_toosmall': slbTemplateCacheContentToosmall, help content_toosmall; 'entry_create_failures': slbTemplateCacheEntryCreateFailures, help entry_create_failures; 'mem_size': some help string; 'entry_num': some help string; 'replaced_entry': some help string; 'aging_entry': some help string; 'cleaned_entry': some help string; 'rsp_type_stream': some help string; 'header_save_error': some help string; 'rsp_br': rsp_br; **Type:** string **Supported Values:** all, hits, miss, bytes_served, total_req, caching_req, nc_req_header, nc_res_header, rv_success, rv_failure, ims_request, nm_response, rsp_type_CL, rsp_type_CE, rsp_type_304, rsp_type_other, rsp_no_compress, rsp_gzip, rsp_deflate, rsp_other, nocache_match, match, invalidate_match, content_toobig, content_toosmall, entry_create_failures, mem_size, entry_num, replaced_entry, aging_entry, cleaned_entry, rsp_type_stream, header_save_error, rsp_br .. _3055_cache-list_uri-policy: cache-list_uri-policy ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **cache-action** **Description** 'cache': Specify if certain URIs should be cached; 'nocache': Specify if certain URIs should not be cached; **Type:** string **Supported Values:** cache, nocache **cache-value** **Description** Specify seconds that content should be cached, default is age specified in cache template **Type:** number **Range:** 1-999999 **invalidate** **Description** Specify if URI should invalidate cache entries matching pattern (pattern that would match entries to be invalidated (64 chars max)) **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **uri** **Description** Specify URI for cache policy (Specify URI pattern that the policy should be applied to, maximum 63 charaters) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_port-list: port-list ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **add** **Description** Slow start connection limit add by a number every interval (Add by this number every interval) **Type:** number **Range:** 1-4095 **Mutual Exclusion:** add and times are mutually exclusive **bw-rate-limit** **Description** Configure bandwidth rate limit on real server port (Bandwidth rate limit in Kbps) **Type:** number **Range:** 1-16777216 **bw-rate-limit-duration** **Description** Duration in seconds the observed rate needs to honor **Type:** number **Range:** 1-250 **bw-rate-limit-no-logging** **Description** Do not log bandwidth rate limit related state transitions **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **bw-rate-limit-resume** **Description** Resume server selection after bandwidth drops below this threshold (in Kbps) (Bandwidth rate limit resume threshold (in Kbps)) **Type:** number **Range:** 1-16777216 **conn-limit** **Description** Connection limit **Type:** number **Range:** 1-64000000 **Default:** 64000000 **conn-limit-no-logging** **Description** Do not log connection over limit event **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **conn-rate-limit** **Description** Connection rate limit **Type:** number **Range:** 1-1048575 **conn-rate-limit-no-logging** **Description** Do not log connection over limit event **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dampening-flaps** **Description** service dampening flaps count (max-flaps allowed in flap period) **Type:** number **Range:** 1-255 **decrement** **Description** Decrease after every round of DNS query (default is 0) **Type:** number **Range:** 0-7 **Default:** 0 **del-session-on-server-down** **Description** Delete session if the server/port goes down (either disabled/hm down) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dest-nat** **Description** Destination NAT **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **down-grace-period** **Description** Port down grace period (Down grace period in seconds) **Type:** number **Range:** 1-86400 **down-timer** **Description** The timer to bring the marked down server/port to up (default is 0, never bring up) (The timer to bring up server (in second, default is 0)) **Type:** number **Range:** 0-255 **Default:** 0 **dscp** **Description** Differentiated Services Code Point (DSCP to Real Server IP Mapping Value) **Type:** number **Range:** 1-63 **dynamic-member-priority** **Description** Set dynamic member's priority (Initial priority (default is 16)) **Type:** number **Range:** 1-16 **Default:** 16 **every** **Description** Slow start connection limit increment interval (default 10) **Type:** number **Range:** 1-60 **Default:** 10 **extended-stats** **Description** Enable extended statistics on real server port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **flap-period** **Description** take service out of rotation if max-flaps exceeded within time in seconds **Type:** number **Range:** 1-255 **health-check** **Description** Health Check Monitor (Health monitor name) **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** health-check and health-check-disable are mutually exclusive **Reference Object:** :doc:`/axapi/v3/health/monitor ` **health-check-disable** **Description** Disable configured health check configuration **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** health-check-disable and health-check are mutually exclusive **inband-health-check** **Description** Use inband traffic to detect port's health status **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **initial-slow-start** **Description** Initial slow start connection limit (default 128) **Type:** number **Range:** 1-4095 **Default:** 128 **name** **Description** Port template name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Default:** default **no-ssl** **Description** No SSL **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **rate-interval** **Description** '100ms': Use 100 ms as sampling interval; 'second': Use 1 second as sampling interval; **Type:** string **Supported Values:** 100ms, second **Default:** second **reassign** **Description** Maximum reassign times before declear the server/port down (default is 25) (The maximum reassign number) **Type:** number **Range:** 0-255 **Default:** 25 **request-rate-interval** **Description** '100ms': Use 100 ms as sampling interval; 'second': Use 1 second as sampling interval; **Type:** string **Supported Values:** 100ms, second **Default:** second **request-rate-limit** **Description** Request rate limit **Type:** number **Range:** 1-1048575 **request-rate-no-logging** **Description** Do not log connection over limit event **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **resel-on-reset** **Description** When receiving reset from server, do the server/port reselection (default is 0, don't do reselection) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **reset** **Description** Send client reset when connection rate over limit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **restore-svc-time** **Description** put the service back to the rotation after time in seconds **Type:** number **Range:** 1-4095 **resume** **Description** Resume accepting new connection after connection number drops below threshold (Connection resume threshold) **Type:** number **Range:** 1-1048575 **retry** **Description** Maximum retry times before reassign this connection to another server/port (default is 2) (The maximum retry number) **Type:** number **Range:** 0-7 **Default:** 2 **shared-partition-pool** **Description** Reference a NAT pool or pool-group from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** shared-partition-pool and source-nat are mutually exclusive **slow-start** **Description** Slowly ramp up the connection number after port is up **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **source-nat** **Description** Source NAT (IP NAT Pool or pool group name) **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Mutual Exclusion:** source-nat and shared-partition-pool are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ip/nat/pool ` **stats-data-action** **Description** 'stats-data-enable': Enable statistical data collection for real server port; 'stats-data-disable': Disable statistical data collection for real server port; **Type:** string **Supported Values:** stats-data-enable, stats-data-disable **Default:** stats-data-enable **sub-group** **Description** Divide service group members into different sub groups (Sub group ID (default is 0)) **Type:** number **Range:** 0-15 **Default:** 0 **template-port-pool-shared** **Description** Source NAT (IP NAT Pool or pool group name) **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ip/nat/pool ` **till** **Description** Slow start ends when slow start connection limit reaches a number (default 4096) (Slow start ends when connection limit reaches this number) **Type:** number **Range:** 1-65535 **Default:** 4096 **times** **Description** Slow start connection limit multiply by a number every interval (default 2) (Multiply by this number every interval) **Type:** number **Range:** 2-10 **Default:** 2 **Mutual Exclusion:** times and add are mutually exclusive **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **weight** **Description** Weight (port weight) **Type:** number **Range:** 1-1000 **Default:** 1 .. _3055_connection-reuse-list: connection-reuse-list ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **add-header** **Description** Insert HTTP Connection: keep-alive header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **keep-alive-conn** **Description** Keep a number of server connections open **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **limit-per-server** **Description** Max Server Connections allowed (Connections per Server Port (default 1000)) **Type:** number **Range:** 0-65535 **Default:** 1000 **name** **Description** Connection Reuse Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **num-conn-per-port** **Description** Connections per Server Port (default 100) **Type:** number **Range:** 1-1024 **Default:** 100 **preopen** **Description** Preopen server connection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **timeout** **Description** Timeout in seconds. Multiple of 60 (default 2400) **Type:** number **Range:** 60-3600 **Default:** 2400 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_link-cost-list: link-cost-list ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **bandwidth-interval** **Description** Interval duration in seconds **Type:** number **Range:** 1-60 **Default:** 5 **name** **Description** Server Link-Cost Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **overage-bandwidth-cost** **Description** Configure overage bandwidth cost on real server (Overage bandwidth cost per Mbpi) **Type:** number **Range:** 0-4294967295 **Default:** 0 **prepaid-bandwidth** **Description** Configure prepaid bandwidth on real server (Prepaid Bandwidth in Mbpi) **Type:** number **Range:** 0-4294967295 **Default:** 0 **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_link-cost-list_sampling-enable: link-cost-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'link_total_fwd_bytes': Total bytes fwd for link; 'interval_fwd_bytes': Link Cost bytes processed in forward direction per interval; 'link_total_conn': Link Cost total connection; 'interval_avg_throughput': Link Cost average throughput per interval; 'interval_max_throughput': Link Cost max throughput per interval; **Type:** string **Supported Values:** all, link_total_fwd_bytes, interval_fwd_bytes, link_total_conn, interval_avg_throughput, interval_max_throughput .. _3055_reqmod-icap-list: reqmod-icap-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'continue': Continue; 'drop': Drop; 'reset': Reset; **Type:** string **Supported Values:** continue, drop, reset **Default:** continue **allowed-http-methods** **Description** List of allowed HTTP methods. Default is "Allow All". (List of HTTP methods allowed (default "Allow All")) **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **bypass-ip-cfg** **Type:** List **disable-http-server-reset** **Description** Don't reset http server **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fail-close** **Description** When template sg is down mark vport down **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **failure-action** **Description** 'continue': Continue; 'drop': Drop; 'reset': Reset; **Type:** string **Supported Values:** continue, drop, reset **Default:** continue **include-protocol-in-uri** **Description** Include protocol and port in HTTP URI **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-only-allowed-method** **Description** Only log allowed HTTP method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **logging** **Description** logging template (Logging template name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/logging ` **min-payload-size** **Description** min-payload-size value 0 - 65535, default is 0 **Type:** number **Range:** 0-65535 **Default:** 0 **name** **Description** Reqmod ICAP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **preview** **Description** Preview value 1 - 32768, default is 32768 **Type:** number **Range:** 1-32768 **Default:** 32768 **server-ssl** **Description** Server SSL template (Server SSL template name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/server-ssl ` **service-group** **Description** Bind a Service Group to the template (Service Group Name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **service-url** **Description** URL to send to ICAP server (Service URL Name) **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **shared-partition-persist-source-ip-template** **Description** Reference a persist source ip template from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** shared-partition-persist-source-ip-template and source-ip are mutually exclusive **shared-partition-tcp-proxy-template** **Description** Reference a TCP Proxy template from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** shared-partition-tcp-proxy-template and tcp-proxy are mutually exclusive **source-ip** **Description** Source IP persistence template (Source IP persistence template name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** source-ip and shared-partition-persist-source-ip-template are mutually exclusive **Reference Object:** :doc:`/axapi/v3/slb/template/persist/source-ip ` **tcp-proxy** **Description** TCP Proxy Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** tcp-proxy and shared-partition-tcp-proxy-template are mutually exclusive **Reference Object:** :doc:`/axapi/v3/slb/template/tcp-proxy ` **template-persist-source-ip-shared** **Description** Source IP Persistence Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/persist/source-ip ` **template-tcp-proxy-shared** **Description** TCP Proxy Template name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/tcp-proxy ` **timeout** **Description** Timeout value 1 - 200 in units of 200ms, default is 5 (default is 1000ms) (1 - 200 in units of 200ms, default is 5 (1000ms)) **Type:** number **Range:** 1-200 **Default:** 5 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **x-auth-url** **Description** Use URL format for authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _3055_reqmod-icap-list_bypass-ip-cfg: reqmod-icap-list_bypass-ip-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **bypass-ip** **Description** ip address to bypass reqmod-icap service **Type:** string **Format:** ipv4-address **mask** **Description** IP prefix mask **Type:** string **Format:** ipv4-netmask .. _3055_smpp-list: smpp-list ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-enquire-link** **Description** Respond client ENQUIRE_LINK packet directly instead of forwarding to server **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **name** **Description** SMPP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **password** **Description** Configure the password used to bind **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **server-enquire-link** **Description** Send server ENQUIRE_LINK packet for every persist connection when enable conn-reuse **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-enquire-link-val** **Description** Set interval of keep-alive packet for each persistent connection (second, default is 30) **Type:** number **Range:** 5-300 **Default:** 30 **server-selection-per-request** **Description** Force server selection on every SMPP request when enable conn-reuse **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user** **Description** Configure the user to bind (The name used to bind) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_smtp-list: smtp-list ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **LF-to-CRLF** **Description** Change the LF to CRLF for smtp end of line **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **client-domain-switching** **Type:** List **client-starttls-type** **Description** 'optional': STARTTLS is optional requirement; 'enforced': Must issue STARTTLS command before mail transaction; **Type:** string **Supported Values:** optional, enforced **command-disable** **Type:** List **error-code-to-client** **Description** Would transfer error code(554) to client, when getting it from connection establishing with real-server **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **name** **Description** SMTP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **server-domain** **Description** Config the domain of the email servers (Server's domain, default is "mail-server-domain") **Type:** string **Format:** host **Maximum Length:** 254 characters **Maximum Length:** 1 characters **Default:** mail-server-domain **server-starttls-type** **Description** 'optional': STARTTLS is optional requirement; 'enforced': Must issue STARTTLS command before mail transaction; **Type:** string **Supported Values:** optional, enforced **service-ready-msg** **Description** Set SMTP service ready message (SMTP service ready message, default is "ESMTP mail service ready") **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Default:** ESMTP mail service ready **template** **Description:** template is a **JSON Block**. Please see below for :ref:`3055_smtp-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_smtp-list_client-domain-switching: smtp-list_client-domain-switching ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **match-string** **Description** Domain name string **Type:** string **Format:** string-rlx **Maximum Length:** 31 characters **Maximum Length:** 1 characters **service-group** **Description** Select service group (Service group name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **switching-type** **Description** 'contains': Specify domain name string if domain contains another string; 'ends-with': Specify domain name string if domain ends with another string; 'starts-with': Specify domain string if domain starts with another string; **Type:** string **Supported Values:** contains, ends-with, starts-with .. _3055_smtp-list_template: smtp-list_template ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** Logging template (Logging Config name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/logging ` .. _3055_smtp-list_command-disable: smtp-list_command-disable ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **disable-type** **Description** 'expn': Disable SMTP EXPN commands; 'turn': Disable SMTP TURN commands; 'vrfy': Disable SMTP VRFY commands; **Type:** string **Supported Values:** expn, turn, vrfy .. _3055_external-service-list: external-service-list ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'continue': Continue; 'drop': Drop; 'reset': Reset; **Type:** string **Supported Values:** continue, drop, reset **Default:** continue **bypass-ip-cfg** **Type:** List **failure-action** **Description** 'continue': Continue; 'drop': Drop; 'reset': Reset; **Type:** string **Supported Values:** continue, drop, reset **Default:** continue **name** **Description** External Service Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **request-header-forward-list** **Type:** List **service-group** **Description** Bind a Service Group to the template (Service Group Name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **shared-partition-persist-source-ip-template** **Description** Reference a persist source ip template from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** shared-partition-persist-source-ip-template and source-ip are mutually exclusive **shared-partition-tcp-proxy-template** **Description** Reference a TCP Proxy template from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** shared-partition-tcp-proxy-template and tcp-proxy are mutually exclusive **source-ip** **Description** Source IP persistence template (Source IP persistence template name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** source-ip and shared-partition-persist-source-ip-template are mutually exclusive **Reference Object:** :doc:`/axapi/v3/slb/template/persist/source-ip ` **tcp-proxy** **Description** TCP Proxy Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** tcp-proxy and shared-partition-tcp-proxy-template are mutually exclusive **template-persist-source-ip-shared** **Description** Source IP Persistence Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/persist/source-ip ` **template-tcp-proxy-shared** **Description** TCP Proxy Template name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/tcp-proxy ` **timeout** **Description** Timeout value 1 - 200 in units of 200ms, default is 5 (default is 1000ms) (1 - 200 in units of 200ms, default is 5 (1000ms)) **Type:** number **Range:** 1-200 **Default:** 5 **type** **Description** 'skyfire-icap': Skyfire ICAP service; 'url-filter': URL filtering service; **Type:** string **Supported Values:** skyfire-icap, url-filter **Default:** url-filter **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_external-service-list_bypass-ip-cfg: external-service-list_bypass-ip-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **bypass-ip** **Description** ip address to bypass external service **Type:** string **Format:** ipv4-address **mask** **Description** IP prefix mask **Type:** string **Format:** ipv4-netmask .. _3055_external-service-list_request-header-forward-list: external-service-list_request-header-forward-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **request-header-forward** **Description** Request header to be forwarded to external service (Header Name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_tcp-list: tcp-list ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **alive-if-active** **Description** keep connection alive if active traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **del-session-on-server-down** **Description** Delete session if the server/port goes down (either disabled/hm down) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable** **Description** send reset to client when server is disabled **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** disable and down are mutually exclusive **down** **Description** send reset to client when server is down **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** down and disable are mutually exclusive **force-delete-timeout** **Description** The maximum time that a session can stay in the system before being delete (number (second)) **Type:** number **Range:** 1-31 **Mutual Exclusion:** force-delete-timeout and force-delete-timeout-100ms are mutually exclusive **force-delete-timeout-100ms** **Description** The maximum time that a session can stay in the system before being delete (number in 100ms) **Type:** number **Range:** 1-31 **Mutual Exclusion:** force-delete-timeout-100ms and force-delete-timeout are mutually exclusive **half-close-idle-timeout** **Description** TCP Half Close Idle Timeout (sec), default off (half close idle timeout in second, default off) **Type:** number **Range:** 60-120 **half-open-idle-timeout** **Description** TCP Half Open Idle Timeout (sec), default off (half open idle timeout in second, default off) **Type:** number **Range:** 1-60 **idle-timeout** **Description** Idle Timeout value (Interval of 60 seconds), default 120 seconds (idle timeout in second, default 120) **Type:** number **Range:** 1-2097151 **Default:** 120 **initial-window-size** **Description** Set the initial window size (number) **Type:** number **Range:** 1-65535 **insert-client-ip** **Description** Insert client ip into TCP option **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **lan-fast-ack** **Description** Enable fast TCP ack on LAN **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **logging** **Description** 'init': init only log; 'term': termination only log; 'both': both initial and termination log; **Type:** string **Supported Values:** init, term, both **name** **Description** Fast TCP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Default:** default **proxy-header** **Description:** proxy-header is a **JSON Block**. Please see below for :ref:`3055_tcp-list_proxy-header` **Type:** Object **qos** **Description** QOS level (number) **Type:** number **Range:** 1-63 **re-select-if-server-down** **Description** re-select another server if service port is down **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **reset-follow-fin** **Description** send reset to client or server upon receiving first fin **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **reset-fwd** **Description** send reset to server if error happens **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **reset-rev** **Description** send reset to client if error happens **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_tcp-list_proxy-header: tcp-list_proxy-header ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **proxy-header-action** **Description** 'insert': Insert proxy header; **Type:** string **Supported Values:** insert **proxy-header-version** **Description** 'v1': version 1; 'v2': version 2; **Type:** string **Supported Values:** v1, v2 .. _3055_diameter-list: diameter-list ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **avp-code** **Description** avp code **Type:** number **Range:** 1-2147483647 **avp-list** **Type:** List **avp-string** **Description** pattern to be matched in the avp string name, max length 127 bytes **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **customize-cea** **Description** customizing cea response **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dwr-time** **Description** dwr health-check timer interval (in 100 milli second unit, default is 100, 0 means unset this option) **Type:** number **Range:** 0-2147483647 **Default:** 100 **dwr-up-retry** **Description** number of successful dwr health-check before declaring target up **Type:** number **Range:** 1-7 **Default:** 3 **forward-to-latest-server** **Description** Forward client message to the latest server that sends message with the same session id **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-unknown-session-id** **Description** Forward server message even it has unknown session id **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **idle-timeout** **Description** user sesison idle timeout (in minutes, default is 5) **Type:** number **Range:** 1-65535 **Default:** 5 **load-balance-on-session-id** **Description** Load balance based on the session id **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **message-code-list** **Type:** List **multiple-origin-host** **Description** allowing multiple origin-host to a single server **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **name** **Description** diameter template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **origin-host** **Description:** origin-host is a **JSON Block**. Please see below for :ref:`3055_diameter-list_origin-host` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/diameter/{name}/origin-host ` **origin-realm** **Description** origin-realm name avp **Type:** string **Format:** string-rlx **Maximum Length:** 31 characters **Maximum Length:** 1 characters **product-name** **Description** product name avp **Type:** string **Format:** string-rlx **Maximum Length:** 31 characters **Maximum Length:** 1 characters **relaxed-origin-host** **Description** Relaxed Origin-Host Format **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **service-group-name** **Description** service group name, this is the service group that the message needs to be copied to **Type:** string **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **session-age** **Description** user session age allowed (default 10), this is not idle-time (in minutes) **Type:** number **Range:** 1-65535 **Default:** 10 **terminate-on-cca-t** **Description** remove diameter session when receiving CCA-T message **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **vendor-id** **Description** vendor-id avp (Vendor Id) **Type:** number **Range:** 0-2147483647 **Default:** 0 .. _3055_diameter-list_message-code-list: diameter-list_message-code-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **message-code** **Description** **Type:** number **Range:** 1-2147483647 .. _3055_diameter-list_avp-list: diameter-list_avp-list ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **avp** **Description** customize avps for cer to the server (avp number) **Type:** number **Range:** 0-2147483647 **int32** **Description** 32 bits integer **Type:** number **Range:** 0-2147483647 **Mutual Exclusion:** int32, int64, and string are mutually exclusive **int64** **Description** 64 bits integer **Type:** number **Range:** 0-2147483647 **Mutual Exclusion:** int64, int32, and string are mutually exclusive **mandatory** **Description** mandatory avp **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **string** **Description** String (string name, max length 127 bytes) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** string, int32, and int64 are mutually exclusive .. _3055_diameter-list_origin-host: diameter-list_origin-host ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **origin-host-name** **Description** origin-host name avp **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_udp-list: udp-list ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** short age (in sec), default is 31 **Type:** number **Range:** 1-31 **avp** **Description** '4': NAS-IP-address; '8': Framed-IP-Address; **Type:** string **Supported Values:** 4, 8 **disable-clear-session** **Description** Disable immediate clearing of session **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **idle-timeout** **Description** Idle Timeout value (Interval of 60 seconds), default 120 seconds (idle timeout in second, default 120) **Type:** number **Range:** 1-2097151 **Default:** 120 **immediate** **Description** Immediate Removal after Transaction **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** immediate and short are mutually exclusive **name** **Description** Fast UDP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Default:** default **qos** **Description** QOS level (number) **Type:** number **Range:** 1-63 **radius-lb-method-hash-type** **Description** 'ip': IP-Hash; **Type:** string **Supported Values:** ip, ipv6 **re-select-if-server-down** **Description** re-select another server if service port is down **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **short** **Description** Short lived session **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** short and immediate are mutually exclusive **stateless-conn-timeout** **Description** Stateless Current Connection Timeout value (5 - 120 seconds) (idle timeout in second, default 120) **Type:** number **Range:** 5-120 **Default:** 120 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **v6avp** **Description** '168': Framed-IPv6-Address; '97': Framed-IPv6-PrefixFramed-IPv6-Prefix; **Type:** string **Supported Values:** 168, 97 .. _3055_link-down-on-restart: link-down-on-restart ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **enable** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_http-policy-list: http-policy-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **cookie-name** **Description** name of cookie to match (Cookie Name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **geo-location-match** **Type:** List **http-policy-match** **Type:** List **multi-match-rule-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/http-policy/{name}/multi-match-rule/{multi-match} ` **name** **Description** http-policy template name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_http-policy-list_http-policy-match: http-policy-list_http-policy-match ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **match-string** **Description** URL String, use "[no-name]" for empty query-param-name match, use "[no-value]" for empty query-param-value match **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **match-type** **Description** 'contains': Select service group if URL string contains another string; 'ends-with': Select service group if URL string ends with another string; 'equals': Select service group if URL string equals another string; 'starts-with': Select service group if URL string starts with another string; **Type:** string **Supported Values:** contains, ends-with, equals, starts-with **service-group** **Description** Service Group to be used (Service Group Name) **Type:** string **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **type** **Description** 'cookie': cookie value match; 'host': hostname match; 'url': URL match; 'header-name': header name match; 'header-value': header value match; 'query-param-name': query parameter name; 'query-param-value': query parameter value; **Type:** string **Supported Values:** cookie, host, url, header-name, header-value, query-param-name, query-param-value .. _3055_http-policy-list_multi-match-rule-list: http-policy-list_multi-match-rule-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **cookie-name-contains-string** **Description** Cookie value string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **cookie-name-contains-type** **Description** 'contains': Cookie name contains string; **Type:** string **Supported Values:** contains **Mutual Exclusion:** cookie-name-contains-type,cookie-name-equals-type, cookie-name-starts-with-type, and cookie-name-ends-with-type are mutually exclusive **cookie-name-ends-with-string** **Description** Cookie name string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **cookie-name-ends-with-type** **Description** 'ends-with': Cookie name ends-with string; **Type:** string **Supported Values:** ends-with **Mutual Exclusion:** cookie-name-ends-with-type,cookie-name-equals-type, cookie-name-contains-type, and cookie-name-starts-with-type are mutually exclusive **cookie-name-equals-string** **Description** Cookie name string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **cookie-name-equals-type** **Description** 'equals': Cookie name equals to string; **Type:** string **Supported Values:** equals **Mutual Exclusion:** cookie-name-equals-type,cookie-name-contains-type, cookie-name-starts-with-type, and cookie-name-ends-with-type are mutually exclusive **cookie-name-starts-with-string** **Description** Cookie name string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **cookie-name-starts-with-type** **Description** 'starts-with': Cookie name starts-with string; **Type:** string **Supported Values:** starts-with **Mutual Exclusion:** cookie-name-starts-with-type,cookie-name-equals-type, cookie-name-contains-type, and cookie-name-ends-with-type are mutually exclusive **cookie-value-contains-string** **Description** Cookie value string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **cookie-value-contains-type** **Description** 'contains': Cookie value contains string; **Type:** string **Supported Values:** contains **Mutual Exclusion:** cookie-value-contains-type,cookie-value-equals-type, cookie-value-starts-with-type, and cookie-value-ends-with-type are mutually exclusive **cookie-value-ends-with-string** **Description** Cookie value string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **cookie-value-ends-with-type** **Description** 'ends-with': Cookie value ends-with string; **Type:** string **Supported Values:** ends-with **Mutual Exclusion:** cookie-value-ends-with-type,cookie-value-equals-type, cookie-value-contains-type, and cookie-value-starts-with-type are mutually exclusive **cookie-value-equals-string** **Description** Cookie value string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **cookie-value-equals-type** **Description** 'equals': Cookie value equals to string; **Type:** string **Supported Values:** equals **Mutual Exclusion:** cookie-value-equals-type,cookie-value-contains-type, cookie-value-starts-with-type, and cookie-value-ends-with-type are mutually exclusive **cookie-value-starts-with-string** **Description** Cookie value string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **cookie-value-starts-with-type** **Description** 'starts-with': Cookie value starts-with string; **Type:** string **Supported Values:** starts-with **Mutual Exclusion:** cookie-value-starts-with-type,cookie-value-equals-type, cookie-value-contains-type, and cookie-value-ends-with-type are mutually exclusive **header-name-contains-string** **Description** Header name string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **header-name-contains-type** **Description** 'contains': Header name contains string; **Type:** string **Supported Values:** contains **Mutual Exclusion:** header-name-contains-type,header-name-equals-type, header-name-starts-with-type, and header-name-ends-with-type are mutually exclusive **header-name-ends-with-string** **Description** Header name string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **header-name-ends-with-type** **Description** 'ends-with': Header name ends-with string; **Type:** string **Supported Values:** ends-with **Mutual Exclusion:** header-name-ends-with-type,header-name-equals-type, header-name-contains-type, and header-name-starts-with-type are mutually exclusive **header-name-equals-string** **Description** Header name string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **header-name-equals-type** **Description** 'equals': Header name equals to string; **Type:** string **Supported Values:** equals **Mutual Exclusion:** header-name-equals-type,header-name-contains-type, header-name-starts-with-type, and header-name-ends-with-type are mutually exclusive **header-name-starts-with-string** **Description** Header name string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **header-name-starts-with-type** **Description** 'starts-with': Header name starts-with string; **Type:** string **Supported Values:** starts-with **Mutual Exclusion:** header-name-starts-with-type,header-name-equals-type, header-name-contains-type, and header-name-ends-with-type are mutually exclusive **header-value-contains-string** **Description** Header value string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **header-value-contains-type** **Description** 'contains': Header value contains string; **Type:** string **Supported Values:** contains **Mutual Exclusion:** header-value-contains-type,header-value-equals-type, header-value-starts-with-type, and header-value-ends-with-type are mutually exclusive **header-value-ends-with-string** **Description** Header value string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **header-value-ends-with-type** **Description** 'ends-with': Header value ends-with string; **Type:** string **Supported Values:** ends-with **Mutual Exclusion:** header-value-ends-with-type,header-value-equals-type, header-value-contains-type, and header-value-starts-with-type are mutually exclusive **header-value-equals-string** **Description** Header value string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **header-value-equals-type** **Description** 'equals': Header value equals to string; **Type:** string **Supported Values:** equals **Mutual Exclusion:** header-value-equals-type,header-value-contains-type, header-value-starts-with-type, and header-value-ends-with-type are mutually exclusive **header-value-starts-with-string** **Description** Header value string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **header-value-starts-with-type** **Description** 'starts-with': Header value starts-with string; **Type:** string **Supported Values:** starts-with **Mutual Exclusion:** header-value-starts-with-type,header-value-equals-type, header-value-contains-type, and header-value-ends-with-type are mutually exclusive **host-contains-string** **Description** Host string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **host-contains-type** **Description** 'contains': Host contains string; **Type:** string **Supported Values:** contains **Mutual Exclusion:** host-contains-type,host-equals-type, host-starts-with-type, and host-ends-with-type are mutually exclusive **host-ends-with-string** **Description** Host string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **host-ends-with-type** **Description** 'ends-with': Host ends-with string; **Type:** string **Supported Values:** ends-with **Mutual Exclusion:** host-ends-with-type,host-equals-type, host-contains-type, and host-starts-with-type are mutually exclusive **host-equals-string** **Description** Host string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **host-equals-type** **Description** 'equals': Host equals to string; **Type:** string **Supported Values:** equals **Mutual Exclusion:** host-equals-type,host-contains-type, host-starts-with-type, and host-ends-with-type are mutually exclusive **host-starts-with-string** **Description** Host string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **host-starts-with-type** **Description** 'starts-with': Host starts-with string; **Type:** string **Supported Values:** starts-with **Mutual Exclusion:** host-starts-with-type,host-equals-type, host-contains-type, and host-ends-with-type are mutually exclusive **multi-match** **Description** Specify a multi-match-rule name **Type:** string **Format:** string-rlx **Maximum Length:** 64 characters **Maximum Length:** 1 characters **query-param-name-contains-string** **Description** query parameter name string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **query-param-name-contains-type** **Description** 'contains': query parameter name contains string; **Type:** string **Supported Values:** contains **Mutual Exclusion:** query-param-name-contains-type,query-param-name-equals-type, query-param-name-starts-with-type, and query-param-name-ends-with-type are mutually exclusive **query-param-name-ends-with-string** **Description** query parameter name string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **query-param-name-ends-with-type** **Description** 'ends-with': query parameter name ends-with string; **Type:** string **Supported Values:** ends-with **Mutual Exclusion:** query-param-name-ends-with-type,query-param-name-equals-type, query-param-name-contains-type, and query-param-name-starts-with-type are mutually exclusive **query-param-name-equals-string** **Description** query parameter name string, use "[no-name]" for empty query-param-name match **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **query-param-name-equals-type** **Description** 'equals': query parameter name equals to string; **Type:** string **Supported Values:** equals **Mutual Exclusion:** query-param-name-equals-type,query-param-name-contains-type, query-param-name-starts-with-type, and query-param-name-ends-with-type are mutually exclusive **query-param-name-starts-with-string** **Description** query parameter name string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **query-param-name-starts-with-type** **Description** 'starts-with': query parameter name starts-with string; **Type:** string **Supported Values:** starts-with **Mutual Exclusion:** query-param-name-starts-with-type,query-param-name-equals-type, query-param-name-contains-type, and query-param-name-ends-with-type are mutually exclusive **query-param-value-contains-string** **Description** query parameter value string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **query-param-value-contains-type** **Description** 'contains': query parameter value contains string; **Type:** string **Supported Values:** contains **Mutual Exclusion:** query-param-value-contains-type,query-param-value-equals-type, query-param-value-starts-with-type, and query-param-value-ends-with-type are mutually exclusive **query-param-value-ends-with-string** **Description** query parameter value string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **query-param-value-ends-with-type** **Description** 'ends-with': query parameter value ends-with string; **Type:** string **Supported Values:** ends-with **Mutual Exclusion:** query-param-value-ends-with-type,query-param-value-equals-type, query-param-value-contains-type, and query-param-value-starts-with-type are mutually exclusive **query-param-value-equals-string** **Description** query parameter value string, use "[no-value]" for empty query-param-value match **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **query-param-value-equals-type** **Description** 'equals': query parameter value equals to string; **Type:** string **Supported Values:** equals **Mutual Exclusion:** query-param-value-equals-type,query-param-value-contains-type, query-param-value-starts-with-type, and query-param-value-ends-with-type are mutually exclusive **query-param-value-starts-with-string** **Description** query parameter value string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **query-param-value-starts-with-type** **Description** 'starts-with': query parameter value starts-with string; **Type:** string **Supported Values:** starts-with **Mutual Exclusion:** query-param-value-starts-with-type,query-param-value-equals-type, query-param-value-contains-type, and query-param-value-ends-with-type are mutually exclusive **seq-num** **Description** Specify a sequence number **Type:** number **Range:** 1-8192 **service-group** **Description** Service Group to be used (Service Group Name) **Type:** string **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **url-contains-string** **Description** URL string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **url-contains-type** **Description** 'contains': URL contains string; **Type:** string **Supported Values:** contains **Mutual Exclusion:** url-contains-type,url-equals-type, url-starts-with-type, and url-ends-with-type are mutually exclusive **url-ends-with-string** **Description** URL string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **url-ends-with-type** **Description** 'ends-with': URL ends-with string; **Type:** string **Supported Values:** ends-with **Mutual Exclusion:** url-ends-with-type,url-equals-type, url-contains-type, and url-starts-with-type are mutually exclusive **url-equals-string** **Description** URL string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **url-equals-type** **Description** 'equals': URL equals to string; **Type:** string **Supported Values:** equals **Mutual Exclusion:** url-equals-type,url-contains-type, url-starts-with-type, and url-ends-with-type are mutually exclusive **url-starts-with-string** **Description** URL string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **url-starts-with-type** **Description** 'starts-with': URL starts-with string; **Type:** string **Supported Values:** starts-with **Mutual Exclusion:** url-starts-with-type,url-equals-type, url-contains-type, and url-ends-with-type are mutually exclusive **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_http-policy-list_geo-location-match: http-policy-list_geo-location-match ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **geo-location** **Description** Geolocation name **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **geo-location-service-group** **Description** Service Group to be used (Service Group Name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` .. _3055_link-probe-list: link-probe-list ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **destination** **Description:** destination is a **JSON Block**. Please see below for :ref:`3055_link-probe-list_destination` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/link-probe/{name}/destination ` **disable** **Description** Disable Probe template **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **expected-status-code** **Description** Specify response code range (e.g. 200,400-430), default is 200 (Format is xx,xx-xx (xx between [100, 899]), default is 200) **Type:** string **Format:** string-rlx **Maximum Length:** 31 characters **Maximum Length:** 1 characters **Default:** 200 **name** **Description** probe template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **probe-interval** **Description** Time between each probe that needs to be sent out (in seconds, default is 5) **Type:** number **Range:** 1-7200 **Default:** 5 **probes-per-test** **Description** Total number of probes to be sent out for each test **Type:** number **Range:** 1-10 **Default:** 5 **rtt-method** **Description** 'http-rtt': Calculate Round Trip Time between HTTP request and response; 'tcp-srtt': Use TCP Smoothed round trip time in the HTTP connection; **Type:** string **Supported Values:** http-rtt, tcp-srtt **Default:** http-rtt **selection-rule** **Description** 'threshold': Use all links below a threshold before selecting the fastest link; 'fastest-link-always': Always use the link with the lowest average latency; **Type:** string **Supported Values:** threshold, fastest-link-always **Default:** fastest-link-always **test-interval** **Description** time interval between subsequent tests (in seconds, default is 60) **Type:** number **Range:** 1-7200 **Default:** 60 **threshold-value** **Description** Use all links below a threshold before selecting the fastest link (RTT in milliseconds) **Type:** number **Range:** 0-65534 **Default:** 0 **url** **Description** Specify URL to which probes should be sent out. Default is / **Type:** string **Format:** string-rlx **Maximum Length:** 1023 characters **Maximum Length:** 1 characters **Default:** / **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_link-probe-list_destination: link-probe-list_destination ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **hostname** **Description** Target Hostname **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **resolve-as** **Description** 'resolve-to-ipv4': Use A Query only to resolve the configured hostname; 'resolve-to-ipv6': Use AAAA Query only to resolve the configured hostname; **Type:** string **Supported Values:** resolve-to-ipv4, resolve-to-ipv6 **Mutual Exclusion:** resolve-as, static-ipv4-addr, and static-ipv6-addr are mutually exclusive **static-ipv4-addr** **Description** Target IPv4 Address **Type:** string **Format:** ipv4-address **Mutual Exclusion:** static-ipv4-addr, resolve-as, and static-ipv6-addr are mutually exclusive **static-ipv6-addr** **Description** Target IPv6 Address **Type:** string **Format:** ipv6-address **Mutual Exclusion:** static-ipv6-addr, resolve-as, and static-ipv4-addr are mutually exclusive **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list: client-ssl-list ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ad-group-list** **Description** Forward proxy bypass if ad-group matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **alert-type** **Description** 'fatal': Log fatal alerts; **Type:** string **Supported Values:** fatal **auth-sg** **Description** Specify authorization LDAP service group **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** auth-sg and authen-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/aam/authentication/service-group ` **auth-sg-dn** **Description** Use Subject DN as LDAP search base DN **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **auth-sg-filter** **Description** Specify LDAP search filter **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **auth-username** **Description** Specify the Username Field in the Client Certificate(If multi-fields are specificed, prior one has higher priority) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **auth-username-attribute** **Description** Specify attribute name of username for client SSL authorization **Type:** string **Format:** string-rlx **Maximum Length:** 31 characters **Maximum Length:** 1 characters **authen-name** **Description** Specify authorization LDAP server name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** authen-name and auth-sg are mutually exclusive **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/ldap ` **authorization** **Description** Specify LDAP server for client SSL authorizaiton **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **bypass-cert-issuer-class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** bypass-cert-issuer-class-list-name and bypass-cert-issuer-multi-class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` **bypass-cert-issuer-multi-class-list** **Type:** List **bypass-cert-san-class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** bypass-cert-san-class-list-name and bypass-cert-san-multi-class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` **bypass-cert-san-multi-class-list** **Type:** List **bypass-cert-subject-class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** bypass-cert-subject-class-list-name and bypass-cert-subject-multi-class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` **bypass-cert-subject-multi-class-list** **Type:** List **ca-certs** **Type:** List **cache-persistence-list-name** **Description** Class List Name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **case-insensitive** **Description** Case insensitive forward proxy bypass **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **central-cert-pin-list** **Description** Forward proxy bypass if SNI string is contained in central updated cert-pinning-candidate list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **cert-revoke-action** **Description** 'bypass': bypass SSLi processing; 'continue': continue the connection; 'drop': close the connection; 'block': block the connection with a warning page; **Type:** string **Supported Values:** bypass, continue, drop, block **Default:** bypass **cert-unknown-action** **Description** 'bypass': bypass SSLi processing; 'continue': continue the connection; 'drop': close the connection; 'block': block the connection with a warning page; **Type:** string **Supported Values:** bypass, continue, drop, block **Default:** bypass **certificate-issuer-contains-list** **Type:** List **certificate-issuer-ends-with-list** **Type:** List **certificate-issuer-equals-list** **Type:** List **certificate-issuer-starts-with-list** **Type:** List **certificate-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/client-ssl/{name}/certificate/{cert} ` **certificate-san-contains-list** **Type:** List **certificate-san-ends-with-list** **Type:** List **certificate-san-equals-list** **Type:** List **certificate-san-starts-with-list** **Type:** List **certificate-subject-contains-list** **Type:** List **certificate-subject-ends-with-list** **Type:** List **certificate-subject-equals-list** **Type:** List **certificate-subject-starts-with-list** **Type:** List **chain-cert** **Description** Chain Certificate Name **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** chain-cert and chain-cert-shared-str are mutually exclusive **chain-cert-shared-str** **Description** Chain Certificate Name **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** chain-cert-shared-str and chain-cert are mutually exclusive **cipher-without-prio-list** **Type:** List **class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** class-list-name and multi-clist-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` **client-auth-case-insensitive** **Description** Case insensitive forward proxy client auth bypass **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **client-auth-class-list** **Description** Forward proxy client auth bypass if SNI string matches class-list (Class List Name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **client-auth-contains-list** **Type:** List **client-auth-ends-with-list** **Type:** List **client-auth-equals-list** **Type:** List **client-auth-starts-with-list** **Type:** List **client-certificate** **Description** 'Ignore': Don't request client certificate; 'Require': Require client certificate; 'Request': Request client certificate; **Type:** string **Supported Values:** Ignore, Require, Request **Default:** Ignore **client-ipv4-list** **Type:** List **client-ipv6-list** **Type:** List **close-notify** **Description** Send close notification when terminate connection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **contains-list** **Type:** List **crl-certs** **Type:** List **dgversion** **Description** Lower TLS/SSL version can be downgraded **Type:** number **Range:** 30-34 **Default:** 31 **dh-type** **Description** '1024': 1024; '1024-dsa': 1024-dsa; '2048': 2048; **Type:** string **Supported Values:** 1024, 1024-dsa, 2048 **direct-client-server-auth** **Description** Let backend server does SSL client authentication directly **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-sslv3** **Description** Reject Client requests for SSL version 3 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **early-data** **Description** Enable TLS 1.3 early data (0-RTT) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ec-list** **Type:** List **enable-ssli-ftp-alg** **Description** Enable SSLi FTP over TLS support at which port **Type:** number **Range:** 1-65535 **enable-tls-alert-logging** **Description** Enable TLS alert logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ends-with-list** **Type:** List **equals-list** **Type:** List **exception-ad-group-list** **Description** Exceptions to forward proxy bypass if ad-group matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **exception-certificate-issuer-cl-name** **Description** Exceptions to forward-proxy-bypass **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **exception-certificate-san-cl-name** **Description** Exceptions to forward-proxy-bypass **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **exception-certificate-subject-cl-name** **Description** Exceptions to forward-proxy-bypass **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **exception-client-ipv4-list** **Type:** List **exception-client-ipv6-list** **Type:** List **exception-server-ipv4-list** **Type:** List **exception-server-ipv6-list** **Type:** List **exception-sni-cl-name** **Description** Exceptions to forward-proxy-bypass **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **exception-user-name-list** **Description** Exceptions to forward proxy bypass if user-name matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **exception-web-category** **Description:** exception-web-category is a **JSON Block**. Please see below for :ref:`3055_client-ssl-list_exception-web-category` **Type:** Object **exception-web-reputation** **Description:** exception-web-reputation is a **JSON Block**. Please see below for :ref:`3055_client-ssl-list_exception-web-reputation` **Type:** Object **expire-hours** **Description** Certificate lifetime in hours **Type:** number **Range:** 1-168 **forward-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **Mutual Exclusion:** forward-encrypted and fp-ca-certificate are mutually exclusive **forward-passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** forward-passphrase and fp-ca-certificate are mutually exclusive **forward-proxy-alt-sign** **Description** Forward proxy alternate signing cert and key **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-block-message** **Description** Message to be included on the block page (Message, enclose in quotes if spaces are present) **Type:** string **Format:** string-rlx **Maximum Length:** 1023 characters **Maximum Length:** 1 characters **forward-proxy-ca-cert** **Description** CA Certificate for forward proxy (SSL forward proxy CA Certificate Name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** forward-proxy-ca-cert,fp-ca-certificate, fp-ca-key, fp-ca-key-pass-phrase, fp-ca-key-passphrase, fp-ca-key-encrypted, fp-ca-chain-cert, and fp-ca-certificate-shared are mutually exclusive **forward-proxy-ca-key** **Description** CA Private Key for forward proxy (SSL forward proxy CA Key Name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** forward-proxy-ca-key,fp-ca-certificate, fp-ca-key, fp-ca-key-pass-phrase, fp-ca-key-passphrase, fp-ca-key-encrypted, fp-ca-chain-cert, and fp-ca-certificate-shared are mutually exclusive **forward-proxy-cert-cache-limit** **Description** Certificate cache size limit, default is 524288 (set to 0 for unlimited size) **Type:** number **Range:** 0-2147483647 **Default:** 524288 **forward-proxy-cert-cache-timeout** **Description** Certificate cache timeout, default is 1 hour (seconds, set to 0 for never timeout) **Type:** number **Range:** 0-2147483647 **Default:** 3600 **forward-proxy-cert-expiry** **Description** Adjust certificate expiry relative to the time when it is created on the device **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-cert-not-ready-action** **Description** 'bypass': bypass the connection; 'reset': reset the connection; 'intercept': wait for cert and then inspect the connection; **Type:** string **Supported Values:** bypass, reset, intercept **Default:** bypass **forward-proxy-cert-revoke-action** **Description** Action taken if a certificate is irreversibly revoked, bypass SSLi processing by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **forward-proxy-cert-unknown-action** **Description** Action taken if a certificate revocation status is unknown, bypass SSLi processing by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **forward-proxy-crl-disable** **Description** Disable Certificate Revocation List checking for forward proxy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-decrypted-dscp** **Description** Apply a DSCP to decrypted and bypassed traffic (DSCP to apply to decrypted traffic) **Type:** number **Range:** 1-63 **forward-proxy-decrypted-dscp-bypass** **Description** DSCP to apply to bypassed traffic **Type:** number **Range:** 1-63 **forward-proxy-enable** **Description** Enable SSL forward proxy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** forward-proxy-enable and ssli-inbound-enable are mutually exclusive **forward-proxy-esni-action** **Description** Action taken if receiving encrypted server name indication extension in client hello MSG, bypass the connection by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-failsafe-disable** **Description** Disable Failsafe for SSL forward proxy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-hash-persistence-interval** **Description** Set the time interval to save the hash persistence certs (Interval value, in minutes) **Type:** number **Range:** 1-720 **Default:** 30 **forward-proxy-log-disable** **Description** Disable SSL forward proxy logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-no-shared-cipher-action** **Description** Action taken if handshake fails due to no shared ciper, close the connection by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **forward-proxy-no-sni-action** **Description** 'intercept': intercept in no SNI case; 'bypass': bypass in no SNI case; 'reset': reset in no SNI case; **Type:** string **Supported Values:** intercept, bypass, reset **Default:** intercept **forward-proxy-ocsp-disable** **Description** Disable ocsp-stapling for forward proxy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-require-sni-cert-matched** **Description** 'no-match-action-inspect': Inspected if not matched; 'no-match-action-drop': Dropped if not matched; **Type:** string **Supported Values:** no-match-action-inspect, no-match-action-drop **forward-proxy-selfsign-redir** **Description** Redirect connections to pages with self signed certs to a warning page **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-ssl-version** **Description** TLS/SSL version, default is TLS1.2 (TLS/SSL version: 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3) **Type:** number **Range:** 31-34 **Default:** 33 **forward-proxy-trusted-ca-lists** **Type:** List **forward-proxy-verify-cert-fail-action** **Description** Action taken if certificate verification fails, close the connection by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **fp-alt-cert** **Description** CA Certificate for forward proxy alternate signing (Certificate name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **fp-alt-chain-cert** **Description** Chain Certificate (Chain Certificate Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **fp-alt-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **fp-alt-key** **Description** CA Private Key for forward proxy alternate signing (Key name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **fp-alt-passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters **fp-alt-shared** **Description** Alternate CA Certificate and Private Key Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fp-ca-certificate** **Description** CA Certificate for forward proxy (SSL forward proxy CA Certificate Name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-ca-certificate,forward-proxy-ca-cert, fp-ca-shared, forward-proxy-ca-key, forward-passphrase, forward-encrypted, and fp-ca-key-shared are mutually exclusive **fp-ca-certificate-shared** **Description** CA Private Key Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** fp-ca-certificate-shared, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive **fp-ca-chain-cert** **Description** Chain Certificate (Chain Certificate Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-ca-chain-cert, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive **fp-ca-key** **Description** CA Private Key for forward proxy (SSL forward proxy CA Key Name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-ca-key, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive **fp-ca-key-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **Mutual Exclusion:** fp-ca-key-encrypted, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive **fp-ca-key-passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-ca-key-passphrase, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive **fp-ca-key-shared** **Description** CA Private Key Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** fp-ca-key-shared and fp-ca-certificate are mutually exclusive **fp-ca-shared** **Description** CA Certificate Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** fp-ca-shared and fp-ca-certificate are mutually exclusive **fp-cert-ext-aia-ca-issuers** **Description** CA Issuers (Authority Information Access URI) **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-cert-ext-aia-ca-issuers and fp-cert-ext-aia-ocsp are mutually exclusive **fp-cert-ext-aia-ocsp** **Description** OCSP (Authority Information Access URI) **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-cert-ext-aia-ocsp and fp-cert-ext-aia-ca-issuers are mutually exclusive **fp-cert-ext-crldp** **Description** CRL Distribution Point (CRL Distribution Point URI) **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **fp-cert-fetch-autonat** **Description** 'auto': Configure auto NAT for server certificate fetching; **Type:** string **Supported Values:** auto **Mutual Exclusion:** fp-cert-fetch-autonat and fp-cert-fetch-natpool-name are mutually exclusive **fp-cert-fetch-autonat-precedence** **Description** Set this NAT pool as higher precedence than other source NAT like configued under template policy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fp-cert-fetch-natpool-name** **Description** Specify NAT pool or pool group **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-cert-fetch-natpool-name, shared-partition-pool, and fp-cert-fetch-autonat are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ip/nat/pool ` **fp-cert-fetch-natpool-name-shared** **Description** Specify NAT pool or pool group **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ip/nat/pool ` **fp-cert-fetch-natpool-precedence** **Description** Set this NAT pool as higher precedence than other source NAT like configued under template policy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fp-esni-action** **Description** 'bypass': bypass SSLi processing; 'drop': close the connection; **Type:** string **Supported Values:** bypass, drop **Default:** bypass **handshake-logging-enable** **Description** Enable SSL handshake logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hsm-type** **Description** 'thales-embed': Thales embed key; 'thales-hwcrhk': Thales hwcrhk Key; **Type:** string **Supported Values:** thales-embed, thales-hwcrhk **inspect-certificate-issuer-cl-name** **Description** Forward proxy Inspect if Certificate issuer matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **inspect-certificate-san-cl-name** **Description** Forward proxy Inspect if Certificate Subject Alternative Name matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **inspect-certificate-subject-cl-name** **Description** Forward proxy Inspect if Certificate Subject matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **inspect-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **ja3-enable** **Description** Enable JA3 features **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ja3-insert-http-header** **Description** Insert the JA3 hash into this request as a HTTP header (HTTP Header Name) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ja3-reject-class-list** **Description** Drop request if the JA3 hash matches this class-list (type string-case-insensitive) (Class-List Name) **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **ja3-reject-max-number-per-host** **Description** Drop request if numbers of JA3 of this client address exceeded **Type:** number **Range:** 1-256 **ja3-ttl** **Description** seconds to keep each JA3 record **Type:** number **Range:** 1-86400 **Default:** 600 **ldap-base-dn-from-cert** **Description** Use Subject DN as LDAP search base DN **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ldap-search-filter** **Description** Specify LDAP search filter **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **local-cert-pin-list** **Description:** local-cert-pin-list is a **JSON Block**. Please see below for :ref:`3055_client-ssl-list_local-cert-pin-list` **Type:** Object **local-logging** **Description** Enable local logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **multi-class-list** **Type:** List **name** **Description** Client SSL Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **no-anti-replay** **Description** Disable anti-replay protection for TLS 1.3 early data (0-RTT data) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **no-shared-cipher-action** **Description** 'bypass': bypass SSLi processing; 'drop': close the connection; **Type:** string **Supported Values:** bypass, drop **Default:** drop **non-ssl-bypass-l4session** **Description** Handle the non-ssl session as L4 for performance optimization **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **non-ssl-bypass-service-group** **Description** Service Group for Bypass non-ssl traffic (Service Group Name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **notafter** **Description** notAfter date **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **notafterday** **Description** Day **Type:** number **Range:** 1-31 **notaftermonth** **Description** Month **Type:** number **Range:** 1-12 **notafteryear** **Description** Year **Type:** number **Range:** 2005-2035 **notbefore** **Description** notBefore date **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **notbeforeday** **Description** Day **Type:** number **Range:** 1-31 **notbeforemonth** **Description** Month **Type:** number **Range:** 1-12 **notbeforeyear** **Description** Year **Type:** number **Range:** 2005-2035 **ocsp-stapling** **Description** Config OCSP stapling support **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ocspst-ca-cert** **Description** CA certificate **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **ocspst-ocsp** **Description** Specify OCSP Authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ocspst-sg** **Description** Specify authentication service group **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** ocspst-sg and ocspst-srvr are mutually exclusive **Reference Object:** :doc:`/axapi/v3/aam/authentication/service-group ` **ocspst-sg-days** **Description** Specify update period, in days **Type:** number **Range:** 1-31 **Mutual Exclusion:** ocspst-sg-days, ocspst-sg-hours, and ocspst-sg-minutes are mutually exclusive **ocspst-sg-hours** **Description** Specify update period, in hours **Type:** number **Range:** 1-23 **Default:** 1 **Mutual Exclusion:** ocspst-sg-hours, ocspst-sg-days, and ocspst-sg-minutes are mutually exclusive **ocspst-sg-minutes** **Description** Specify update period, in minutes **Type:** number **Range:** 1-59 **Mutual Exclusion:** ocspst-sg-minutes, ocspst-sg-days, and ocspst-sg-hours are mutually exclusive **ocspst-sg-timeout** **Description** Specify retry timeout (Default is 30 mins) **Type:** number **Range:** 1-44640 **Default:** 30 **ocspst-srvr** **Description** Specify OCSP authentication server **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** ocspst-srvr and ocspst-sg are mutually exclusive **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/ocsp ` **ocspst-srvr-days** **Description** Specify update period, in days **Type:** number **Range:** 1-31 **Mutual Exclusion:** ocspst-srvr-days, ocspst-srvr-hours, and ocspst-srvr-minutes are mutually exclusive **ocspst-srvr-hours** **Description** Specify update period, in hours **Type:** number **Range:** 1-23 **Default:** 1 **Mutual Exclusion:** ocspst-srvr-hours, ocspst-srvr-days, and ocspst-srvr-minutes are mutually exclusive **ocspst-srvr-minutes** **Description** Specify update period, in minutes **Type:** number **Range:** 1-59 **Mutual Exclusion:** ocspst-srvr-minutes, ocspst-srvr-days, and ocspst-srvr-hours are mutually exclusive **ocspst-srvr-timeout** **Description** Specify retry timeout (Default is 30 mins) **Type:** number **Range:** 1-44640 **Default:** 30 **renegotiation-disable** **Description** Disable SSL renegotiation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **req-ca-lists** **Type:** List **require-web-category** **Description** Wait for web category to be resolved before taking bypass decision **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-ipv4-list** **Type:** List **server-ipv6-list** **Type:** List **server-name-auto-map** **Description** Enable automatic mapping of server name indication in Client hello extension **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-name-list** **Type:** List **session-cache-size** **Description** Session Cache Size (Maximum cache size. Default value 0 (Session ID reuse disabled)) **Type:** number **session-cache-timeout** **Description** Session Cache Timeout (Timeout value, in seconds. Default value 0 (Session cache timeout disabled)) **Type:** number **Range:** 0-604800 **Default:** 0 **session-ticket-disable** **Description** Disable client side session ticket support **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **session-ticket-lifetime** **Description** Session ticket lifetime in seconds from stateless session resumption (Lifetime value in seconds. Default value 0 (Session ticket lifetime is 7200 seconds)) **Type:** number **Range:** 0-2147483647 **Default:** 0 **shared-partition-cipher-template** **Description** Reference a cipher template from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** shared-partition-cipher-template, template-cipher, and cipher-wo-prio are mutually exclusive **shared-partition-pool** **Description** Reference a NAT pool or pool group from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** shared-partition-pool and fp-cert-fetch-natpool-name are mutually exclusive **sni-bypass-enable-log** **Description** Enable logging when bypass event happens, disabled by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-bypass-expired-cert** **Description** Bypass when certificate expired **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-bypass-explicit-list** **Description** Bypass when matched explicit bypass list (Specify class list name) **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **sni-bypass-missing-cert** **Description** Bypass when missing cert/key **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-enable-log** **Description** Enable logging of sni-auto-map failures. Disable by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ssl-false-start-disable** **Description** disable SSL False Start **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ssli-inbound-enable** **Description** Enable inbound SSLi **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** ssli-inbound-enable and forward-proxy-enable are mutually exclusive **ssli-logging** **Description** SSLi logging level, default is error logging only **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sslilogging** **Description** 'disable': Disable all logging; 'all': enable all logging(error, info); **Type:** string **Supported Values:** disable, all **sslv2-bypass-service-group** **Description** Service Group for Bypass SSLV2 (Service Group Name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **starts-with-list** **Type:** List **template-cipher** **Description** Cipher Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** template-cipher, shared-partition-cipher-template, and cipher-wo-prio are mutually exclusive **Reference Object:** :doc:`/axapi/v3/slb/template/cipher ` **template-cipher-shared** **Description** Cipher Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/cipher ` **template-hsm** **Description** HSM Template (HSM Template Name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/hsm/template ` **user-name-list** **Description** Forward proxy bypass if user-name matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **verify-cert-fail-action** **Description** 'bypass': bypass SSLi processing; 'continue': continue the connection; 'drop': close the connection; 'block': block the connection with a warning page; **Type:** string **Supported Values:** bypass, continue, drop, block **Default:** drop **version** **Description** TLS/SSL version, default is the highest number supported (TLS/SSL version: 30-SSLv3.0, 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3) **Type:** number **Range:** 1-34 **web-category** **Description:** web-category is a **JSON Block**. Please see below for :ref:`3055_client-ssl-list_web-category` **Type:** Object **web-reputation** **Description:** web-reputation is a **JSON Block**. Please see below for :ref:`3055_client-ssl-list_web-reputation` **Type:** Object .. _3055_client-ssl-list_bypass-cert-subject-multi-class-list: client-ssl-list_bypass-cert-subject-multi-class-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **bypass-cert-subject-multi-class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** bypass-cert-subject-multi-class-list-name and bypass-cert-subject-class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` .. _3055_client-ssl-list_certificate-san-contains-list: client-ssl-list_certificate-san-contains-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-san-contains** **Description** Forward proxy bypass if Certificate SAN contains another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_equals-list: client-ssl-list_equals-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **equals** **Description** Forward proxy bypass if SNI string equals another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_client-ipv6-list: client-ssl-list_client-ipv6-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-ipv6-list-name** **Description** IPV6 client class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` .. _3055_client-ssl-list_forward-proxy-trusted-ca-lists: client-ssl-list_forward-proxy-trusted-ca-lists ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **forward-proxy-trusted-ca** **Description** Forward proxy trusted CA file (CA file name) **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **fp-trusted-ca-shared** **Description** Trusted CA Certificate Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _3055_client-ssl-list_ec-list: client-ssl-list_ec-list ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ec** **Description** 'secp256r1': X9_62_prime256v1; 'secp384r1': secp384r1; **Type:** string **Supported Values:** secp256r1, secp384r1 .. _3055_client-ssl-list_contains-list: client-ssl-list_contains-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **contains** **Description** Forward proxy bypass if SNI string contains another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_ends-with-list: client-ssl-list_ends-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ends-with** **Description** Forward proxy bypass if SNI string ends with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_ca-certs: client-ssl-list_ca-certs ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ca-cert** **Description** CA Certificate (CA Certificate Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **ca-shared** **Description** CA Certificate Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **client-ocsp** **Description** Specify ocsp authentication server(s) for client certificate verification **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **client-ocsp-sg** **Description** Specify service-group (Service group name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/aam/authentication/service-group ` **client-ocsp-srvr** **Description** Specify authentication server **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/ocsp/instance ` .. _3055_client-ssl-list_client-auth-contains-list: client-ssl-list_client-auth-contains-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-auth-contains** **Description** Forward proxy bypass if SNI string contains another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_certificate-subject-contains-list: client-ssl-list_certificate-subject-contains-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-subject-contains** **Description** Forward proxy bypass if Certificate Subject contains another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_req-ca-lists: client-ssl-list_req-ca-lists ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-cert-req-ca-shared** **Description** CA Certificate Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **client-certificate-Request-CA** **Description** Send CA lists in certificate request (CA Certificate Name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_certificate-subject-starts-with-list: client-ssl-list_certificate-subject-starts-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-subject-starts** **Description** Forward proxy bypass if Certificate Subject starts with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_web-reputation: client-ssl-list_web-reputation ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **bypass-low-risk** **Description** Bypass when reputation score is greater than or equal to 61 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** bypass-low-risk,bypass-trustworthy, bypass-moderate-risk, bypass-suspicious, bypass-malicious, and bypass-threshold are mutually exclusive **bypass-malicious** **Description** Bypass when reputation score is greater than or equal to 1 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** bypass-malicious,bypass-trustworthy, bypass-low-risk, bypass-moderate-risk, bypass-suspicious, and bypass-threshold are mutually exclusive **bypass-moderate-risk** **Description** Bypass when reputation score is greater than or equal to 41 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** bypass-moderate-risk,bypass-trustworthy, bypass-low-risk, bypass-suspicious, bypass-malicious, and bypass-threshold are mutually exclusive **bypass-suspicious** **Description** Bypass when reputation score is greater than or equal to 21 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** bypass-suspicious,bypass-trustworthy, bypass-low-risk, bypass-moderate-risk, bypass-malicious, and bypass-threshold are mutually exclusive **bypass-threshold** **Description** Bypass when reputation score is greater than or equal to the customized score (1-100) **Type:** number **Range:** 1-100 **Mutual Exclusion:** bypass-threshold,bypass-trustworthy, bypass-low-risk, bypass-moderate-risk, bypass-suspicious, and bypass-malicious are mutually exclusive **bypass-trustworthy** **Description** Bypass when reputation score is greater than or equal to 81 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** bypass-trustworthy,bypass-low-risk, bypass-moderate-risk, bypass-suspicious, bypass-malicious, and bypass-threshold are mutually exclusive .. _3055_client-ssl-list_bypass-cert-issuer-multi-class-list: client-ssl-list_bypass-cert-issuer-multi-class-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **bypass-cert-issuer-multi-class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** bypass-cert-issuer-multi-class-list-name and bypass-cert-issuer-class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` .. _3055_client-ssl-list_client-auth-equals-list: client-ssl-list_client-auth-equals-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-auth-equals** **Description** Forward proxy bypass if SNI string equals another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_certificate-issuer-equals-list: client-ssl-list_certificate-issuer-equals-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-issuer-equals** **Description** Forward proxy bypass if Certificate issuer equals another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_certificate-san-ends-with-list: client-ssl-list_certificate-san-ends-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-san-ends-with** **Description** Forward proxy bypass if Certificate SAN ends with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_crl-certs: client-ssl-list_crl-certs ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **crl** **Description** Certificate Revocation Lists (Certificate Revocation Lists file name) **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **crl-shared** **Description** Certificate Revocation Lists Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _3055_client-ssl-list_certificate-list: client-ssl-list_certificate-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **cert** **Description** Certificate Name **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **chain-cert** **Description** Chain Certificate (Chain Certificate Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **key** **Description** Server Private Key (Key Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **key-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters **shared** **Description** Server Certificate and Key Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_client-ipv4-list: client-ssl-list_client-ipv4-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-ipv4-list-name** **Description** IPV4 client class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` .. _3055_client-ssl-list_multi-class-list: client-ssl-list_multi-class-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **multi-clist-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** multi-clist-name and class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` .. _3055_client-ssl-list_certificate-issuer-ends-with-list: client-ssl-list_certificate-issuer-ends-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-issuer-ends-with** **Description** Forward proxy bypass if Certificate issuer ends with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_exception-server-ipv4-list: client-ssl-list_exception-server-ipv4-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **exception-server-ipv4-list-name** **Description** IPV4 exception server class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` .. _3055_client-ssl-list_web-category: client-ssl-list_web-category ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **abortion** **Description** Category Abortion **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **adult-and-pornography** **Description** Category Adult and Pornography **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **alcohol-and-tobacco** **Description** Category Alcohol and Tobacco **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **auctions** **Description** Category Auctions **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **bot-nets** **Description** Category Bot Nets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **business-and-economy** **Description** Category Business and Economy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **cdns** **Description** Category CDNs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **cheating** **Description** Category Cheating **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **computer-and-internet-info** **Description** Category Computer and Internet Info **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **computer-and-internet-security** **Description** Category Computer and Internet Security **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **cult-and-occult** **Description** Category Cult and Occult **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dating** **Description** Category Dating **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dead-sites** **Description** Category Dead Sites (db Ops only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drugs** **Description** Category Abused Drugs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dynamically-generated-content** **Description** Dynamically Generated Content **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **educational-institutions** **Description** Category Educational Institutions **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **entertainment-and-arts** **Description** Category Entertainment and Arts **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fashion-and-beauty** **Description** Category Fashion and Beauty **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **financial-services** **Description** Category Financial Services **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **gambling** **Description** Category Gambling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **games** **Description** Category Games **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **government** **Description** Category Government **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **gross** **Description** Category Gross **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hacking** **Description** Category Hacking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hate-and-racism** **Description** Category Hate and Racism **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **health-and-medicine** **Description** Category Health and Medicine **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **home-and-garden** **Description** Category Home and Garden **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hunting-and-fishing** **Description** Category Hunting and Fishing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **illegal** **Description** Category Illegal **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **illegal-pornography** **Description** Category Illegal join Adult and Pornography **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **image-and-video-search** **Description** Category Image and Video Search **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **internet-communications** **Description** Category Internet Communications **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **internet-portals** **Description** Category Internet Portals **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **job-search** **Description** Category Job Search **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **keyloggers-and-monitoring** **Description** Category Keyloggers and Monitoring **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **kids** **Description** Category Kids **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **legal** **Description** Category Legal **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **local-information** **Description** Category Local Information **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malware-sites** **Description** Category Malware Sites **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **marijuana** **Description** Category Marijuana **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **military** **Description** Category Military **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **motor-vehicles** **Description** Category Motor Vehicles **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **music** **Description** Category Music **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **news-and-media** **Description** Category News and Media **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **nudity** **Description** Category Nudity **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **nudity-artistic** **Description** Category Nudity join Entertainment and Arts **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **online-greeting-cards** **Description** Category Online Greeting cards **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **parked-domains** **Description** Category Parked Domains **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **pay-to-surf** **Description** Category Pay to Surf **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **peer-to-peer** **Description** Category Peer to Peer **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **personal-sites-and-blogs** **Description** Category Personal sites and Blogs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **personal-storage** **Description** Category Personal Storage **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **philosophy-and-politics** **Description** Category Philosophy and Political Advocacy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **phishing-and-other-fraud** **Description** Category Phishing and Other Frauds **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **proxy-avoid-and-anonymizers** **Description** Category Proxy Avoid and Anonymizers **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **questionable** **Description** Category Questionable **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **real-estate** **Description** Category Real Estate **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **recreation-and-hobbies** **Description** Category Recreation and Hobbies **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **reference-and-research** **Description** Category Reference and Research **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **religion** **Description** Category Religion **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **search-engines** **Description** Category Search Engines **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sex-education** **Description** Category Sex Education **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **shareware-and-freeware** **Description** Category Shareware and Freeware **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **shopping** **Description** Category Shopping **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **social-network** **Description** Category Social Network **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **society** **Description** Category Society **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **spam-urls** **Description** Category SPAM URLs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sports** **Description** Category Sports **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **spyware-and-adware** **Description** Category Spyware and Adware **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **stock-advice-and-tools** **Description** Category Stock Advice and Tools **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **streaming-media** **Description** Category Streaming Media **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **swimsuits-and-intimate-apparel** **Description** Category Swimsuits and Intimate Apparel **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **training-and-tools** **Description** Category Training and Tools **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **translation** **Description** Category Translation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **travel** **Description** Category Travel **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uncategorized** **Description** Uncategorized URLs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **violence** **Description** Category Violence **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **weapons** **Description** Category Weapons **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **web-advertisements** **Description** Category Web Advertisements **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **web-based-email** **Description** Category Web based email **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **web-hosting-sites** **Description** Category Web Hosting Sites **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _3055_client-ssl-list_certificate-san-equals-list: client-ssl-list_certificate-san-equals-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-san-equals** **Description** Forward proxy bypass if Certificate SAN equals another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_exception-client-ipv4-list: client-ssl-list_exception-client-ipv4-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **exception-client-ipv4-list-name** **Description** IPV4 exception client class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` .. _3055_client-ssl-list_certificate-issuer-contains-list: client-ssl-list_certificate-issuer-contains-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-issuer-contains** **Description** Forward proxy bypass if Certificate issuer contains another string (Certificate issuer) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_client-auth-starts-with-list: client-ssl-list_client-auth-starts-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-auth-starts-with** **Description** Forward proxy bypass if SNI string starts with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_certificate-subject-ends-with-list: client-ssl-list_certificate-subject-ends-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-subject-ends-with** **Description** Forward proxy bypass if Certificate Subject ends with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_bypass-cert-san-multi-class-list: client-ssl-list_bypass-cert-san-multi-class-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **bypass-cert-san-multi-class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** bypass-cert-san-multi-class-list-name and bypass-cert-san-class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` .. _3055_client-ssl-list_server-name-list: client-ssl-list_server-name-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **server-cert** **Description** Server Certificate associated to SNI (Server Certificate Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **server-cert-regex** **Description** Server Certificate associated to SNI regex (Server Certificate Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **server-chain** **Description** Server Certificate Chain associated to SNI (Server Certificate Chain Name) **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **server-chain-regex** **Description** Server Certificate Chain associated to SNI regex (Server Certificate Chain Name) **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **server-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **server-encrypted-regex** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **server-key** **Description** Server Private Key associated to SNI (Server Private Key Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **server-key-regex** **Description** Server Private Key associated to SNI regex (Server Private Key Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **server-name** **Description** Server name indication in Client hello extension (Server name String) **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **server-name-alternate** **Description** Specific the second certifcate **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-name-regex** **Description** Server name indication in Client hello extension with regular expression (Server name String with regex) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **server-name-regex-alternate** **Description** Specific the second certifcate **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-passphrase** **Description** help Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters **server-passphrase-regex** **Description** help Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters **server-shared** **Description** Server Name Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-shared-regex** **Description** Server Name Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-regex-shared-partition-client-ssl-template** **Description** Reference a Client SSL template from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-regex-template** **Description** Template associated to SNI regex **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-regex-template-client-ssl** **Description** Client SSL Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/client-ssl ` **sni-regex-template-client-ssl-shared-name** **Description** Client SSL Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/client-ssl ` **sni-shared-partition-client-ssl-template** **Description** Reference a Client SSL template from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-template** **Description** Template associated to SNI **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-template-client-ssl** **Description** Client SSL Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/client-ssl ` **sni-template-client-ssl-shared-name** **Description** Client SSL Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/client-ssl ` .. _3055_client-ssl-list_exception-web-category: client-ssl-list_exception-web-category ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **exception-abortion** **Description** Category Abortion **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-adult-and-pornography** **Description** Category Adult and Pornography **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-alcohol-and-tobacco** **Description** Category Alcohol and Tobacco **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-auctions** **Description** Category Auctions **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-bot-nets** **Description** Category Bot Nets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-business-and-economy** **Description** Category Business and Economy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-cdns** **Description** Category CDNs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-cheating** **Description** Category Cheating **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-computer-and-internet-info** **Description** Category Computer and Internet Info **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-computer-and-internet-security** **Description** Category Computer and Internet Security **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-cult-and-occult** **Description** Category Cult and Occult **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-dating** **Description** Category Dating **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-dead-sites** **Description** Category Dead Sites (db Ops only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-drugs** **Description** Category Abused Drugs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-dynamically-generated-content** **Description** Dynamically Generated Content **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-educational-institutions** **Description** Category Educational Institutions **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-entertainment-and-arts** **Description** Category Entertainment and Arts **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-fashion-and-beauty** **Description** Category Fashion and Beauty **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-financial-services** **Description** Category Financial Services **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-gambling** **Description** Category Gambling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-games** **Description** Category Games **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-government** **Description** Category Government **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-gross** **Description** Category Gross **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-hacking** **Description** Category Hacking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-hate-and-racism** **Description** Category Hate and Racism **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-health-and-medicine** **Description** Category Health and Medicine **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-home-and-garden** **Description** Category Home and Garden **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-hunting-and-fishing** **Description** Category Hunting and Fishing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-illegal** **Description** Category Illegal **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-illegal-pornography** **Description** Category Illegal join Adult and Pornography **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-image-and-video-search** **Description** Category Image and Video Search **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-internet-communications** **Description** Category Internet Communications **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-internet-portals** **Description** Category Internet Portals **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-job-search** **Description** Category Job Search **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-keyloggers-and-monitoring** **Description** Category Keyloggers and Monitoring **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-kids** **Description** Category Kids **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-legal** **Description** Category Legal **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-local-information** **Description** Category Local Information **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-malware-sites** **Description** Category Malware Sites **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-marijuana** **Description** Category Marijuana **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-military** **Description** Category Military **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-motor-vehicles** **Description** Category Motor Vehicles **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-music** **Description** Category Music **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-news-and-media** **Description** Category News and Media **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-nudity** **Description** Category Nudity **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-nudity-artistic** **Description** Category Nudity join Entertainment and Arts **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-online-greeting-cards** **Description** Category Online Greeting cards **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-parked-domains** **Description** Category Parked Domains **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-pay-to-surf** **Description** Category Pay to Surf **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-peer-to-peer** **Description** Category Peer to Peer **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-personal-sites-and-blogs** **Description** Category Personal sites and Blogs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-personal-storage** **Description** Category Personal Storage **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-philosophy-and-politics** **Description** Category Philosophy and Political Advocacy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-phishing-and-other-fraud** **Description** Category Phishing and Other Frauds **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-proxy-avoid-and-anonymizers** **Description** Category Proxy Avoid and Anonymizers **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-questionable** **Description** Category Questionable **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-real-estate** **Description** Category Real Estate **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-recreation-and-hobbies** **Description** Category Recreation and Hobbies **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-reference-and-research** **Description** Category Reference and Research **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-religion** **Description** Category Religion **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-search-engines** **Description** Category Search Engines **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-sex-education** **Description** Category Sex Education **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-shareware-and-freeware** **Description** Category Shareware and Freeware **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-shopping** **Description** Category Shopping **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-social-network** **Description** Category Social Network **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-society** **Description** Category Society **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-spam-urls** **Description** Category SPAM URLs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-sports** **Description** Category Sports **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-spyware-and-adware** **Description** Category Spyware and Adware **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-stock-advice-and-tools** **Description** Category Stock Advice and Tools **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-streaming-media** **Description** Category Streaming Media **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-swimsuits-and-intimate-apparel** **Description** Category Swimsuits and Intimate Apparel **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-training-and-tools** **Description** Category Training and Tools **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-translation** **Description** Category Translation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-travel** **Description** Category Travel **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-uncategorized** **Description** Uncategorized URLs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-violence** **Description** Category Violence **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-weapons** **Description** Category Weapons **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-web-advertisements** **Description** Category Web Advertisements **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-web-based-email** **Description** Category Web based email **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-web-hosting-sites** **Description** Category Web Hosting Sites **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _3055_client-ssl-list_exception-server-ipv6-list: client-ssl-list_exception-server-ipv6-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **exception-server-ipv6-list-name** **Description** IPV6 exception server class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` .. _3055_client-ssl-list_certificate-issuer-starts-with-list: client-ssl-list_certificate-issuer-starts-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-issuer-starts** **Description** Forward proxy bypass if Certificate issuer starts with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_certificate-san-starts-with-list: client-ssl-list_certificate-san-starts-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-san-starts** **Description** Forward proxy bypass if Certificate SAN starts with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_server-ipv4-list: client-ssl-list_server-ipv4-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **server-ipv4-list-name** **Description** IPV4 server class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` .. _3055_client-ssl-list_client-auth-ends-with-list: client-ssl-list_client-auth-ends-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-auth-ends-with** **Description** Forward proxy bypass if SNI string ends with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_exception-client-ipv6-list: client-ssl-list_exception-client-ipv6-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **exception-client-ipv6-list-name** **Description** IPV6 exception client class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` .. _3055_client-ssl-list_exception-web-reputation: client-ssl-list_exception-web-reputation ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **exception-low-risk** **Description** Intercept when reputation score is less than or equal to 80 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** exception-low-risk,exception-trustworthy, exception-moderate-risk, exception-suspicious, exception-malicious, and exception-threshold are mutually exclusive **exception-malicious** **Description** Intercept when reputation score is less than or equal to 20 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** exception-malicious,exception-trustworthy, exception-low-risk, exception-moderate-risk, exception-suspicious, and exception-threshold are mutually exclusive **exception-moderate-risk** **Description** Intercept when reputation score is less than or equal to 60 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** exception-moderate-risk,exception-trustworthy, exception-low-risk, exception-suspicious, exception-malicious, and exception-threshold are mutually exclusive **exception-suspicious** **Description** Intercept when reputation score is less than or equal to 40 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** exception-suspicious,exception-trustworthy, exception-low-risk, exception-moderate-risk, exception-malicious, and exception-threshold are mutually exclusive **exception-threshold** **Description** Intercept when reputation score is less than or equal to a customized value (1-100) **Type:** number **Range:** 1-100 **Mutual Exclusion:** exception-threshold,exception-trustworthy, exception-low-risk, exception-moderate-risk, exception-suspicious, and exception-malicious are mutually exclusive **exception-trustworthy** **Description** Intercept when reputation score is less than or equal to 100 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** exception-trustworthy,exception-low-risk, exception-moderate-risk, exception-suspicious, exception-malicious, and exception-threshold are mutually exclusive .. _3055_client-ssl-list_local-cert-pin-list: client-ssl-list_local-cert-pin-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **local-cert-pin-list-bypass-fail-count** **Description** Set the connection fail count as bypass criteria (Bypass when connection failure count is greater than the criteria (1-65536)) **Type:** number **Range:** 1-65536 .. _3055_client-ssl-list_server-ipv6-list: client-ssl-list_server-ipv6-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **server-ipv6-list-name** **Description** IPV6 server class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` .. _3055_client-ssl-list_certificate-subject-equals-list: client-ssl-list_certificate-subject-equals-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-subject-equals** **Description** Forward proxy bypass if Certificate Subject equals another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_client-ssl-list_cipher-without-prio-list: client-ssl-list_cipher-without-prio-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **cipher-wo-prio** **Description** 'SSL3_RSA_DES_192_CBC3_SHA': TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A); 'SSL3_RSA_RC4_128_MD5': TLS_RSA_WITH_RC4_128_MD5 (0x0004); 'SSL3_RSA_RC4_128_SHA': TLS_RSA_WITH_RC4_128_SHA (0x0005); 'TLS1_RSA_AES_128_SHA': TLS_RSA_WITH_AES_128_CBC_SHA (0x002F); 'TLS1_RSA_AES_256_SHA': TLS_RSA_WITH_AES_256_CBC_SHA (0x0035); 'TLS1_RSA_AES_128_SHA256': TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003C); 'TLS1_RSA_AES_256_SHA256': TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003D); 'TLS1_DHE_RSA_AES_128_GCM_SHA256': TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009E); 'TLS1_DHE_RSA_AES_128_SHA': TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033); 'TLS1_DHE_RSA_AES_128_SHA256': TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067); 'TLS1_DHE_RSA_AES_256_GCM_SHA384': TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009F); 'TLS1_DHE_RSA_AES_256_SHA': TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039); 'TLS1_DHE_RSA_AES_256_SHA256': TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006B); 'TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256': TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xC02B); 'TLS1_ECDHE_ECDSA_AES_128_SHA': TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xC009); 'TLS1_ECDHE_ECDSA_AES_128_SHA256': TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xC023); 'TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384': TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xC02C); 'TLS1_ECDHE_ECDSA_AES_256_SHA': TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xC00A); 'TLS1_ECDHE_RSA_AES_128_GCM_SHA256': TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC02F); 'TLS1_ECDHE_RSA_AES_128_SHA': TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013); 'TLS1_ECDHE_RSA_AES_128_SHA256': TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027); 'TLS1_ECDHE_RSA_AES_256_GCM_SHA384': TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030); 'TLS1_ECDHE_RSA_AES_256_SHA': TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014); 'TLS1_RSA_AES_128_GCM_SHA256': TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009C); 'TLS1_RSA_AES_256_GCM_SHA384': TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009D); 'TLS1_ECDHE_RSA_AES_256_SHA384': TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028); 'TLS1_ECDHE_ECDSA_AES_256_SHA384': TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xC024); 'TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256': TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA8); 'TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256': TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA9); 'TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256': TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCAA); **Type:** string **Supported Values:** SSL3_RSA_DES_192_CBC3_SHA, SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, TLS1_RSA_AES_128_SHA, TLS1_RSA_AES_256_SHA, TLS1_RSA_AES_128_SHA256, TLS1_RSA_AES_256_SHA256, TLS1_DHE_RSA_AES_128_GCM_SHA256, TLS1_DHE_RSA_AES_128_SHA, TLS1_DHE_RSA_AES_128_SHA256, TLS1_DHE_RSA_AES_256_GCM_SHA384, TLS1_DHE_RSA_AES_256_SHA, TLS1_DHE_RSA_AES_256_SHA256, TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256, TLS1_ECDHE_ECDSA_AES_128_SHA, TLS1_ECDHE_ECDSA_AES_128_SHA256, TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA, TLS1_ECDHE_RSA_AES_128_GCM_SHA256, TLS1_ECDHE_RSA_AES_128_SHA, TLS1_ECDHE_RSA_AES_128_SHA256, TLS1_ECDHE_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA, TLS1_RSA_AES_128_GCM_SHA256, TLS1_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA384, TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256, TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256, TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256 **Mutual Exclusion:** cipher-wo-prio, template-cipher, and shared-partition-cipher-template are mutually exclusive .. _3055_client-ssl-list_starts-with-list: client-ssl-list_starts-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **starts-with** **Description** Forward proxy bypass if SNI string starts with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_quic-list: quic-list ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **burst-len** **Description** Number of burst packet, default 16 **Type:** number **Range:** 16-360 **connection-id-length** **Description** Connection id length in byte, default 8 bytes **Type:** number **Range:** 1-20 **idle-timeout** **Description** Idle Timeout (interval of 60 seconds), default 120 seconds (idle timeout in second, default 120) **Type:** number **Range:** 1-3600 **initial-wnd** **Description** Initial window size in byte, default 10000 (Initial window size, default 10000) **Type:** number **Range:** 10000-100000 **key-update-to-client** **Description** Initiate key update on the client-side **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **key-update-to-server** **Description** Initiate key update on the server-side **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **name** **Description** QUIC Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **receive-buffer** **Description** Receive buffer size in byte, default 200000 (Receive buffer size, default 200000) **Type:** number **Range:** 30000-400000 **server-retry** **Description** Enable server retry **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_link-block-as-down: link-block-as-down ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **enable** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dynamic-service-list: dynamic-service-list ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **class-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/dynamic-service/{name}/class-list/{dns-class-list} ` **dns-server** **Type:** List **name** **Description** Dynamic Service Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dynamic-service-list_dns-server: dynamic-service-list_dns-server ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ipv4-dns-server** **Description** DNS Server IPv4 Address **Type:** string **Format:** ipv4-address **ipv6-dns-server** **Description** DNS Server IPv6 Address **Type:** string **Format:** ipv6-address .. _3055_dynamic-service-list_class-list-list: dynamic-service-list_class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dns-class-list** **Description** Name of Aho-Corasick class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **dns-server** **Type:** List **priority** **Description** Priority of the class-list(the larger number, the higher priority) **Type:** number **Range:** 1-64 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dynamic-service-list_class-list-list_dns-server: dynamic-service-list_class-list-list_dns-server ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ipv4-dns-server** **Description** DNS Server IPv4 Address **Type:** string **Format:** ipv4-address **ipv6-dns-server** **Description** DNS Server IPv6 Address **Type:** string **Format:** ipv6-address .. _3055_dblb-list: dblb-list ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **calc-sha1** **Description:** calc-sha1 is a **JSON Block**. Please see below for :ref:`3055_dblb-list_calc-sha1` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/dblb/{name}/calc-sha1 ` **class-list** **Description** Specify user/password string class list (Class list name) **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **name** **Description** DBLB template name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **server-version** **Description** 'MSSQL2008': MSSQL server 2008 or 2008 R2; 'MSSQL2012': MSSQL server 2012; 'MySQL': MySQL server (any version); **Type:** string **Supported Values:** MSSQL2008, MSSQL2012, MySQL **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dblb-list_calc-sha1: dblb-list_calc-sha1 ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sha1-value** **Description** Cleartext password **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_fix-list: fix-list ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **insert-client-ip** **Description** Insert client ip to tag 11447 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **logging** **Description** 'init': init only log; 'term': termination only log; 'both': both initial and termination log; **Type:** string **Supported Values:** init, term, both **name** **Description** FIX Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **tag-switching** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_fix-list_tag-switching: fix-list_tag-switching ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **equals** **Description** Equals (Tag String) **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **service-group** **Description** Create a Service Group comprising Servers (Service Group Name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **switching-type** **Description** 'sender-comp-id': Select service group based on SenderCompID; 'target-comp-id': Select service group based on TargetCompID; **Type:** string **Supported Values:** sender-comp-id, target-comp-id .. _3055_persist: persist ^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **cookie-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/persist/cookie/{name} ` **destination-ip-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/persist/destination-ip/{name} ` **source-ip-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/persist/source-ip/{name} ` **ssl-sid-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/persist/ssl-sid/{name} ` .. _3055_persist_destination-ip-list: persist_destination-ip-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dont-honor-conn-rules** **Description** Do not observe connection rate rules **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hash-persist** **Description** Use hash value of destination IP address **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **match-type** **Description** Persistence type **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **name** **Description** Destination IP persistence template name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **netmask** **Description** IP subnet mask **Type:** string **Format:** ipv4-netmask **Default:** 255.255.255.255 **netmask6** **Description** IPV6 subnet mask **Type:** number **Range:** 1-128 **Default:** 128 **scan-all-members** **Description** Persist with SCAN of all members **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server** **Description** Persist to the same server, default is port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** server and service-group are mutually exclusive **service-group** **Description** Persist within the same service group **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** service-group and server are mutually exclusive **timeout** **Description** Persistence timeout (in minutes) **Type:** number **Range:** 1-2000 **Default:** 5 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_persist_source-ip-list: persist_source-ip-list ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dont-honor-conn-rules** **Description** Do not observe connection rate rules **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enforce-higher-priority** **Description** Enforce to use high priority node if available **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hash-persist** **Description** Use hash value of source IP address **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **incl-dst-ip** **Description** Include destination IP on the persist **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **incl-sport** **Description** Include source port on the persist **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **match-type** **Description** Persistence type **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **name** **Description** Source IP persistence template name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **netmask** **Description** IP subnet mask **Type:** string **Format:** ipv4-netmask **Default:** 255.255.255.255 **netmask6** **Description** IPV6 subnet mask **Type:** number **Range:** 1-128 **Default:** 128 **primary-port** **Description** Primary port to create the persist session **Type:** number **Range:** 1-65534 **scan-all-members** **Description** Persist with SCAN of all members **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server** **Description** Persist to the same server, default is port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** server and service-group are mutually exclusive **service-group** **Description** Persist within the same service group **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** service-group and server are mutually exclusive **timeout** **Description** Persistence timeout (in minutes) **Type:** number **Range:** 1-4321 **Default:** 5 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_persist_cookie-list: persist_cookie-list ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **cookie-name** **Description** Set cookie name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Default:** sto-id **domain** **Description** Set cookie domain **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **dont-honor-conn-rules** **Description** Do not observe connection rate rules **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **encrypt-level** **Description** Encryption level for cookie name / value **Type:** number **Range:** 0-1 **Default:** 1 **encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **expire** **Description** Set cookie expiration time (Expiration in seconds) **Type:** number **Range:** 0-31536000 **Default:** 31536000 **httponly** **Description** Enable HttpOnly attribute **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **insert-always** **Description** Insert persist cookie to every reponse **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **match-type** **Description** Persist for server, default is port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **name** **Description** Cookie persistence (Cookie persistence template name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **pass-phrase** **Description** Set passphrase for encryption **Type:** string **Format:** password **Maximum Length:** 8 characters **Maximum Length:** 8 characters **Default:** ACOS4KEY **pass-thru** **Description** Pass thru mode - Server sends the persist cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **path** **Description** Set cookie path (Cookie path, default is "/") **Type:** string **Format:** string-rlx **Maximum Length:** 31 characters **Maximum Length:** 1 characters **Default:** / **prefix** **Description** 'host': the cookie will have been set with a Secure attribute, a Path attribute with a value of /, and no Domain attribute; 'secure': the cookie will have been set with a Secure attribute; **Type:** string **Supported Values:** host, secure **samesite** **Description** 'none': none; 'lax': lax; 'strict': strict; **Type:** string **Supported Values:** none, lax, strict **scan-all-members** **Description** Persist within the same server SCAN **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **secure** **Description** Enable secure attribute **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server** **Description** Persist to the same server, default is port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** server and service-group are mutually exclusive **server-service-group** **Description** Persist to the same server and within the same service group **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **service-group** **Description** Persist within the same service group **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** service-group and server are mutually exclusive **use-attribute** **Description** 'max-age': Use the Max-Age attribute; 'expires': Use the Expires attribute; 'all': Use all attributes; **Type:** string **Supported Values:** max-age, expires, all **Default:** expires **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_persist_ssl-sid-list: persist_ssl-sid-list ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dont-honor-conn-rules** **Description** Do not observe connection rate rules **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **name** **Description** SSL session ID persistence template name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **timeout** **Description** Persistence timeout (in minutes) **Type:** number **Range:** 1-2000 **Default:** 5 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_doh-list: doh-list ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **conn-reuse** **Description** 'enable': Enable Connection Reuse; 'disable': Disable Connection-Reuse (Default); **Type:** string **Supported Values:** enable, disable **Default:** disable **dns** **Description** DNS Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Default:** default **Mutual Exclusion:** dns and shared-partition-dns-template are mutually exclusive **Reference Object:** :doc:`/axapi/v3/slb/template/dns ` **dns-retry** **Description:** dns-retry is a **JSON Block**. Please see below for :ref:`3055_doh-list_dns-retry` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/doh/{name}/dns-retry ` **forwarder** **Description:** forwarder is a **JSON Block**. Please see below for :ref:`3055_doh-list_forwarder` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/doh/{name}/forwarder ` **name** **Description** DNS over HTTP(s) Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **non-dns-request** **Description** 'allow': Forward Non-DoH request to http server bound to vport; 'reject': Reject Non-DoH requests with HTTP 400 Bad Request (Default); **Type:** string **Supported Values:** allow, reject **Default:** reject **reject-status-code** **Description** '400': Status Code 400 BAD Request (Default); '500': Status Code 500 Internal Server Error; '501': Status Code 501 Not Implemented; **Type:** string **Supported Values:** 400, 500, 501 **Default:** 400 **shared-partition-dns-template** **Description** Reference a DNS template from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** shared-partition-dns-template and dns are mutually exclusive **shared-partition-tcp-proxy-template** **Description** Reference a TCP Proxy template from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** shared-partition-tcp-proxy-template and tcp-proxy are mutually exclusive **snat-pool** **Description** Source NAT pool or pool group **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ip/nat/pool ` **source-nat** **Description** 'auto': Perform Source NAT Auto for service-group(Default) (Not supported with forwarding-ip); 'disable': Don't perform source-nat for server side DNS queries; 'pool': Perform Source NAT with specific pool; **Type:** string **Supported Values:** auto, disable, pool **Default:** auto **tcp-proxy** **Description** TCP Proxy Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Default:** default **Mutual Exclusion:** tcp-proxy and shared-partition-tcp-proxy-template are mutually exclusive **Reference Object:** :doc:`/axapi/v3/slb/template/tcp-proxy ` **template-dns-shared** **Description** DNS Template name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/dns ` **template-tcp-proxy-shared** **Description** TCP Proxy Template name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/tcp-proxy ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_doh-list_forwarder: doh-list_forwarder ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **bypass-doh** **Description** Forward valid DoH HTTP request as is, no DNS packet extraction (Bypass DoH) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** bypass-doh,forwarding-ipv4, forwarding-ipv6, tcp-service-group, and udp-service-group are mutually exclusive **forwarding-ipv4** **Description** SLB VIP IPv4 address to forward DOH query (IP address) **Type:** string **Format:** ipv4-address **Mutual Exclusion:** forwarding-ipv4,forwarding-ipv6, tcp-service-group, udp-service-group, and bypass-doh are mutually exclusive **forwarding-ipv6** **Description** SLB VIP IPv6 address to forward DOH query (IP address) **Type:** string **Format:** ipv6-address **Mutual Exclusion:** forwarding-ipv6,forwarding-ipv4, tcp-service-group, udp-service-group, and bypass-doh are mutually exclusive **tcp-service-group** **Description** Bind a TCP Service Group to the template (Service Group Name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** tcp-service-group,forwarding-ipv4, forwarding-ipv6, and bypass-doh are mutually exclusive **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **udp-service-group** **Description** Bind a UDP Service Group to the template (Service Group Name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** udp-service-group,forwarding-ipv4, forwarding-ipv6, and bypass-doh are mutually exclusive **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **v4-internal** **Description** Try to find this IP as a VIP in this L3v Partition and forward it internally to the VIP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **v4-l4-proto** **Description** 'tcp': Use TCP only when forwarding DNS traffic; 'udp': Use UDP only when forwarding DNS traffic; 'both': Use UDP 1st and if unreachable, retry with TCP when forwarding DNS traffic; **Type:** string **Supported Values:** tcp, udp, both **Default:** both **v4-port** **Description** Forwarding port number, Default is 53 **Type:** number **Range:** 1-65534 **Default:** 53 **v6-internal** **Description** Try to find this IP as a VIP in this L3v Partition and forward it internally to the VIP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **v6-l4-proto** **Description** 'tcp': Use TCP only when forwarding DNS traffic; 'udp': Use UDP only when forwarding DNS traffic; 'both': Use UDP 1st and if unreachable, retry with TCP when forwarding DNS traffic; **Type:** string **Supported Values:** tcp, udp, both **Default:** both **v6-port** **Description** Forwarding port number, Default is 53 **Type:** number **Range:** 1-65534 **Default:** 53 .. _3055_doh-list_dns-retry: doh-list_dns-retry ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **after-timeout** **Description** 'close': Close client side connection; 'retry-with-tcp': Retry DNS query to server using TCP (If UDP was tried initially. Close after.); **Type:** string **Supported Values:** close, retry-with-tcp **Default:** close **max-trials** **Description** Total number of times to try DNS query to server before closing client connection, default 3 **Type:** number **Range:** 1-5 **Default:** 3 **retry-interval** **Description** DNS Retry Interval value 1 - 400 in units of 100ms, default is 10 (default is 1000ms) (1 - 400 in units of 100ms, default is 10 (1000ms/1sec)) **Type:** number **Range:** 1-400 **Default:** 10 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_sip-list: sip-list ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **acl-id** **Description** ACL id **Type:** number **Range:** 100-199 **Mutual Exclusion:** acl-id and acl-name-value are mutually exclusive **Reference Object:** :doc:`/axapi/v3/access-list/standard ` **acl-name-value** **Description** IPv4 Access List Name **Type:** string **Maximum Length:** 16 characters **Maximum Length:** 1 characters **Mutual Exclusion:** acl-name-value and acl-id are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ip/access-list ` **alg-dest-nat** **Description** Translate VIP to real server IP in SIP message when destination NAT is used **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **alg-source-nat** **Description** Translate source IP to NAT IP in SIP message when source NAT is used **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **call-id-persist-disable** **Description** Disable call-ID persistence **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **client-keep-alive** **Description** Respond client keep-alive packet directly instead of forwarding to server **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **client-request-header** **Type:** List **client-response-header** **Type:** List **dialog-aware** **Description** Permit system processes dialog session **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-when-client-fail** **Description** Drop current SIP message when select client fail **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** drop-when-client-fail and failed-client-selection-message are mutually exclusive **drop-when-server-fail** **Description** Drop current SIP message when select server fail **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** drop-when-server-fail and failed-server-selection-message are mutually exclusive **exclude-translation** **Type:** List **failed-client-selection** **Description** Define action when select client fail **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **failed-client-selection-message** **Description** Send SIP message (includs status code) to server when select client fail(Format: 3 digits(1XX~6XX) space reason) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** failed-client-selection-message and drop-when-client-fail are mutually exclusive **failed-server-selection** **Description** Define action when select server fail **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **failed-server-selection-message** **Description** Send SIP message (includs status code) to client when select server fail(Format: 3 digits(1XX~6XX) space reason) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** failed-server-selection-message and drop-when-server-fail are mutually exclusive **insert-client-ip** **Description** Insert Client IP address into SIP header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **interval** **Description** The interval of keep-alive packet for each persist connection (second) **Type:** number **Range:** 5-300 **Default:** 30 **keep-server-ip-if-match-acl** **Description** Use Real Server IP for addresses matching the ACL for a Call-Id **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **name** **Description** SIP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **pstn-gw** **Description** configure pstn gw host name for tel: uri translate to sip: uri (Hostname String, default is "pstn") **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Default:** pstn **server-keep-alive** **Description** Send server keep-alive packet for every persist connection when enable conn-reuse **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-request-header** **Type:** List **server-response-header** **Type:** List **server-selection-per-request** **Description** Force server selection on every SIP request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **service-group** **Description** service group name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **smp-call-id-rtp-session** **Description** Create the across cpu call-id rtp session **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **timeout** **Description** Time in minutes **Type:** number **Range:** 1-250 **Default:** 30 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_sip-list_server-request-header: sip-list_server-request-header ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **insert-condition-server-request** **Description** 'insert-if-not-exist': Only insert the header when it does not exist; 'insert-always': Always insert the header even when there is a header with the same name; **Type:** string **Supported Values:** insert-if-not-exist, insert-always **server-request-erase-all** **Description** Erase all headers **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-request-header-erase** **Description** Erase a SIP header (Header Name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **server-request-header-insert** **Description** Insert a SIP header (Header Content (Format: "name:value")) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters .. _3055_sip-list_server-response-header: sip-list_server-response-header ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **insert-condition-server-response** **Description** 'insert-if-not-exist': Only insert the header when it does not exist; 'insert-always': Always insert the header even when there is a header with the same name; **Type:** string **Supported Values:** insert-if-not-exist, insert-always **server-response-erase-all** **Description** Erase all headers **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-response-header-erase** **Description** Erase a SIP header (Header Name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **server-response-header-insert** **Description** Insert a SIP header (Header Content (Format: "name:value")) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters .. _3055_sip-list_client-request-header: sip-list_client-request-header ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-request-erase-all** **Description** Erase all headers **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **client-request-header-erase** **Description** Erase a SIP header (Header Name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **client-request-header-insert** **Description** Insert a SIP header (Header Content (Format: "name:value")) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **insert-condition-client-request** **Description** 'insert-if-not-exist': Only insert the header when it does not exist; 'insert-always': Always insert the header even when there is a header with the same name; **Type:** string **Supported Values:** insert-if-not-exist, insert-always .. _3055_sip-list_client-response-header: sip-list_client-response-header ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-response-erase-all** **Description** Erase all headers **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **client-response-header-erase** **Description** Erase a SIP header (Header Name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **client-response-header-insert** **Description** Insert a SIP header (Header Content (Format: "name:value")) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **insert-condition-client-response** **Description** 'insert-if-not-exist': Only insert the header when it does not exist; 'insert-always': Always insert the header even when there is a header with the same name; **Type:** string **Supported Values:** insert-if-not-exist, insert-always .. _3055_sip-list_exclude-translation: sip-list_exclude-translation ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **header-string** **Description** SIP header name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **translation-value** **Description** 'start-line': SIP request line or status line; 'header': SIP message headers; 'body': SIP message body; **Type:** string **Supported Values:** start-line, header, body .. _3055_respmod-icap-list: respmod-icap-list ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'continue': Continue; 'drop': Drop; 'reset': Reset; **Type:** string **Supported Values:** continue, drop, reset **Default:** continue **bypass-ip-cfg** **Type:** List **disable-http-server-reset** **Description** Don't reset http server **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fail-close** **Description** When template sg is down mark vport down **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **failure-action** **Description** 'continue': Continue; 'drop': Drop; 'reset': Reset; **Type:** string **Supported Values:** continue, drop, reset **Default:** continue **include-protocol-in-uri** **Description** Include protocol and port in HTTP URI **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-only-allowed-method** **Description** Only log allowed HTTP method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **logging** **Description** logging template (Logging template name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/logging ` **min-payload-size** **Description** min-payload-size value 0 - 65535, default is 0 **Type:** number **Range:** 0-65535 **Default:** 0 **name** **Description** Reqmod ICAP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **preview** **Description** Preview value 1 - 32768, default is 32768 **Type:** number **Range:** 1-32768 **Default:** 32768 **server-ssl** **Description** Server SSL template (Server SSL template name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/server-ssl ` **service-group** **Description** Bind a Service Group to the template (Service Group Name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **service-url** **Description** URL to send to ICAP server (Service URL Name) **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **shared-partition-persist-source-ip-template** **Description** Reference a persist source ip template from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** shared-partition-persist-source-ip-template and source-ip are mutually exclusive **shared-partition-tcp-proxy-template** **Description** Reference a TCP Proxy template from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** shared-partition-tcp-proxy-template and tcp-proxy are mutually exclusive **source-ip** **Description** Source IP persistence template (Source IP persistence template name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** source-ip and shared-partition-persist-source-ip-template are mutually exclusive **Reference Object:** :doc:`/axapi/v3/slb/template/persist/source-ip ` **tcp-proxy** **Description** TCP Proxy Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** tcp-proxy and shared-partition-tcp-proxy-template are mutually exclusive **Reference Object:** :doc:`/axapi/v3/slb/template/tcp-proxy ` **template-persist-source-ip-shared** **Description** Source IP Persistence Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/persist/source-ip ` **template-tcp-proxy-shared** **Description** TCP Proxy Template name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/tcp-proxy ` **timeout** **Description** Timeout value 1 - 200 in units of 200ms, default is 5 (default is 1000ms) (1 - 200 in units of 200ms, default is 5 (1000ms)) **Type:** number **Range:** 1-200 **Default:** 5 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **x-auth-url** **Description** Use URL format for authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _3055_respmod-icap-list_bypass-ip-cfg: respmod-icap-list_bypass-ip-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **bypass-ip** **Description** ip address to bypass respmod-icap service **Type:** string **Format:** ipv4-address **mask** **Description** IP prefix mask **Type:** string **Format:** ipv4-netmask .. _3055_virtual-server-list: virtual-server-list ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **conn-limit** **Description** Connection limit **Type:** number **Range:** 1-64000000 **Default:** 64000000 **conn-limit-no-logging** **Description** Do not log connection over limit event **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **conn-limit-reset** **Description** Send client reset when connection over limit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **conn-rate-limit** **Description** Connection rate limit **Type:** number **Range:** 1-1048575 **conn-rate-limit-no-logging** **Description** Do not log connection over limit event **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **conn-rate-limit-reset** **Description** Send client reset when connection rate over limit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-when-all-ports-down** **Description** Disable Virtual Server when all member ports are down **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** disable-when-all-ports-down and disable-when-any-port-down are mutually exclusive **disable-when-any-port-down** **Description** Disable Virtual Server when any member port is down **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** disable-when-any-port-down and disable-when-all-ports-down are mutually exclusive **icmp-lockup** **Description** Enter lockup state when ICMP rate exceeds lockup rate limit (Maximum rate limit. If exceeds this limit, drop all ICMP packet for a time period) **Type:** number **Range:** 1-65535 **icmp-lockup-period** **Description** Lockup period (second) **Type:** number **Range:** 1-16383 **icmp-rate-limit** **Description** ICMP rate limit (Normal rate limit. If exceeds this limit, drop the ICMP packet that goes over the limit) **Type:** number **Range:** 1-65535 **icmpv6-lockup** **Description** Enter lockup state when ICMP rate exceeds lockup rate limit (Maximum rate limit. If exceeds this limit, drop all ICMP packet for a time period) **Type:** number **Range:** 1-65535 **icmpv6-lockup-period** **Description** Lockup period (second) **Type:** number **Range:** 1-16383 **icmpv6-rate-limit** **Description** ICMPv6 rate limit (Normal rate limit. If exceeds this limit, drop the ICMP packet that goes over the limit) **Type:** number **Range:** 1-65535 **name** **Description** Virtual server template name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Default:** default **rate-interval** **Description** '100ms': Use 100 ms as sampling interval; 'second': Use 1 second as sampling interval; **Type:** string **Supported Values:** 100ms, second **Default:** second **subnet-gratuitous-arp** **Description** Send gratuitous ARP for every IP in the subnet virtual server **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-stack-tfo-active-conn-limit** **Description** The allowed active layer 7 tcp fast-open connection limit, default is zero (number) **Type:** number **Range:** 0-10000 **Default:** 0 **tcp-stack-tfo-backoff-time** **Description** The time tcp stack will wait before allowing new fast-open requests after security condition, default 600 seconds (number) **Type:** number **Range:** 1-14400 **Default:** 600 **tcp-stack-tfo-cookie-time-limit** **Description** The time limit (in seconds) that a layer 7 tcp fast-open cookie is valid, default is 60 seconds (number) **Type:** number **Range:** 1-14400 **Default:** 60 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_client-ssh-list: client-ssh-list ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **forward-proxy-enable** **Description** Enable SSH forward proxy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-hostkey** **Description** Specify private-key (Key Name) **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **name** **Description** Client SSH Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_ssli-list: ssli-list ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **name** **Description** SSLi Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **type** **Description** 'http': HTTP service; 'xmpp': XMPP service; 'smtp': SMTP service; 'pop': POP service; 'ldap': LDAP service; 'ftp': FTP service; **Type:** string **Supported Values:** http, xmpp, smtp, pop, ldap, ftp **Default:** http **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_server-ssh-list: server-ssh-list ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **forward-proxy-enable** **Description** Enable SSH forward proxy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **name** **Description** Server SSH Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dns-list: dns-list ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **add-padding-to-client** **Description** 'block-length': Block-Length Padding; 'random-block-length': Random-Block-Length Padding; **Type:** string **Supported Values:** block-length, random-block-length **cache-record-serving-policy** **Description** 'global': Follow global cofiguration (Default); 'no-change': No change in record order; 'round-robin': Round-robin; **Type:** string **Supported Values:** global, no-change, round-robin **cache-ttl-adjustment-enable** **Description** enable the ttl adjustment for dns cache response **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **class-list** **Description:** class-list is a **JSON Block**. Please see below for :ref:`3055_dns-list_class-list` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/dns/{name}/class-list ` **default-policy** **Description** 'nocache': Cache disable; 'cache': Cache enable; **Type:** string **Supported Values:** nocache, cache **Default:** nocache **disable-dns-template** **Description** Disable DNS template **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-ra-cached-resp** **Description** Disable DNS recursive available flag in cached response **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-rpz-attach-soa** **Description** Disable attaching SOA due to RPZ **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-logging** **Description** dns logging template (DNS Logging template name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/dns-logging ` **dns64** **Description:** dns64 is a **JSON Block**. Please see below for :ref:`3055_dns-list_dns64` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/dns/{name}/dns64 ` **dnssec-service-group** **Description** Use different service group if DNSSEC DO bit set (Service Group Name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **drop** **Description** Drop the malformed query **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** drop and forward are mutually exclusive **enable-cache-sharing** **Description** Enable DNS cache sharing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward** **Description** Forward to service group (Service group name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** forward and drop are mutually exclusive **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **insert-ipv4** **Description** prefix-length to insert for IPv4 **Type:** number **Range:** 0-32 **insert-ipv6** **Description** prefix-length to insert for IPv6 **Type:** number **Range:** 0-128 **local-dns-resolution** **Description:** local-dns-resolution is a **JSON Block**. Please see below for :ref:`3055_dns-list_local-dns-resolution` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/dns/{name}/local-dns-resolution ` **max-cache-entry-size** **Description** Define maximum cache entry size (Maximum cache entry size per VIP (default 1024)) **Type:** number **Range:** 1-4096 **Default:** 1024 **max-cache-size** **Description** Define maximum cache size (Maximum cache entry per VIP) **Type:** number **max-query-length** **Description** Define Maximum DNS Query Length, default is unlimited (Specify Maximum Length) **Type:** number **Range:** 1-4095 **name** **Description** DNS Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **negative-dns-cache** **Description:** negative-dns-cache is a **JSON Block**. Please see below for :ref:`3055_dns-list_negative-dns-cache` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/dns/{name}/negative-dns-cache ` **period** **Description** Period in minutes **Type:** number **Range:** 1-10000 **query-class-filter** **Description:** query-class-filter is a **JSON Block**. Please see below for :ref:`3055_dns-list_query-class-filter` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/dns/{name}/query-class-filter ` **query-id-switch** **Description** Use DNS query ID to create sesion **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **query-type-filter** **Description:** query-type-filter is a **JSON Block**. Please see below for :ref:`3055_dns-list_query-type-filter` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/dns/{name}/query-type-filter ` **recursive-dns-resolution** **Description:** recursive-dns-resolution is a **JSON Block**. Please see below for :ref:`3055_dns-list_recursive-dns-resolution` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/dns/{name}/recursive-dns-resolution ` **redirect-to-tcp-port** **Description** Direct the client to retry with TCP for DNS UDP request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **remove-aa-flag** **Description** Make answers created from cache non-authoritative **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **remove-csubnet** **Description** Remove EDNS(0) client subnet from client queries **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **remove-padding-to-server** **Description** Remove EDNS(0) padding to server **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **response-rate-limiting** **Description:** response-rate-limiting is a **JSON Block**. Please see below for :ref:`3055_dns-list_response-rate-limiting` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/dns/{name}/response-rate-limiting ` **rpz-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/dns/{name}/rpz/{seq-id} ` **udp-retransmit** **Description:** udp-retransmit is a **JSON Block**. Please see below for :ref:`3055_dns-list_udp-retransmit` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/dns/{name}/udp-retransmit ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dns-list_response-rate-limiting: dns-list_response-rate-limiting ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **TC-rate** **Description** Every n'th response that would be rate-limited will respond with TC bit **Type:** number **Range:** 2-10 **Mutual Exclusion:** TC-rate and slip-rate are mutually exclusive **action** **Description** 'log-only': Only log rate-limiting, do not actually rate limit. Requires enable-log configuration; 'rate-limit': Rate-Limit based on configuration (Default); 'whitelist': Whitelist, disable rate-limiting; **Type:** string **Supported Values:** log-only, rate-limit, whitelist **Default:** rate-limit **enable-log** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **filter-response-rate** **Description** Maximum allowed request rate for the filter. This should match average traffic. (default 10 per seconds) **Type:** number **Range:** 1-1000 **Default:** 10 **match-subnet** **Description** IP subnet mask (response rate by IP subnet mask) **Type:** string **Format:** ipv4-netmask **Default:** 255.255.255.255 **match-subnet-v6** **Description** IPV6 subnet mask (response rate by IPv6 subnet mask) **Type:** number **Range:** 1-128 **Default:** 128 **response-rate** **Description** Responses exceeding this rate within the window will be dropped (default 5 per second) **Type:** number **Range:** 1-1000 **Default:** 5 **rrl-class-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/dns/{name}/response-rate-limiting/rrl-class-list/{name} ` **slip-rate** **Description** Every n'th response that would be rate-limited will be let through instead **Type:** number **Range:** 2-10 **Mutual Exclusion:** slip-rate and TC-rate are mutually exclusive **src-ip-only** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **window** **Description** Rate-Limiting Interval in Seconds (default is one) **Type:** number **Range:** 1-60 **Default:** 1 .. _3055_dns-list_response-rate-limiting_rrl-class-list-list: dns-list_response-rate-limiting_rrl-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **lid-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/dns/{name}/response-rate-limiting/rrl-class-list/{name}/lid/{lidnum} ` **name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dns-list_response-rate-limiting_rrl-class-list-list_lid-list: dns-list_response-rate-limiting_rrl-class-list-list_lid-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **lid-action** **Description** 'log-only': Only log rate-limiting, do not actually rate limit. Requires enable-log configuration; 'rate-limit': Rate-Limit based on configuration (Default); 'whitelist': Whitelist, disable rate-limiting; **Type:** string **Supported Values:** log-only, rate-limit, whitelist **Default:** rate-limit **lid-enable-log** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **lid-match-subnet** **Description** IP subnet mask (response rate by IP subnet mask) **Type:** string **Format:** ipv4-netmask **Default:** 255.255.255.255 **lid-match-subnet-v6** **Description** IPV6 subnet mask (response rate by IPv6 subnet mask) **Type:** number **Range:** 1-128 **Default:** 128 **lid-response-rate** **Description** Responses exceeding this rate within the window will be dropped (default 5 per second) **Type:** number **Range:** 1-1000 **Default:** 5 **lid-slip-rate** **Description** Every n'th response that would be rate-limited will be let through instead **Type:** number **Range:** 2-10 **Mutual Exclusion:** lid-slip-rate and lid-tc-rate are mutually exclusive **lid-src-ip-only** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **lid-tc-rate** **Description** Every n'th response that would be rate-limited will respond with TC bit **Type:** number **Range:** 2-10 **Mutual Exclusion:** lid-tc-rate and lid-slip-rate are mutually exclusive **lid-window** **Description** Rate-Limiting Interval in Seconds (default is one) **Type:** number **Range:** 1-60 **Default:** 1 **lidnum** **Description** Specify a limit ID **Type:** number **Range:** 1-1023 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dns-list_rpz-list: dns-list_rpz-list ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **logging** **Description:** logging is a **JSON Block**. Please see below for :ref:`3055_dns-list_rpz-list_logging` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/dns/{name}/rpz/{seq-id}/logging ` **name** **Description** Specify a Response Policy Zone name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **seq-id** **Description** sequential id of RPZ **Type:** number **Range:** 1-8 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dns-list_rpz-list_logging: dns-list_rpz-list_logging ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **enable** **Description** Log RPZ triggered action **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **rpz-action** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dns-list_rpz-list_logging_rpz-action: dns-list_rpz-list_logging_rpz-action ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **str-rpz-action** **Description** 'drop': Log RPZ due to drop action; 'pass-thru': Log RPZ due to pass-thru action; 'nxdomain': Log RPZ due to nxdomain action; 'nodata': Log RPZ due to nodata action; 'tcp-only': Log RPZ due to tcp-only action; 'local-data': Log RPZ due to local-data action; **Type:** string **Supported Values:** drop, pass-thru, nxdomain, nodata, tcp-only, local-data .. _3055_dns-list_recursive-dns-resolution: dns-list_recursive-dns-resolution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **csubnet-retry** **Description** retry when server REFUSED AX inserted EDNS(0) subnet, works only when insert-client-subnet is configured **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **default-recursive** **Description** Default recursive mode, forward query to bound service-group if hostnames matched **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dnssec-validation** **Description** 'enabled': Enable DNSSEC validation; 'disabled': Disable DNSSEC validation; **Type:** string **Supported Values:** enabled, disabled **Default:** disabled **fast-ns-selection** **Description** 'enabled': Enable fast NS selection; 'disabled': Disable fast NS selection; **Type:** string **Supported Values:** enabled, disabled **Default:** enabled **force-cname-resolution** **Description** 'enabled': Force CNAME resolution always; 'disabled': Use answer record in CNAME response if it exists, else resolve; **Type:** string **Supported Values:** enabled, disabled **Default:** enabled **full-response** **Description** Serve all records (authority and additional) when applicable **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **gateway-health-check** **Description:** gateway-health-check is a **JSON Block**. Please see below for :ref:`3055_dns-list_recursive-dns-resolution_gateway-health-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/dns/{name}/recursive-dns-resolution/gateway-health-check ` **host-list-cfg** **Type:** List **ipv4-nat-pool** **Description** IPv4 Source NAT pool or pool group **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ip/nat/pool ` **ipv6-nat-pool** **Description** IPv6 Source NAT pool or pool group **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ipv6/nat/pool ` **lookup-order** **Description:** lookup-order is a **JSON Block**. Please see below for :ref:`3055_dns-list_recursive-dns-resolution_lookup-order` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/dns/{name}/recursive-dns-resolution/lookup-order ` **max-trials** **Description** Total number of times to try DNS query to server before closing client connection, default 255 **Type:** number **Range:** 1-255 **Default:** 255 **ns-cache-lookup** **Description** 'disabled': Disable NS Cache Lookup; 'enabled': Enable NS Cache Lookup; **Type:** string **Supported Values:** disabled, enabled **Default:** enabled **request-for-pending-resolution** **Description** 'drop': Drop of the request during ongoing; 'respond-with-servfail': Respond with SERVFAIL of the request during ongoing; 'start-new-resolution': Start new resolution of the request during ongoing; **Type:** string **Supported Values:** drop, respond-with-servfail, start-new-resolution **Default:** respond-with-servfail **retries-per-level** **Description** Number of DNS query retries at each server level before closing client connection, default 6 **Type:** number **Range:** 1-6 **Default:** 6 **udp-initial-interval** **Description** UDP DNS Retry Interval value 1-6, default is 5 sec (1-6, default is 5sec) **Type:** number **Range:** 1-6 **Default:** 5 **udp-retry-interval** **Description** UDP DNS Retry Interval value 1-6, default is 1 sec (1-6 , default is 1 sec) **Type:** number **Range:** 1-6 **Default:** 1 **use-client-qid** **Description** Use client side query id for recursive query **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **use-service-group-response** **Description** 'disabled': Start Recursive Resolver if Server response doesnt have final answer; 'enabled': Forward Backend Server response to client and dont start recursive resolver; **Type:** string **Supported Values:** disabled, enabled **Default:** enabled **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dns-list_recursive-dns-resolution_lookup-order: dns-list_recursive-dns-resolution_lookup-order ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **query-type** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dns-list_recursive-dns-resolution_lookup-order_query-type: dns-list_recursive-dns-resolution_lookup-order_query-type ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **num-query-type** **Description** Other query type value **Type:** number **Range:** 1-65535 **order** **Description** 'ipv4-precede-ipv6': Recursive lookup via IPv4 then IPv6; 'ipv6-precede-ipv4': Recursive lookup via IPv6 then IPv4; **Type:** string **Supported Values:** ipv4-precede-ipv6, ipv6-precede-ipv4 **str-query-type** **Description** 'A': Address record; 'AAAA': IPv6 Address record; 'CNAME': Canonical name record; 'MX': Mail exchange record; 'NS': Name server record; 'SRV': Service locator; 'PTR': PTR resource record; 'SOA': Start of authority record; 'TXT': Text record; 'ANY': All cached record; **Type:** string **Supported Values:** A, AAAA, CNAME, MX, NS, SRV, PTR, SOA, TXT, ANY .. _3055_dns-list_recursive-dns-resolution_gateway-health-check: dns-list_recursive-dns-resolution_gateway-health-check ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gwhc-ns-cache-lookup** **Description** 'disabled': Disable NS Cache Lookup; 'enabled': Enable NS Cache Lookup; **Type:** string **Supported Values:** disabled, enabled **Default:** disabled **interval** **Description** Specify the health check interval, default is 10 sec (Interval value, in seconds (default 10)) **Type:** number **Range:** 1-300 **Default:** 10 **num-query-type** **Description** Other record type value **Type:** number **Range:** 1-65535 **Mutual Exclusion:** num-query-type and str-query-type are mutually exclusive **query-name** **Description** Specify the query name used in probe queries, default "a10networks.com" **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **Default:** a10networks.com **retry** **Description** Maximum number of DNS query retries at each server level before health check fails, default 6 (Retry count (default 6)) **Type:** number **Range:** 1-6 **Default:** 6 **retry-multi** **Description** Specify number of times that health check consecutively fails before declaring gateway DOWN, default 1 (retry-multi count (default 1)) **Type:** number **Range:** 1-10 **Default:** 1 **str-query-type** **Description** 'A': Address record; 'AAAA': IPv6 Address record; 'CNAME': Canonical name record; 'MX': Mail exchange record; 'NS': Name server record; 'SRV': Service locator; 'PTR': PTR resource record; 'SOA': Start of authority record; 'TXT': Text record; **Type:** string **Supported Values:** A, AAAA, CNAME, MX, NS, SRV, PTR, SOA, TXT **Default:** A **Mutual Exclusion:** str-query-type and num-query-type are mutually exclusive **timeout** **Description** Specify the health check timeout before retrying or finish, default is 5 sec (Timeout value, in seconds (default 5)) **Type:** number **Range:** 1-6 **Default:** 5 **up-retry** **Description** Specify number of times that health check consecutively passes before declaring gateway UP, default 1 (up-retry count (default 1)) **Type:** number **Range:** 1-10 **Default:** 1 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dns-list_recursive-dns-resolution_host-list-cfg: dns-list_recursive-dns-resolution_host-list-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **hostnames** **Description** Hostnames class-list name (dns type), perform resolution while query name matched **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` .. _3055_dns-list_class-list: dns-list_class-list ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **lid-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/dns/{name}/class-list/lid/{lidnum} ` **name** **Description** Specify a class list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dns-list_class-list_lid-list: dns-list_class-list_lid-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action-value** **Description** 'dns-cache-disable': Disable DNS cache when it exceeds limit; 'dns-cache-enable': Enable DNS cache when it exceeds limit; 'forward': Forward the traffic even it exceeds limit; **Type:** string **Supported Values:** dns-cache-disable, dns-cache-enable, forward **conn-rate-limit** **Description** Connection rate limit **Type:** number **Range:** 1-2147483647 **dns** **Description:** dns is a **JSON Block**. Please see below for :ref:`3055_dns-list_class-list_lid-list_dns` **Type:** Object **lidnum** **Description** Specify a limit ID **Type:** number **Range:** 1-1023 **lockout** **Description** Don't accept any new connection for certain time (Lockout duration in minutes) **Type:** number **Range:** 1-1023 **log** **Description** Log a message **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-interval** **Description** Log interval (minute, by default system will log every over limit instance) **Type:** number **Range:** 1-255 **over-limit-action** **Description** Action when exceeds limit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **per** **Description** Per (Number of 100ms) **Type:** number **Range:** 1-65535 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dns-list_class-list_lid-list_dns: dns-list_class-list_lid-list_dns ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **cache-action** **Description** 'cache-disable': Disable dns cache; 'cache-enable': Enable dns cache; **Type:** string **Supported Values:** cache-disable, cache-enable **Default:** cache-disable **honor-server-response-ttl** **Description** Honor the server reponse TTL **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ttl** **Description** TTL for cache entry (TTL in seconds) **Type:** number **Range:** 1-65535 **weight** **Description** Weight for cache entry **Type:** number **Range:** 1-7 .. _3055_dns-list_dns64: dns-list_dns64 ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **cache** **Description** Use a cached A-query response to provide AAAA query responses for the same hostname **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **change-query** **Description** Always change incoming AAAA DNS Query to A **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable** **Description** Enable DNS64 (Need to config this option before config any other dns64 options) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **parallel-query** **Description** Forward AAAA Query & generate A Query in parallel **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **retry** **Description** Retry count, default is 3 (Retry Number) **Type:** number **Range:** 0-15 **Default:** 3 **single-response-disable** **Description** Disable Single Response which is used to avoid ambiguity **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **timeout** **Description** Timeout to send additional Queries, unit: second, default is 1 **Type:** number **Range:** 0-15 **Default:** 1 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dns-list_udp-retransmit: dns-list_udp-retransmit ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **max-trials** **Description** Total number of times to try DNS query to server before closing client connection, default 3 **Type:** number **Range:** 1-5 **Default:** 3 **retry-interval** **Description** DNS Retry Interval value 1 - 400 in units of 100ms, default is 10 (default is 1000ms) (1 - 400 in units of 100ms, default is 10 (1000ms/1sec)) **Type:** number **Range:** 1-400 **Default:** 10 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dns-list_query-class-filter: dns-list_query-class-filter ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **query-class** **Type:** List **query-class-action** **Description** 'allow': Allow only certain DNS query classes; 'deny': Deny only certain DNS query classes; **Type:** string **Supported Values:** allow, deny **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dns-list_query-class-filter_query-class: dns-list_query-class-filter_query-class ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **num-query-class** **Description** Other query class value **Type:** number **Range:** 1-65535 **str-query-class** **Description** 'INTERNET': INTERNET query class; 'CHAOS': CHAOS query class; 'HESIOD': HESIOD query class; 'NONE': NONE query class; 'ANY': ANY query class; **Type:** string **Supported Values:** INTERNET, CHAOS, HESIOD, NONE, ANY .. _3055_dns-list_local-dns-resolution: dns-list_local-dns-resolution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **host-list-cfg** **Type:** List **local-resolver-cfg** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dns-list_local-dns-resolution_host-list-cfg: dns-list_local-dns-resolution_host-list-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **hostnames** **Description** Hostnames class-list name (dns type) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` .. _3055_dns-list_local-dns-resolution_local-resolver-cfg: dns-list_local-dns-resolution_local-resolver-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **local-resolver** **Description** Local dns servers (address) **Type:** string **Format:** ipv4-address .. _3055_dns-list_negative-dns-cache: dns-list_negative-dns-cache ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **bypass-query-threshold** **Description** the threshold bypass the query, default is 100 **Type:** number **Range:** 1-65535 **Default:** 100 **enable-negative-dns-cache** **Description** Enable DNS negative cache (Need to turn-on the dns-cache for this feature) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-negative-cache-ttl** **Description** Max negative cache ttl, default is 2 hours **Type:** number **Range:** 0-604800 **Default:** 7200 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dns-list_query-type-filter: dns-list_query-type-filter ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **query-type** **Type:** List **query-type-action** **Description** 'allow': Allow only certain DNS query types; 'deny': Deny only certain DNS query types; **Type:** string **Supported Values:** allow, deny **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dns-list_query-type-filter_query-type: dns-list_query-type-filter_query-type ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **num-query-type** **Description** Other record type value **Type:** number **Range:** 1-65535 **str-query-type** **Description** 'A': Address record; 'AAAA': IPv6 Address record; 'CNAME': Canonical name record; 'MX': Mail exchange record; 'NS': Name server record; 'SRV': Service locator; 'PTR': PTR resource record; 'SOA': Start of authority record; 'TXT': Text record; 'ANY': All cached record; **Type:** string **Supported Values:** A, AAAA, CNAME, MX, NS, SRV, PTR, SOA, TXT, ANY .. _3055_http-list: http-list ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **100-cont-wait-for-req-complete** **Description** When REQ has Expect 100 and response is not 100, then wait for whole request to be sent **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allowed-methods** **Description** Enable allowed-method check (List of allowed HTTP methods) **Type:** string **Format:** string-rlx **Maximum Length:** 1023 characters **Maximum Length:** 1 characters **Mutual Exclusion:** allowed-methods and disallowed-methods are mutually exclusive **allowed-methods-action** **Description** 'drop': Respond 400 directly; **Type:** string **Supported Values:** drop **Default:** drop **bypass-sg** **Description** Select service group for non-http traffic (Service Group Name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **client-idle-timeout** **Description** Client session timeout if the next request is not received (timeout in seconds. 0 means disable, default is 0) **Type:** number **Range:** 0-120 **Default:** 0 **client-ip-hdr-replace** **Description** Replace the existing header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **client-port-hdr-replace** **Description** Replace the existing header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **compression-auto-disable-on-high-cpu** **Description** Auto-disable software compression on high cpu usage (Disable compression if cpu usage is above threshold. Default is off.) **Type:** number **Range:** 1-100 **compression-br-level** **Description** brotli compression level, default 1 (brotli compression level value, default is 1) **Type:** number **Range:** 1-9 **Default:** 1 **compression-br-sliding-window-size** **Description** brotli compression sliding window size, default 10 (brotli compression sliding window size in the form of log (i.e., 10 means 1k-16MB bytes)) **Type:** number **Range:** 10-24 **compression-content-type** **Type:** List **compression-enable** **Description** Enable Compression **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **compression-exclude-content-type** **Type:** List **compression-exclude-uri** **Type:** List **compression-keep-accept-encoding** **Description** Keep accept encoding **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **compression-keep-accept-encoding-enable** **Description** Enable Server Accept Encoding **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **compression-level** **Description** gzip compression level, default 1 (gzip compression level value, default is 1) **Type:** number **Range:** 1-9 **Default:** 1 **compression-method-order** **Description** Method Order (Order to decide which compression algorithm to be applied when multiple algorithms are acceptable) **Type:** string **Format:** string-rlx **Maximum Length:** 11 characters **Maximum Length:** 11 characters **compression-minimum-content-length** **Description** Minimum Content Length (Minimum content length for compression in bytes. Default is 120.) **Type:** number **Range:** 1-2147483647 **Default:** 120 **cookie-format** **Description** 'rfc6265': Follow rfc6265; **Type:** string **Supported Values:** rfc6265 **cookie-samesite** **Description** 'none': none; 'lax': lax; 'strict': strict; **Type:** string **Supported Values:** none, lax, strict **default-charset** **Description** 'iso-8859-1': Use ISO-8859-1 as the default charset; 'utf-8': Use UTF-8 as the default charset; 'us-ascii': Use US-ASCII as the default charset; **Type:** string **Supported Values:** iso-8859-1, utf-8, us-ascii **Default:** utf-8 **disallowed-methods** **Description** Enable disallowed-method check (List of disallowed HTTP methods) **Type:** string **Format:** string-rlx **Maximum Length:** 1023 characters **Maximum Length:** 1 characters **Mutual Exclusion:** disallowed-methods and allowed-methods are mutually exclusive **disallowed-methods-action** **Description** 'drop': Respond 400 directly; **Type:** string **Supported Values:** drop **Default:** drop **failover-url** **Description** Failover to this URL (Failover URL Name) **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **frame-limit** **Description** Limit the number of CONTINUATION, PING, PRIORITY, RESET, SETTINGS and empty frames in one HTTP2 connection, default 10000 **Type:** number **Range:** 0-65535 **Default:** 10000 **host-switching** **Type:** List **http-protocol-check** **Description:** http-protocol-check is a **JSON Block**. Please see below for :ref:`3055_http-list_http-protocol-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/http/{name}/http-protocol-check ` **http2-client-no-snat** **Description** Set max-concurrent-stream = 1 when the client side is HTTP2 and no source-nat configuration is under vport **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **insert-client-ip** **Description** Insert Client IP address into HTTP header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **insert-client-ip-header-name** **Description** HTTP Header Name for inserting Client IP **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **insert-client-port** **Description** Insert Client Port address into HTTP header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **insert-client-port-header-name** **Description** HTTP Header Name for inserting Client Port **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **keep-client-alive** **Description** Keep client alive **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-retry** **Description** log when HTTP request retry **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-concurrent-streams** **Description** (http2 only) Max concurrent streams, default 50 **Type:** number **Range:** 1-1000 **Default:** 50 **name** **Description** HTTP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **non-http-bypass** **Description** Bypass non-http traffic instead of dropping **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **persist-on-401** **Description** Persist to the same server if the response code is 401 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **prefix** **Description** 'host': the cookie will have been set with a Secure attribute, a Path attribute with a value of /, and no Domain attribute; 'secure': the cookie will have been set with a Secure attribute; 'check': check server prefix and enforce prefix format; **Type:** string **Supported Values:** host, secure, check **rd-port** **Description** Port (Port Number) **Type:** number **Range:** 1-65535 **Mutual Exclusion:** rd-port and rd-simple-loc are mutually exclusive **rd-resp-code** **Description** '301': Moved Permanently; '302': Found; '303': See Other; '307': Temporary Redirect; **Type:** string **Supported Values:** 301, 302, 303, 307 **rd-secure** **Description** Use HTTPS **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** rd-secure and rd-simple-loc are mutually exclusive **rd-simple-loc** **Description** Redirect location tag absolute URI string **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **Mutual Exclusion:** rd-simple-loc, rd-secure, and rd-port are mutually exclusive **redirect** **Description** Automatically send a redirect response **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **redirect-rewrite** **Description:** redirect-rewrite is a **JSON Block**. Please see below for :ref:`3055_http-list_redirect-rewrite` **Type:** Object **req-hdr-wait-time** **Description** HTTP request header wait time before abort connection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **req-hdr-wait-time-val** **Description** Number of seconds wait for client request header (default is 7) **Type:** number **Range:** 1-31 **Default:** 7 **request-header-erase-list** **Type:** List **request-header-insert-list** **Type:** List **request-line-case-insensitive** **Description** Parse http request line as case insensitive **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **request-timeout** **Description** Request timeout if response not received (timeout in seconds) **Type:** number **Range:** 1-120 **response-content-replace-list** **Type:** List **response-header-erase-list** **Type:** List **response-header-insert-list** **Type:** List **retry-on-5xx** **Description** Retry http request on HTTP 5xx code and request timeout **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** retry-on-5xx and retry-on-5xx-per-req are mutually exclusive **retry-on-5xx-per-req** **Description** Retry http request on HTTP 5xx code for each request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** retry-on-5xx-per-req and retry-on-5xx are mutually exclusive **retry-on-5xx-per-req-val** **Description** Number of times to retry (default is 3) **Type:** number **Range:** 1-3 **Default:** 3 **retry-on-5xx-val** **Description** Number of times to retry (default is 3) **Type:** number **Range:** 1-3 **Default:** 3 **server-support-http2-only** **Description** Notify the vport regarding whether server supports http2 only **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-support-http2-only-value** **Description** 'auto-detect': Commuincate with the server via HTTP/2 when an support-http2-only rport is detected; 'force': Communicate with the server via HTTP/2 when possible; **Type:** string **Supported Values:** auto-detect, force **Default:** auto-detect **stream-cancellation-limit** **Description** cancellation limit, default 0 (accumulated cancellation limit value, default is 0) **Type:** number **Range:** 0-1000 **Default:** 0 **stream-cancellation-rate** **Description** cancellation rate, default 10 (cancellation rate value, default is 10) **Type:** number **Range:** 0-1000 **Default:** 10 **strict-transaction-switch** **Description** Force server selection on every HTTP request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`3055_http-list_template` **Type:** Object **term-11client-hdr-conn-close** **Description** Terminate HTTP 1.1 client when req has Connection: close **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **url-hash-first** **Description** Use the begining part of URL to calculate hash value (URL string length to calculate hash value) **Type:** number **Range:** 4-128 **Mutual Exclusion:** url-hash-first and url-hash-last are mutually exclusive **url-hash-last** **Description** Use the end part of URL to calculate hash value (URL string length to calculate hash value) **Type:** number **Range:** 4-128 **Mutual Exclusion:** url-hash-last and url-hash-first are mutually exclusive **url-hash-offset** **Description** Skip part of URL to calculate hash value (Offset of the URL string) **Type:** number **Range:** 0-255 **url-hash-persist** **Description** Use URL's hash value to select server **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **url-switching** **Type:** List **use-server-status** **Description** Use Server-Status header to do URL hashing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_http-list_request-header-erase-list: http-list_request-header-erase-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **request-header-erase** **Description** Erase a header from HTTP request (Header Name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_http-list_redirect-rewrite: http-list_redirect-rewrite ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **match-list** **Type:** List **redirect-secure** **Description** Use HTTPS **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **redirect-secure-port** **Description** Port (Port Number) **Type:** number **Range:** 1-65535 **Default:** 443 .. _3055_http-list_redirect-rewrite_match-list: http-list_redirect-rewrite_match-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **redirect-match** **Description** URL Matching (Pattern URL String) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **rewrite-to** **Description** Rewrite to Destination URL String **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_http-list_response-header-insert-list: http-list_response-header-insert-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **response-header-insert** **Description** Insert a header into HTTP response (Header Content (Format: "[name]:[value]")) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **response-header-insert-type** **Description** 'insert-if-not-exist': Only insert the header when it does not exist; 'insert-always': Always insert the header even when there is a header with the same name; **Type:** string **Supported Values:** insert-if-not-exist, insert-always .. _3055_http-list_response-header-erase-list: http-list_response-header-erase-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **response-header-erase** **Description** Erase a header from HTTP response (Header Name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _3055_http-list_template: http-list_template ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** Logging template (Logging Config name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/logging ` .. _3055_http-list_url-switching: http-list_url-switching ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **url-match-string** **Description** URL String **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **url-service-group** **Description** Create a Service Group comprising Servers (Service Group Name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **url-switching-type** **Description** 'contains': Select service group if URL string contains another string; 'ends-with': Select service group if URL string ends with another string; 'equals': Select service group if URL string equals another string; 'starts-with': Select service group if URL string starts with another string; 'regex-match': Select service group if URL string matches with regular expression; 'url-case-insensitive': Case insensitive URL switching; 'url-hits-enable': Enables URL Hits; **Type:** string **Supported Values:** contains, ends-with, equals, starts-with, regex-match, url-case-insensitive, url-hits-enable .. _3055_http-list_response-content-replace-list: http-list_response-content-replace-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **response-content-replace** **Description** replace the data from HTTP response content (String in the http content need to be replaced) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **response-new-string** **Description** String will be in the http content **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters .. _3055_http-list_http-protocol-check: http-list_http-protocol-check ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **get-and-payload** **Description** 'drop': Drop the request and send 400 to the client side; **Type:** string **Supported Values:** drop **h2up-content-length-alias** **Description** 'drop': Drop the request and send 400 to the client side; **Type:** string **Supported Values:** drop **h2up-with-host-and-auth** **Description** 'drop': Drop the request and send 400 to the client side; **Type:** string **Supported Values:** drop **h2up-with-transfer-encoding** **Description** 'drop': Drop the request and send 400 to the client side; **Type:** string **Supported Values:** drop **header-filter-rule-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/http/{name}/http-protocol-check/header-filter-rule/{seq-num} ` **malformed-h2up-header-value** **Description** 'drop': Drop the request and send 400 to the client side; **Type:** string **Supported Values:** drop **malformed-h2up-scheme-value** **Description** 'drop': Drop the request and send 400 to the client side; **Type:** string **Supported Values:** drop **multiple-content-length** **Description** 'drop': Drop the request and send 400 to the client side; **Type:** string **Supported Values:** drop **multiple-transfer-encoding** **Description** 'drop': Drop the request and send 400 to the client side; **Type:** string **Supported Values:** drop **transfer-encoding-and-content-length** **Description** 'drop': Drop the request and Send 400 to the client side; **Type:** string **Supported Values:** drop **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_http-list_http-protocol-check_header-filter-rule-list: http-list_http-protocol-check_header-filter-rule-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action-value** **Description** 'drop': Drop the request; **Type:** string **Supported Values:** drop **header-name-value** **Description** Header name value **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **header-value-value** **Description** Header value **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **match-type-value** **Description** 'full-text': Full text match; 'pcre': PCRE match; **Type:** string **Supported Values:** full-text, pcre **seq-num** **Description** Specify a sequence number **Type:** number **Range:** 0-4 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_http-list_request-header-insert-list: http-list_request-header-insert-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **request-header-insert** **Description** Insert a header into HTTP request (Header Content (Format: "[name]:[value]")) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **request-header-insert-type** **Description** 'insert-if-not-exist': Only insert the header when it does not exist; 'insert-always': Always insert the header even when there is a header with the same name; **Type:** string **Supported Values:** insert-if-not-exist, insert-always .. _3055_http-list_host-switching: http-list_host-switching ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **host-match-string** **Description** Hostname String **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **host-service-group** **Description** Create a Service Group comprising Servers (Service Group Name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **host-switching-type** **Description** 'contains': Select service group if hostname contains another string; 'ends-with': Select service group if hostname ends with another string; 'equals': Select service group if hostname equals another string; 'starts-with': Select service group if hostname starts with another string; 'regex-match': Select service group if URL string matches with regular expression; 'host-hits-enable': Enables Host Hits counters; **Type:** string **Supported Values:** contains, ends-with, equals, starts-with, regex-match, host-hits-enable .. _3055_http-list_compression-content-type: http-list_compression-content-type ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **content-type** **Description** Compression content-type **Type:** string **Format:** string-rlx **Maximum Length:** 31 characters **Maximum Length:** 1 characters .. _3055_http-list_compression-exclude-uri: http-list_compression-exclude-uri ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **exclude-uri** **Description** Compression exclude uri **Type:** string **Format:** string-rlx **Maximum Length:** 31 characters **Maximum Length:** 1 characters .. _3055_http-list_compression-exclude-content-type: http-list_compression-exclude-content-type ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **exclude-content-type** **Description** Compression exclude content-type (Compression exclude content type) **Type:** string **Format:** string-rlx **Maximum Length:** 31 characters **Maximum Length:** 1 characters .. _3055_dns-logging-list: dns-logging-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **disable** **Description** Disable DNS Logging template **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-logging-protocol** **Description** 'both': Log DNS over tcp and udp; 'tcp': Log DNS over tcp; 'udp': Log DNS over udp; **Type:** string **Supported Values:** both, tcp, udp **dns-logging-request-section** **Description** 'all': Log DNS header and question section; 'header': Log DNS header information; 'question': Log DNS question section; **Type:** string **Supported Values:** all, header, question **dns-logging-response-section** **Description** 'all': Log DNS header information, answer, authority, additional section content; 'header': Log DNS header information; 'answer': Log DNS header information and answer section content; **Type:** string **Supported Values:** all, header, answer **dns-logging-type** **Description** 'query': DNS Query Logging; 'response': DNS Response Logging; 'both': DNS Query and Response Logging; **Type:** string **Supported Values:** query, response, both **name** **Description** DNS Logging Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **response-type** **Description:** response-type is a **JSON Block**. Please see below for :ref:`3055_dns-logging-list_response-type` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/dns-logging/{name}/response-type ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dns-logging-list_response-type: dns-logging-list_response-type ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **config** **Description** start config the response type detail **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/dns-logging/{name}/response-type/type/{response-type-name} ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_dns-logging-list_response-type_type-list: dns-logging-list_response-type_type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **caa-type-limit-num** **Description** Limit the field length **Type:** number **Range:** 0-256 **Default:** 0 **Mutual Exclusion:** caa-type-limit-num and caa-type-no-limit are mutually exclusive **caa-type-no-limit** **Description** Print the field as much as possible **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** caa-type-no-limit and caa-type-limit-num are mutually exclusive **digest** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dnskey-type-limit-num** **Description** Limit the field length **Type:** number **Range:** 0-256 **Default:** 0 **Mutual Exclusion:** dnskey-type-limit-num and dnskey-type-no-limit are mutually exclusive **dnskey-type-no-limit** **Description** Print the field as much as possible **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** dnskey-type-no-limit and dnskey-type-limit-num are mutually exclusive **ds-type-limit-num** **Description** Limit the field length **Type:** number **Range:** 0-256 **Default:** 0 **Mutual Exclusion:** ds-type-limit-num and ds-type-no-limit are mutually exclusive **ds-type-no-limit** **Description** Print the field as much as possible **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** ds-type-no-limit and ds-type-limit-num are mutually exclusive **length-limit-flag** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **naptr-type-limit-num** **Description** Limit the field length **Type:** number **Range:** 0-256 **Default:** 0 **Mutual Exclusion:** naptr-type-limit-num and naptr-type-no-limit are mutually exclusive **naptr-type-no-limit** **Description** Print the field as much as possible **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** naptr-type-no-limit and naptr-type-limit-num are mutually exclusive **opt-type-limit-num** **Description** Limit the field length **Type:** number **Range:** 0-256 **Default:** 0 **Mutual Exclusion:** opt-type-limit-num and opt-type-no-limit are mutually exclusive **opt-type-no-limit** **Description** Print the field as much as possible **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** opt-type-no-limit and opt-type-limit-num are mutually exclusive **other-data** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **public-key** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **rdata-field** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **response-type-name** **Description** 'TXT': TXT; 'RRSIG': RRSIG; 'TSIG': TSIG; 'DNSKEY': DNSKEY; 'DS': DS; 'CAA': CAA; 'NAPTR': NAPTR; 'OPT': OPT; **Type:** string **Supported Values:** TXT, RRSIG, TSIG, DNSKEY, DS, CAA, NAPTR, OPT **rrsig-type-limit-num** **Description** Limit the field length **Type:** number **Range:** 0-256 **Default:** 0 **Mutual Exclusion:** rrsig-type-limit-num and rrsig-type-no-limit are mutually exclusive **rrsig-type-no-limit** **Description** Print the field as much as possible **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** rrsig-type-no-limit and rrsig-type-limit-num are mutually exclusive **service-field** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **signature** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tsig-type-limit-num** **Description** Limit the field length **Type:** number **Range:** 0-256 **Default:** 0 **Mutual Exclusion:** tsig-type-limit-num and tsig-type-no-limit are mutually exclusive **tsig-type-no-limit** **Description** Print the field as much as possible **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** tsig-type-no-limit and tsig-type-limit-num are mutually exclusive **txt-data** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **txt-type-limit-num** **Description** Limit the field length **Type:** number **Range:** 0-256 **Default:** 0 **Mutual Exclusion:** txt-type-limit-num and txt-type-no-limit are mutually exclusive **txt-type-no-limit** **Description** Print the field as much as possible **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** txt-type-no-limit and txt-type-limit-num are mutually exclusive **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **value-field** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _3055_virtual-port-list: virtual-port-list ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **aflow** **Description** Use aFlow to eliminate the traffic surge **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-syn-otherflags** **Description** Allow initial SYN packet with other flags **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-vip-to-rport-mapping** **Description** Allow mapping of VIP to real port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **conn-limit** **Description** Connection limit **Type:** number **Range:** 1-64000000 **Default:** 64000000 **conn-limit-no-logging** **Description** Do not log connection over limit event **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **conn-limit-reset** **Description** Send client reset when connection over limit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **conn-rate-limit** **Description** Connection rate limit **Type:** number **Range:** 1-1048575 **conn-rate-limit-no-logging** **Description** Do not log connection over limit event **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **conn-rate-limit-reset** **Description** Send client reset when connection rate over limit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-unknown-conn** **Description** Drop conection if receives TCP packet without SYN or RST flag and it does not belong to any existing connections **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dscp** **Description** Differentiated Services Code Point (DSCP to Real Server IP Mapping Value) **Type:** number **Range:** 1-63 **ignore-tcp-msl** **Description** reclaim TCP resource immediately without MSL **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-options** **Description** 'no-logging': Do not log over limit event; 'no-repeat-logging': log once for over limit event. Default is log once per minute; **Type:** string **Supported Values:** no-logging, no-repeat-logging **name** **Description** Virtual port template name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Default:** default **non-syn-initiation** **Description** Allow initial TCP packet to be non-SYN **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **pkt-rate-interval** **Description** '100ms': Source IP and port rate limit per 100ms; 'second': Source IP and port rate limit per second (default); **Type:** string **Supported Values:** 100ms, second **Default:** second **pkt-rate-limit-reset** **Description** send client-side reset (reset after packet limit) **Type:** number **Range:** 0-1048575 **Default:** 0 **pkt-rate-type** **Description** 'src-ip-port': Source IP and port rate limit; 'src-port': Source port rate limit; **Type:** string **Supported Values:** src-ip-port, src-port **rate** **Description** Source IP and port rate limit (Packet rate limit) **Type:** number **Range:** 1-1048575 **rate-interval** **Description** '100ms': Use 100 ms as sampling interval; 'second': Use 1 second as sampling interval; **Type:** string **Supported Values:** 100ms, second **Default:** second **reset-l7-on-failover** **Description** Send reset to L7 client and server connection upon a failover **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **reset-unknown-conn** **Description** Send reset back if receives TCP packet without SYN or RST flag and it does not belong to any existing connections **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **snat-msl** **Description** Source NAT MSL (Source NAT MSL value (seconds)) **Type:** number **Range:** 1-1800 **snat-port-preserve** **Description** Source NAT Port Preservation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **when-rr-enable** **Description** Only do rate limit if CPU RR triggered **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _3055_mqtt-list: mqtt-list ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **clientid-hash-first** **Description** Use the begining part of client ID to calculate hash value (client ID string length to calculate hash value) **Type:** number **Range:** 4-128 **clientid-hash-last** **Description** Use the end part of Client ID to calculate hash value (Client ID length to calculate hash value) **Type:** number **Range:** 4-128 **clientid-hash-offset** **Description** Skip part of Client ID to calculate hash value (Offset of the Client ID) **Type:** number **Range:** 0-255 **clientid-hash-persist** **Description** Use Client ID's hash value to select server **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **name** **Description** MQTT Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_cipher-list: cipher-list ^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **cipher-cfg** **Type:** List **cipher13-cfg** **Type:** List **name** **Description** Cipher Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_cipher-list_cipher13-cfg: cipher-list_cipher13-cfg ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **cipher13-suite** **Description** 'TLS_AES_256_GCM_SHA384': TLS_AES_256_GCM_SHA384 (0x1302); 'TLS_CHACHA20_POLY1305_SHA256': TLS_CHACHA20_POLY1305_SHA256 (0x1303); 'TLS_AES_128_GCM_SHA256': TLS_AES_128_GCM_SHA256 (0x1301); **Type:** string **Supported Values:** TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256 **priority** **Description** Cipher priority (Cipher priority (default 1)) **Type:** number **Range:** 1-100 **Default:** 1 .. _3055_cipher-list_cipher-cfg: cipher-list_cipher-cfg ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **cipher-suite** **Description** 'SSL3_RSA_DES_192_CBC3_SHA': TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A); 'SSL3_RSA_RC4_128_MD5': TLS_RSA_WITH_RC4_128_MD5 (0x0004); 'SSL3_RSA_RC4_128_SHA': TLS_RSA_WITH_RC4_128_SHA (0x0005); 'TLS1_RSA_AES_128_SHA': TLS_RSA_WITH_AES_128_CBC_SHA (0x002F); 'TLS1_RSA_AES_256_SHA': TLS_RSA_WITH_AES_256_CBC_SHA (0x0035); 'TLS1_RSA_AES_128_SHA256': TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003C); 'TLS1_RSA_AES_256_SHA256': TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003D); 'TLS1_DHE_RSA_AES_128_GCM_SHA256': TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009E); 'TLS1_DHE_RSA_AES_128_SHA': TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033); 'TLS1_DHE_RSA_AES_128_SHA256': TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067); 'TLS1_DHE_RSA_AES_256_GCM_SHA384': TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009F); 'TLS1_DHE_RSA_AES_256_SHA': TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039); 'TLS1_DHE_RSA_AES_256_SHA256': TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006B); 'TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256': TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xC02B); 'TLS1_ECDHE_ECDSA_AES_128_SHA': TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xC009); 'TLS1_ECDHE_ECDSA_AES_128_SHA256': TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xC023); 'TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384': TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xC02C); 'TLS1_ECDHE_ECDSA_AES_256_SHA': TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xC00A); 'TLS1_ECDHE_RSA_AES_128_GCM_SHA256': TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC02F); 'TLS1_ECDHE_RSA_AES_128_SHA': TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013); 'TLS1_ECDHE_RSA_AES_128_SHA256': TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027); 'TLS1_ECDHE_RSA_AES_256_GCM_SHA384': TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030); 'TLS1_ECDHE_RSA_AES_256_SHA': TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014); 'TLS1_RSA_AES_128_GCM_SHA256': TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009C); 'TLS1_RSA_AES_256_GCM_SHA384': TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009D); 'TLS1_ECDHE_RSA_AES_256_SHA384': TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028); 'TLS1_ECDHE_ECDSA_AES_256_SHA384': TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xC024); 'TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256': TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA8); 'TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256': TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA9); 'TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256': TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCAA); 'TLS1_ECDHE_SM2_WITH_SMS4_SM3': TLS_ECDHE_SM2_WITH_SMS4_SM3 (0xE102); 'TLS1_ECDHE_SM2_WITH_SMS4_SHA256': TLS_ECDHE_SM2_WITH_SMS4_SHA256 (0xE105); 'TLS1_ECDHE_SM2_WITH_SMS4_GCM_SM3': TLS_ECDHE_SM2_WITH_SMS4_GCM_SM3 (0xE107); **Type:** string **Supported Values:** SSL3_RSA_DES_192_CBC3_SHA, SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, TLS1_RSA_AES_128_SHA, TLS1_RSA_AES_256_SHA, TLS1_RSA_AES_128_SHA256, TLS1_RSA_AES_256_SHA256, TLS1_DHE_RSA_AES_128_GCM_SHA256, TLS1_DHE_RSA_AES_128_SHA, TLS1_DHE_RSA_AES_128_SHA256, TLS1_DHE_RSA_AES_256_GCM_SHA384, TLS1_DHE_RSA_AES_256_SHA, TLS1_DHE_RSA_AES_256_SHA256, TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256, TLS1_ECDHE_ECDSA_AES_128_SHA, TLS1_ECDHE_ECDSA_AES_128_SHA256, TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA, TLS1_ECDHE_RSA_AES_128_GCM_SHA256, TLS1_ECDHE_RSA_AES_128_SHA, TLS1_ECDHE_RSA_AES_128_SHA256, TLS1_ECDHE_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA, TLS1_RSA_AES_128_GCM_SHA256, TLS1_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA384, TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256, TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256, TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256, TLS1_ECDHE_SM2_WITH_SMS4_SM3, TLS1_ECDHE_SM2_WITH_SMS4_SHA256, TLS1_ECDHE_SM2_WITH_SMS4_GCM_SM3 **priority** **Description** Cipher priority (Cipher priority (default 1)) **Type:** number **Range:** 1-100 **Default:** 1 .. _3055_policy-list: policy-list ^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **bw-list-id** **Type:** List **bw-list-name** **Description** Specify a blacklist/whitelist name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **class-list** **Description:** class-list is a **JSON Block**. Please see below for :ref:`3055_policy-list_class-list` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/policy/{name}/class-list ` **forward-policy** **Description:** forward-policy is a **JSON Block**. Please see below for :ref:`3055_policy-list_forward-policy` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/policy/{name}/forward-policy ` **full-domain-tree** **Description** Share counters between geo-location and sub regions **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **interval** **Description** Log interval (minute) **Type:** number **Range:** 1-255 **name** **Description** Policy template name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **over-limit** **Description** Specify operation in case over limit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **over-limit-lockup** **Description** Don't accept any new connection for certain time (Lockup duration (minute)) **Type:** number **Range:** 1-127 **over-limit-logging** **Description** Log a message **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **over-limit-reset** **Description** Reset the connection when it exceeds limit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **overlap** **Description** Use overlap mode for geo-location to do longest match **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sampling-enable** **Type:** List **share** **Description** Share counters between virtual ports and virtual servers **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **timeout** **Description** Define timeout value of PBSLB dynamic entry (Timeout value (minute, default is 5)) **Type:** number **Range:** 1-127 **Default:** 5 **use-destination-ip** **Description** Use destination IP to match the policy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_policy-list_forward-policy: policy-list_forward-policy ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **acos-event-log** **Description** Enable acos event logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **action-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/policy/{name}/forward-policy/action/{name} ` **dual-stack-action-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/policy/{name}/forward-policy/dual-stack-action/{name} ` **enable-adv-match** **Description** Enable adv-match rules and deactive all the other kinds of destination rules **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **filtering** **Type:** List **forward-http-connect-to-icap** **Description** Forward HTTP CONNECT request to ICAP server **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **local-logging** **Description** Enable local logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **no-client-conn-reuse** **Description** Inspects only first request of a connection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **reqmod-icap** **Description** ICAP reqmod template (Reqmod ICAP Template Name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/reqmod-icap ` **require-web-category** **Description** Wait for web category to be resolved before taking proxy decision **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **san-filtering** **Type:** List **source-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/policy/{name}/forward-policy/source/{name} ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_policy-list_forward-policy_filtering: policy-list_forward-policy_filtering ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ssli-url-filtering** **Description** 'bypassed-sni-disable': Disable SNI filtering for bypassed URL's(enabled by default); 'intercepted-sni-enable': Enable SNI filtering for intercepted URL's(disabled by default); 'intercepted-http-disable': Disable HTTP(host/URL) filtering for intercepted URL's(enabled by default); 'no-sni-allow': Allow connection if SNI filtering is enabled and SNI header is not present(Drop by default); **Type:** string **Supported Values:** bypassed-sni-disable, intercepted-sni-enable, intercepted-http-disable, no-sni-allow .. _3055_policy-list_forward-policy_san-filtering: policy-list_forward-policy_san-filtering ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ssli-url-filtering-san** **Description** 'enable-san': Enable SAN filtering(disabled by default); 'bypassed-san-disable': Disable SAN filtering for bypassed URL's(enabled by default); 'intercepted-san-enable': Enable SAN filtering for intercepted URL's(disabled by default); 'no-san-allow': Allow connection if SAN filtering is enabled and SAN field is not present(Drop by default); **Type:** string **Supported Values:** enable-san, bypassed-san-disable, intercepted-san-enable, no-san-allow .. _3055_policy-list_forward-policy_action-list: policy-list_forward-policy_action-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action1** **Description** 'forward-to-internet': Forward request to Internet; 'forward-to-service-group': Forward request to service group; 'forward-to-proxy': Forward request to HTTP proxy server; 'drop': Drop request; **Type:** string **Supported Values:** forward-to-internet, forward-to-service-group, forward-to-proxy, drop **drop-message** **Description** drop-message sent to the client as webpage(html tags are included and quotation marks are required for white spaces) **Type:** string **Format:** string-rlx **Maximum Length:** 1023 characters **Maximum Length:** 1 characters **Mutual Exclusion:** drop-message and drop-redirect-url are mutually exclusive **drop-redirect-url** **Description** Specify URL to which client request is redirected upon being dropped **Type:** string **Format:** string-rlx **Maximum Length:** 1023 characters **Maximum Length:** 1 characters **Mutual Exclusion:** drop-redirect-url, drop-response-code, and drop-message are mutually exclusive **drop-response-code** **Description** Specify response code for drop action **Type:** number **Range:** 100-599 **Mutual Exclusion:** drop-response-code and drop-redirect-url are mutually exclusive **fake-sg** **Description** service group to forward the packets to Internet **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **fall-back** **Description** Fallback service group for Internet **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **fall-back-snat** **Description** Source NAT pool or pool group for fallback server **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fall-back-snat and fall-back-snat-pt-only are mutually exclusive **fall-back-snat-pt-only** **Description** Source port translation only for fallback server **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** fall-back-snat-pt-only and fall-back-snat are mutually exclusive **forward-snat** **Description** Source NAT pool or pool group **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** forward-snat and forward-snat-pt-only are mutually exclusive **forward-snat-pt-only** **Description** Source port translation only **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** forward-snat-pt-only and forward-snat are mutually exclusive **http-status-code** **Description** '301': Moved permanently; '302': Found; **Type:** string **Supported Values:** 301, 302 **Default:** 302 **log** **Description** enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **name** **Description** Action policy name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **proxy-chaining** **Description** Enable proxy chaining feature **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **proxy-chaining-bypass** **Description** Forward all https packets to upstream proxy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **real-sg** **Description** service group to forward the packets **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sampling-enable** **Type:** List **support-cert-fetch** **Description** Fetch server certificate by upstream proxy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_policy-list_forward-policy_action-list_sampling-enable: policy-list_forward-policy_action-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'hits': Number of requests matching this destination rule; **Type:** string **Supported Values:** all, hits .. _3055_policy-list_forward-policy_dual-stack-action-list: policy-list_forward-policy_dual-stack-action-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **fall-back** **Description** Fallback service group **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **fall-back-snat** **Description** Source NAT pool or pool group for fallback **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ip/nat/pool ` **ipv4** **Description** IPv4 service group to forward **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **ipv4-snat** **Description** IPv4 source NAT pool or pool group **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ip/nat/pool ` **ipv6** **Description** IPv6 service group to forward **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **ipv6-snat** **Description** IPv6 source NAT pool or pool group **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ipv6/nat/pool ` **log** **Description** enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **name** **Description** Action name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_policy-list_forward-policy_dual-stack-action-list_sampling-enable: policy-list_forward-policy_dual-stack-action-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'hits': Number of requests forward by this action; **Type:** string **Supported Values:** all, hits .. _3055_policy-list_forward-policy_source-list: policy-list_forward-policy_source-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **destination** **Description:** destination is a **JSON Block**. Please see below for :ref:`3055_policy-list_forward-policy_source-list_destination` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination ` **match-any** **Description** Match any source **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** match-any and match-class-list are mutually exclusive **match-authorize-policy** **Description** Authorize-policy for user and group based policy **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/aam/authorization/policy ` **match-class-list** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** match-class-list and match-any are mutually exclusive **name** **Description** source destination match rule name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **priority** **Description** Priority of the source(higher the number higher the priority, default 0) **Type:** number **Range:** 1-2000 **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_policy-list_forward-policy_source-list_destination: policy-list_forward-policy_source-list_destination ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **adv-match-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination/adv-match/{priority} ` **any** **Description:** any is a **JSON Block**. Please see below for :ref:`3055_policy-list_forward-policy_source-list_destination_any` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination/any ` **class-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination/class-list/{dest-class-list} ` **web-category-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination/web-category-list/{web-category-list} ` **web-reputation-scope-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination/web-reputation-scope/{web-reputation-scope} ` .. _3055_policy-list_forward-policy_source-list_destination_class-list-list: policy-list_forward-policy_source-list_destination_class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** Action to be performed **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **dest-class-list** **Description** Destination Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **dual-stack-action** **Description** Dual-stack action to be performed **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **priority** **Description** Priority value of the action(higher the number higher the priority) **Type:** number **Range:** 1-1024 **type** **Description** 'host': Match hostname; 'url': Match URL; 'ip': Match destination IP address; **Type:** string **Supported Values:** host, url, ip **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_policy-list_forward-policy_source-list_destination_web-category-list-list: policy-list_forward-policy_source-list_destination_web-category-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** Action to be performed **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **dual-stack-action** **Description** Dual-stack action to be performed **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **priority** **Description** Priority value of the action(higher the number higher the priority) **Type:** number **Range:** 1-1024 **type** **Description** 'host': Match hostname; 'url': match URL; **Type:** string **Supported Values:** host, url **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **web-category-list** **Description** Destination Web Category List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/web-category/category-list ` .. _3055_policy-list_forward-policy_source-list_destination_any: policy-list_forward-policy_source-list_destination_any ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action** **Description** Action to be performed **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** action and dual-stack-action are mutually exclusive **dual-stack-action** **Description** Dual-stack action to be performed **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dual-stack-action and action are mutually exclusive **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_policy-list_forward-policy_source-list_destination_any_sampling-enable: policy-list_forward-policy_source-list_destination_any_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'hits': Number of requests matching this destination rule; **Type:** string **Supported Values:** all, hits .. _3055_policy-list_forward-policy_source-list_destination_adv-match-list: policy-list_forward-policy_source-list_destination_adv-match-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** Forwading action of this rule **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** action and dual-stack-action are mutually exclusive **disable-reqmod-icap** **Description** Disable REQMOD ICAP template **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-respmod-icap** **Description** Disable RESPMOD ICAP template **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dual-stack-action** **Description** Forwarding action of this rule **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dual-stack-action and action are mutually exclusive **match-host** **Description** Match request host (HTTP stage) or SNI/SAN (SSL stage) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **match-http-content-encoding** **Description** Match the value of HTTP header "Content-Encoding" **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **match-http-content-length-range-begin** **Description** Match the value of HTTP header "Content-Length" with an inclusive range **Type:** number **Range:** 0-2147483647 **match-http-content-length-range-end** **Description** End of the "Content-Length" range **Type:** number **Range:** 0-2147483647 **match-http-content-type** **Description** Match the value of HTTP header "Content-Type" **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **match-http-header** **Description** Matching the name of all request headers **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **match-http-method-connect** **Description** Match HTTP request method CONNECT **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **match-http-method-delete** **Description** Match HTTP request method DELETE **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **match-http-method-get** **Description** Match HTTP request method GET **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **match-http-method-head** **Description** Match HTTP request method HEAD **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **match-http-method-options** **Description** Match HTTP request method OPTIONS **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **match-http-method-patch** **Description** Match HTTP request method PATCH **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **match-http-method-post** **Description** Match HTTP request method POST **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **match-http-method-put** **Description** Match HTTP request method PUT **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **match-http-method-trace** **Description** Match HTTP request method TRACE **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **match-http-request-file-extension** **Description** Match file extension of URL in HTTP request line **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **match-http-url** **Description** Match URL in HTTP request line **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **match-http-url-regex** **Description** Match URI in HTTP request line by given regular expression **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **match-http-user-agent** **Description** Matching the value of HTTP header "User-Agent" **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **match-server-address** **Description** Match target server IP address **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **match-server-port** **Description** Match target server port number **Type:** number **Range:** 1-65535 **Mutual Exclusion:** match-server-port and match-server-port-range-begin are mutually exclusive **match-server-port-range-begin** **Description** Math targer server port range inclusively **Type:** number **Range:** 1-65535 **Mutual Exclusion:** match-server-port-range-begin and match-server-port are mutually exclusive **match-server-port-range-end** **Description** End of port range **Type:** number **Range:** 1-65535 **match-time-range** **Description** Enable rule in this time-range **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/forward-proxy/time-range ` **match-web-category-list** **Description** Match web-category list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/web-category/category-list ` **match-web-reputation-scope** **Description** Match web-reputation scope **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/web-category/reputation-scope ` **notify-page** **Description** Send notify-page to client **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/forward-proxy/notify-page ` **priority** **Description** Rule priority (1000 is highest) **Type:** number **Range:** 1-1000 **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_policy-list_forward-policy_source-list_destination_adv-match-list_sampling-enable: policy-list_forward-policy_source-list_destination_adv-match-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'hits': Number of requests hit this rule; **Type:** string **Supported Values:** all, hits .. _3055_policy-list_forward-policy_source-list_destination_web-reputation-scope-list: policy-list_forward-policy_source-list_destination_web-reputation-scope-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** Action to be performed **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **dual-stack-action** **Description** Dual-stack action to be performed **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **priority** **Description** Priority value of the action(higher the number higher the priority) **Type:** number **Range:** 1-1024 **type** **Description** 'host': Match hostname; 'url': match URL; **Type:** string **Supported Values:** host, url **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **web-reputation-scope** **Description** Destination Web Reputation Scope Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/web-category/reputation-scope ` .. _3055_policy-list_forward-policy_source-list_sampling-enable: policy-list_forward-policy_source-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'hits': Number of requests matching this source rule; 'destination-match-not-found': Number of requests without matching destination rule; 'no-host-info': Failed to parse ip or host information from request; **Type:** string **Supported Values:** all, hits, destination-match-not-found, no-host-info .. _3055_policy-list_class-list: policy-list_class-list ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **client-ip-l3-dest** **Description** Use destination IP as client IP address **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** client-ip-l3-dest and client-ip-l7-header are mutually exclusive **client-ip-l7-header** **Description** Use extract client IP address from L7 header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** client-ip-l7-header and client-ip-l3-dest are mutually exclusive **header-name** **Description** Specify L7 header name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **lid-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/policy/{name}/class-list/lid/{lidnum} ` **name** **Description** Class list name or geo-location-class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_policy-list_class-list_lid-list: policy-list_class-list_lid-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action-value** **Description** 'forward': Forward the traffic even it exceeds limit; 'reset': Reset the connection when it exceeds limit; **Type:** string **Supported Values:** forward, reset **bw-per** **Description** Per (Specify interval in number of 100ms) **Type:** number **Range:** 1-65535 **bw-rate-limit** **Description** Specify bandwidth rate limit (Bandwidth rate limit in bytes) **Type:** number **Range:** 1-2147483647 **conn-limit** **Description** Connection limit **Type:** number **Range:** 0-1048575 **conn-per** **Description** Per (Specify interval in number of 100ms) **Type:** number **Range:** 1-65535 **conn-rate-limit** **Description** Specify connection rate limit **Type:** number **Range:** 1-2147483647 **direct-action** **Description** Set action when match the lid **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **direct-action-interval** **Description** Specify logging interval in minute (default is 3) **Type:** number **Range:** 0-60 **Default:** 3 **direct-action-value** **Description** 'drop': drop the packet; 'reset': Send reset back; **Type:** string **Supported Values:** drop, reset **Mutual Exclusion:** direct-action-value and direct-service-group are mutually exclusive **direct-fail** **Description** Only log unsuccessful connections **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **direct-logging-drp-rst** **Description** Configure PBSLB logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **direct-pbslb-interval** **Description** Specify logging interval in minutes(default is 3) **Type:** number **Range:** 0-60 **Default:** 3 **direct-pbslb-logging** **Description** Configure PBSLB logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **direct-service-group** **Description** Specify a service group (Specify the service group name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** direct-service-group and direct-action-value are mutually exclusive **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **dns64** **Description:** dns64 is a **JSON Block**. Please see below for :ref:`3055_policy-list_class-list_lid-list_dns64` **Type:** Object **interval** **Description** Specify log interval in minutes, by default system will log every over limit instance **Type:** number **Range:** 1-255 **lidnum** **Description** Specify a limit ID **Type:** number **Range:** 1-1023 **lockout** **Description** Don't accept any new connection for certain time (Lockout duration in minutes) **Type:** number **Range:** 1-1023 **log** **Description** Log a message **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **over-limit-action** **Description** Set action when exceeds limit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **request-limit** **Description** Request limit (Specify request limit) **Type:** number **Range:** 1-1048575 **request-per** **Description** Per (Specify interval in number of 100ms) **Type:** number **Range:** 1-65535 **request-rate-limit** **Description** Request rate limit (Specify request rate limit) **Type:** number **Range:** 1-4294967295 **response-code-rate-limit** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_policy-list_class-list_lid-list_dns64: policy-list_class-list_lid-list_dns64 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **disable** **Description** Disable **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exclusive-answer** **Description** Exclusive Answer in DNS Response **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **prefix** **Description** IPv6 prefix **Type:** string **Format:** ipv6-address-plen .. _3055_policy-list_class-list_lid-list_response-code-rate-limit: policy-list_class-list_lid-list_response-code-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **code-range-end** **Description** server response code range end **Type:** number **Range:** 100-600 **code-range-start** **Description** server response code range start **Type:** number **Range:** 100-600 **period** **Description** seconds **Type:** number **Range:** 1-127 **threshold** **Description** the times of getting the response code **Type:** number **Range:** 1-15 .. _3055_policy-list_bw-list-id: policy-list_bw-list-id ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action-interval** **Description** Specify logging interval in minute (default is 3) **Type:** number **Range:** 0-60 **Default:** 3 **bw-list-action** **Description** 'drop': drop the packet; 'reset': Send reset back; **Type:** string **Supported Values:** drop, reset **Mutual Exclusion:** bw-list-action and service-group are mutually exclusive **fail** **Description** Only log unsuccessful connections **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **id** **Description** Specify id that maps to service group (The id number) **Type:** number **Range:** 0-1023 **logging-drp-rst** **Description** Configure PBSLB logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **pbslb-interval** **Description** Specify logging interval in minutes **Type:** number **Range:** 0-60 **Default:** 3 **pbslb-logging** **Description** Configure PBSLB logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **service-group** **Description** Specify a service group (Specify the service group name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** service-group and bw-list-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/slb/service-group ` .. _3055_policy-list_sampling-enable: policy-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'fwd-policy-dns-unresolved': Forward-policy unresolved DNS queries; 'fwd-policy-dns-outstanding': Forward-policy current DNS outstanding requests; 'fwd-policy-snat-fail': Forward-policy source-nat translation failure; 'fwd-policy-hits': Number of forward-policy requests for this policy template; 'fwd-policy-forward-to-internet': Number of forward-policy requests forwarded to internet; 'fwd-policy-forward-to-service-group': Number of forward-policy requests forwarded to service group; 'fwd-policy-forward-to-proxy': Number of forward-policy requests forwarded to proxy; 'fwd-policy-policy-drop': Number of forward-policy requests dropped; 'fwd-policy-source-match-not-found': Forward-policy requests without matching source rule; 'exp-client-hello-not-found': Expected Client HELLO requests not found; **Type:** string **Supported Values:** all, fwd-policy-dns-unresolved, fwd-policy-dns-outstanding, fwd-policy-snat-fail, fwd-policy-hits, fwd-policy-forward-to-internet, fwd-policy-forward-to-service-group, fwd-policy-forward-to-proxy, fwd-policy-policy-drop, fwd-policy-source-match-not-found, exp-client-hello-not-found .. _3055_server-list: server-list ^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **add** **Description** Slow start connection limit add by a number every interval (Add by this number every interval) **Type:** number **Range:** 1-4095 **Mutual Exclusion:** add and times are mutually exclusive **bw-rate-limit** **Description** Configure bandwidth rate limit on real server (Bandwidth rate limit in Kbps) **Type:** number **Range:** 1-16777216 **bw-rate-limit-acct** **Description** 'to-server-only': Only account for traffic sent to server; 'from-server-only': Only account for traffic received from server; 'all': Account for all traffic sent to and received from server; **Type:** string **Supported Values:** to-server-only, from-server-only, all **Default:** all **bw-rate-limit-duration** **Description** Duration in seconds the observed rate needs to honor **Type:** number **Range:** 1-250 **bw-rate-limit-no-logging** **Description** Do not log bandwidth rate limit related state transitions **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **bw-rate-limit-resume** **Description** Resume server selection after bandwidth drops below this threshold (in Kbps) (Bandwidth rate limit resume threshold (in Kbps)) **Type:** number **Range:** 1-16777216 **conn-limit** **Description** Connection limit **Type:** number **Range:** 1-64000000 **Default:** 64000000 **conn-limit-no-logging** **Description** Do not log connection over limit event **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **conn-rate-limit** **Description** Connection rate limit **Type:** number **Range:** 1-1048575 **conn-rate-limit-no-logging** **Description** Do not log connection over limit event **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-fail-interval** **Description** The interval to retry when DNS failed to query (DNS failure interval (in second, default is 30)) **Type:** number **Range:** 0-1800 **Default:** 30 **dns-query-interval** **Description** The interval to query DNS server for the hostname (DNS query interval (in minute, default is 10)) **Type:** number **Range:** 1-1440 **Default:** 10 **dynamic-server-prefix** **Description** Prefix of dynamic server (Prefix of dynamic server (default is "DRS")) **Type:** string **Maximum Length:** 3 characters **Maximum Length:** 1 characters **Default:** DRS **every** **Description** Slow start connection limit increment interval (default 10) **Type:** number **Range:** 1-60 **Default:** 10 **extended-stats** **Description** Enable extended statistics on real server **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **health-check** **Description** Health Check Monitor (Health monitor name) **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** health-check and health-check-disable are mutually exclusive **Reference Object:** :doc:`/axapi/v3/health/monitor ` **health-check-disable** **Description** Disable configured health check configuration **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** health-check-disable and health-check are mutually exclusive **initial-slow-start** **Description** Initial slow start connection limit (default 128) **Type:** number **Range:** 1-4095 **Default:** 128 **log-selection-failure** **Description** Enable real-time logging for server selection failure event **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-dynamic-server** **Description** Maximum dynamic server number (Maximum dynamic server number (default is 255)) **Type:** number **Range:** 1-1023 **Default:** 255 **min-ttl-ratio** **Description** Minimum TTL to DNS query interval ratio (Minimum TTL ratio (default is 2)) **Type:** number **Range:** 1-15 **Default:** 2 **name** **Description** Server template name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Default:** default **rate-interval** **Description** '100ms': Use 100 ms as sampling interval; 'second': Use 1 second as sampling interval; **Type:** string **Supported Values:** 100ms, second **Default:** second **resume** **Description** Resume accepting new connection after connection number drops below threshold (Connection resume threshold) **Type:** number **Range:** 1-1048575 **slow-start** **Description** Slowly ramp up the connection number after server is up **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **spoofing-cache** **Description** Servers under the template are spoofing cache **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **stats-data-action** **Description** 'stats-data-enable': Enable statistical data collection for real server; 'stats-data-disable': Disable statistical data collection for real server; **Type:** string **Supported Values:** stats-data-enable, stats-data-disable **Default:** stats-data-enable **till** **Description** Slow start ends when slow start connection limit reaches a number (default 4096) (Slow start ends when connection limit reaches this number) **Type:** number **Range:** 1-65535 **Default:** 4096 **times** **Description** Slow start connection limit multiply by a number every interval (default 2) (Multiply by this number every interval) **Type:** number **Range:** 2-10 **Default:** 2 **Mutual Exclusion:** times and add are mutually exclusive **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **weight** **Description** Weight for the Real Servers (Connection Weight (default is 1)) **Type:** number **Range:** 1-1000 **Default:** 1 .. _3055_monitor-list: monitor-list ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **clear-cfg** **Type:** List **id** **Description** Monitor template ID Number **Type:** number **Range:** 1-16 **link-disable-cfg** **Type:** List **link-down-cfg** **Type:** List **link-enable-cfg** **Type:** List **link-up-cfg** **Type:** List **monitor-relation** **Description** 'monitor-and': Configures the monitors in current template to work with AND logic; 'monitor-or': Configures the monitors in current template to work with OR logic; **Type:** string **Supported Values:** monitor-and, monitor-or **Default:** monitor-and **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_monitor-list_clear-cfg: monitor-list_clear-cfg ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **clear-all-sequence** **Description** Sequence number (Specify the port physical port number) **Type:** number **Range:** 1-16 **clear-sequence** **Description** Specify the port physical port number **Type:** number **Range:** 1-16 **sessions** **Description** 'all': Clear all sessions; 'sequence': Sequence number; **Type:** string **Supported Values:** all, sequence .. _3055_monitor-list_link-enable-cfg: monitor-list_link-enable-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ena-sequence** **Description** Sequence number (Specify the physical port number) **Type:** number **Range:** 1-16 **enaeth** **Description** Specify the physical port number (Ethernet interface number) **Type:** number **Format:** interface .. _3055_monitor-list_link-up-cfg: monitor-list_link-up-cfg ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **link-up-sequence1** **Description** Sequence number (Specify the port physical port number) **Type:** number **Range:** 1-16 **link-up-sequence2** **Description** Sequence number (Specify the port physical port number) **Type:** number **Range:** 1-16 **link-up-sequence3** **Description** Sequence number (Specify the port physical port number) **Type:** number **Range:** 1-16 **linkup-ethernet1** **Description** Specify the port physical port number (Ethernet interface number) **Type:** number **Format:** interface **linkup-ethernet2** **Description** Specify the port physical port number (Ethernet interface number) **Type:** number **Format:** interface **linkup-ethernet3** **Description** Specify the port physical port number (Ethernet interface number) **Type:** number **Format:** interface .. _3055_monitor-list_link-down-cfg: monitor-list_link-down-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **link-down-sequence1** **Description** Sequence number (Specify the port physical port number) **Type:** number **Range:** 1-16 **link-down-sequence2** **Description** Sequence number (Specify the port physical port number) **Type:** number **Range:** 1-16 **link-down-sequence3** **Description** Sequence number (Specify the port physical port number) **Type:** number **Range:** 1-16 **linkdown-ethernet1** **Description** Specify the port physical port number (Ethernet interface number) **Type:** number **Format:** interface **linkdown-ethernet2** **Description** Specify the port physical port number (Ethernet interface number) **Type:** number **Format:** interface **linkdown-ethernet3** **Description** Specify the port physical port number (Ethernet interface number) **Type:** number **Format:** interface .. _3055_monitor-list_link-disable-cfg: monitor-list_link-disable-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dis-sequence** **Description** Sequence number (Specify the physical port number) **Type:** number **Range:** 1-16 **diseth** **Description** Specify the physical port number (Ethernet interface number) **Type:** number **Format:** interface .. _3055_tcp-proxy-list: tcp-proxy-list ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ack-aggressiveness** **Description** 'low': Delayed ACK; 'medium': Delayed ACK, with ACK on each packet with PUSH flag; 'high': ACK on each packet; **Type:** string **Supported Values:** low, medium, high **Default:** low **alive-if-active** **Description** keep connection alive if active traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **backend-wscale** **Description** The TCP window scale used for the server side, default is off (number) **Type:** number **Range:** 1-14 **del-session-on-server-down** **Description** Delete session if the server/port goes down (either disabled/hm down) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable** **Description** send reset to client when server is disabled **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** disable and down are mutually exclusive **disable-abc** **Description** Appropriate Byte Counting RFC 3465 Disabled, default is enabled (Appropriate Byte Counting (ABC) is enabled by default) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-sack** **Description** disable Selective Ack Option **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-tcp-timestamps** **Description** disable TCP Timestamps Option **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-window-scale** **Description** disable TCP Window-Scale Option **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **down** **Description** send reset to client when server is down **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** down and disable are mutually exclusive **dynamic-buffer-allocation** **Description** Optimally adjust the transmit and receive buffer sizes of TCP proxy while keeping their sum constant **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **early-retransmit** **Description** Configure the Early-Retransmit Algorithm (RFC 5827) (Early-Retransmit is disabled by default) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fin-timeout** **Description** FIN timeout (sec), default is disabled (number) **Type:** number **Range:** 1-60 **force-delete-timeout** **Description** The maximum time that a session can stay in the system before being deleted, default is off (number (second)) **Type:** number **Range:** 1-31 **Mutual Exclusion:** force-delete-timeout and force-delete-timeout-100ms are mutually exclusive **force-delete-timeout-100ms** **Description** The maximum time that a session can stay in the system before being deleted, default is off (number in 100ms) **Type:** number **Range:** 1-31 **Mutual Exclusion:** force-delete-timeout-100ms and force-delete-timeout are mutually exclusive **half-close-idle-timeout** **Description** TCP Half Close Idle Timeout (sec), default is off (cmd is deprecated, use fin-timeout instead) (number) **Type:** number **Range:** 60-120 **half-open-idle-timeout** **Description** TCP Half Open Idle Timeout (sec), default is off (number) **Type:** number **Range:** 1-60 **idle-timeout** **Description** Idle Timeout (Interval of 60 seconds), default is 600 (idle timeout in second, default 600) **Type:** number **Range:** 1-2097151 **Default:** 600 **init-cwnd** **Description** The initial congestion control window size (packets), default is 10 (init-cwnd in packets, default 10) **Type:** number **Range:** 1-15 **Default:** 10 **initial-window-size** **Description** Set the initial window size, default is off (number) **Type:** number **Range:** 1-65535 **insert-client-ip** **Description** Insert client ip into TCP option **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **invalid-rate-limit** **Description** Invalid Packet Response Rate Limit (ms), default is 500 (number default 500 challenges) **Type:** number **Range:** 0-60000000 **Default:** 500 **keepalive-interval** **Description** Interval between keepalive probes (sec), default is off (number (seconds)) **Type:** number **Range:** 60-12000 **keepalive-probes** **Description** Number of keepalive probes sent, default is off **Type:** number **Range:** 2-10 **limited-slowstart** **Description** RFC 3742 Limited Slow-Start for TCP with Large Congestion Windows (number) **Type:** number **Range:** 0-2147483647 **Default:** 0 **maxburst** **Description** The max packet count sent per transmission event (number) **Type:** number **Range:** 1-100 **Default:** 25 **min-rto** **Description** The minmum retransmission timeout, default is 200ms (number) **Type:** number **Range:** 100-1000 **Default:** 200 **mss** **Description** Responding MSS to use if client MSS is large, default is off (number) **Type:** number **Range:** 128-9000 **Default:** 1460 **nagle** **Description** Enable Nagle Algorithm **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **naked-ack-on-handshake** **Description** Send naked ack before data during 3-way handshake **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **name** **Description** TCP Proxy Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Default:** default **proxy-header** **Description:** proxy-header is a **JSON Block**. Please see below for :ref:`3055_tcp-proxy-list_proxy-header` **Type:** Object **psh-flag-optimization** **Description** Enable Optimized PSH Flag Use **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **qos** **Description** QOS level (number) **Type:** number **Range:** 1-63 **reassembly-limit** **Description** The reassembly queuing limit, default is 25 segments (number) **Type:** number **Range:** 1-500 **Default:** 25 **reassembly-timeout** **Description** The reassembly timeout, default is 30sec (number) **Type:** number **Range:** 1-300 **Default:** 30 **receive-buffer** **Description** TCP Receive Buffer (default 200k) (number default 200000 bytes) **Type:** number **Range:** 1-2147483647 **Default:** 200000 **reno** **Description** Enable Reno Congestion Control Algorithm **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **reset-fwd** **Description** send reset to server if error happens **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **reset-rev** **Description** send reset to client if error happens **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **retransmit-retries** **Description** Number of Retries for Retransmit, default is 5 **Type:** number **Range:** 1-20 **Default:** 5 **server-down-action** **Description** 'FIN': FIN Connection; 'RST': Reset Connection; **Type:** string **Supported Values:** FIN, RST **syn-retries** **Description** SYN Retry Numbers, default is 5 **Type:** number **Range:** 1-20 **Default:** 5 **timewait** **Description** Timewait Threshold (sec), default 5 (number) **Type:** number **Range:** 1-60 **Default:** 5 **transmit-buffer** **Description** TCP Transmit Buffer (default 200k) (number default 200000 bytes) **Type:** number **Range:** 1-2147483647 **Default:** 200000 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_tcp-proxy-list_proxy-header: tcp-proxy-list_proxy-header ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **proxy-header-action** **Description** 'insert': Insert proxy header; **Type:** string **Supported Values:** insert **version** **Description** 'v1': version 1; 'v2': version 2; **Type:** string **Supported Values:** v1, v2 .. _3055_ftp-list: ftp-list ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **active-mode-port** **Description** Non-Standard FTP Active mode port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **active-mode-port-val** **Description** Non-Standard FTP Active mode port **Type:** number **Range:** 1-65534 **Mutual Exclusion:** active-mode-port-val and any are mutually exclusive **any** **Description** Allow any FTP Active mode port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** any and active-mode-port-val are mutually exclusive **name** **Description** FTP template name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **to** **Description** End range of FTP Active mode port **Type:** number **Range:** 1-65534 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_imap-pop3-list: imap-pop3-list ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **logindisabled** **Description** Disable Login before STARTTLS.Works only for imap **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **name** **Description** IMAP-POP3 Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **starttls** **Description** 'disabled': Disable STARTTLS; 'optional': STARTTLS is optional requirement; 'enforced': Must issue STARTTLS command before imap transaction; **Type:** string **Supported Values:** disabled, optional, enforced **Default:** disabled **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_server-ssl-list: server-ssl-list ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **alert-type** **Description** 'fatal': Log fatal alerts; **Type:** string **Supported Values:** fatal **ca-certs** **Type:** List **certificate** **Description:** certificate is a **JSON Block**. Please see below for :ref:`3055_server-ssl-list_certificate` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/template/server-ssl/{name}/certificate ` **cipher-template** **Description** Cipher Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** cipher-template, cipher-wo-prio, and shared-partition-cipher-template are mutually exclusive **Reference Object:** :doc:`/axapi/v3/slb/template/cipher ` **cipher-without-prio-list** **Type:** List **close-notify** **Description** Send close notification when terminate connection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **crl-certs** **Type:** List **dgversion** **Description** Lower TLS/SSL version can be downgraded **Type:** number **Range:** 30-34 **Default:** 31 **dh-type** **Description** '1024': 1024; '1024-dsa': 1024-dsa; '2048': 2048; **Type:** string **Supported Values:** 1024, 1024-dsa, 2048 **early-data** **Description** Enable TLS 1.3 early data (0-RTT) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ec-list** **Type:** List **enable-ssli-ftp-alg** **Description** Enable SSLi FTP over TLS support at which port **Type:** number **Range:** 1-65535 **enable-tls-alert-logging** **Description** Enable TLS alert logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-enable** **Description** Enable SSL forward proxy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **handshake-logging-enable** **Description** Enable SSL handshake logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **name** **Description** Server SSL Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **ocsp-stapling** **Description** Enable ocsp-stapling support **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **renegotiation-disable** **Description** Disable SSL renegotiation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-certificate-error** **Type:** List **server-name** **Description** Specify Server Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **session-cache-size** **Description** Session Cache Size (Maximum cache size. Default value 0 (Session ID reuse disabled)) **Type:** number **Range:** 0-128 **Default:** 0 **session-cache-timeout** **Description** Session Cache Timeout (Timeout value, in seconds. Default no timeout.) **Type:** number **Range:** 1-7200 **session-ticket-enable** **Description** Enable server side session ticket support **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **shared-partition-cipher-template** **Description** Reference a cipher template from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** shared-partition-cipher-template, cipher-wo-prio, and cipher-template are mutually exclusive **ssli-logging** **Description** SSLi logging level, default is error logging only **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sslilogging** **Description** 'disable': Disable all logging; 'all': enable all logging(error, info); **Type:** string **Supported Values:** disable, all **template-cipher-shared** **Description** Cipher Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/cipher ` **use-client-sni** **Description** use client SNI **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **version** **Description** TLS/SSL version, default is the highest number supported (TLS/SSL version: 30-SSLv3.0, 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3) **Type:** number **Range:** 30-34 **Default:** 33 .. _3055_server-ssl-list_crl-certs: server-ssl-list_crl-certs ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **crl** **Description** Certificate Revocation Lists (Certificate Revocation Lists file name) **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **crl-partition-shared** **Description** Certificate Revocation Lists Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _3055_server-ssl-list_certificate: server-ssl-list_certificate ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **cert** **Description** Certificate Name **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **key** **Description** Client private-key (Key Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters **shared** **Description** Client Certificate and Key Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3055_server-ssl-list_ec-list: server-ssl-list_ec-list ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ec** **Description** 'secp256r1': X9_62_prime256v1; 'secp384r1': secp384r1; **Type:** string **Supported Values:** secp256r1, secp384r1 .. _3055_server-ssl-list_server-certificate-error: server-ssl-list_server-certificate-error ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **error-type** **Description** 'email': Notify the error via email; 'ignore': Ignore the error, which mean the connection can continue; 'logging': Log the error; 'trap': Notify the error by SNMP trap; **Type:** string **Supported Values:** email, ignore, logging, trap .. _3055_server-ssl-list_ca-certs: server-ssl-list_ca-certs ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ca-cert** **Description** Specify CA certificate **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **ca-cert-partition-shared** **Description** CA Certificate Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-ocsp-sg** **Description** Specify service-group (Service group name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/aam/authentication/service-group ` **server-ocsp-srvr** **Description** Specify authentication server **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/ocsp ` .. _3055_server-ssl-list_cipher-without-prio-list: server-ssl-list_cipher-without-prio-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **cipher-wo-prio** **Description** 'SSL3_RSA_DES_192_CBC3_SHA': TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A); 'SSL3_RSA_RC4_128_MD5': TLS_RSA_WITH_RC4_128_MD5 (0x0004); 'SSL3_RSA_RC4_128_SHA': TLS_RSA_WITH_RC4_128_SHA (0x0005); 'TLS1_RSA_AES_128_SHA': TLS_RSA_WITH_AES_128_CBC_SHA (0x002F); 'TLS1_RSA_AES_256_SHA': TLS_RSA_WITH_AES_256_CBC_SHA (0x0035); 'TLS1_RSA_AES_128_SHA256': TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003C); 'TLS1_RSA_AES_256_SHA256': TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003D); 'TLS1_DHE_RSA_AES_128_GCM_SHA256': TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009E); 'TLS1_DHE_RSA_AES_128_SHA': TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033); 'TLS1_DHE_RSA_AES_128_SHA256': TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067); 'TLS1_DHE_RSA_AES_256_GCM_SHA384': TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009F); 'TLS1_DHE_RSA_AES_256_SHA': TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039); 'TLS1_DHE_RSA_AES_256_SHA256': TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006B); 'TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256': TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xC02B); 'TLS1_ECDHE_ECDSA_AES_128_SHA': TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xC009); 'TLS1_ECDHE_ECDSA_AES_128_SHA256': TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xC023); 'TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384': TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xC02C); 'TLS1_ECDHE_ECDSA_AES_256_SHA': TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xC00A); 'TLS1_ECDHE_RSA_AES_128_GCM_SHA256': TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC02F); 'TLS1_ECDHE_RSA_AES_128_SHA': TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013); 'TLS1_ECDHE_RSA_AES_128_SHA256': TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027); 'TLS1_ECDHE_RSA_AES_256_GCM_SHA384': TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030); 'TLS1_ECDHE_RSA_AES_256_SHA': TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014); 'TLS1_RSA_AES_128_GCM_SHA256': TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009C); 'TLS1_RSA_AES_256_GCM_SHA384': TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009D); 'TLS1_ECDHE_RSA_AES_256_SHA384': TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028); 'TLS1_ECDHE_ECDSA_AES_256_SHA384': TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xC024); 'TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256': TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA8); 'TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256': TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA9); 'TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256': TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCAA); **Type:** string **Supported Values:** SSL3_RSA_DES_192_CBC3_SHA, SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, TLS1_RSA_AES_128_SHA, TLS1_RSA_AES_256_SHA, TLS1_RSA_AES_128_SHA256, TLS1_RSA_AES_256_SHA256, TLS1_DHE_RSA_AES_128_GCM_SHA256, TLS1_DHE_RSA_AES_128_SHA, TLS1_DHE_RSA_AES_128_SHA256, TLS1_DHE_RSA_AES_256_GCM_SHA384, TLS1_DHE_RSA_AES_256_SHA, TLS1_DHE_RSA_AES_256_SHA256, TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256, TLS1_ECDHE_ECDSA_AES_128_SHA, TLS1_ECDHE_ECDSA_AES_128_SHA256, TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA, TLS1_ECDHE_RSA_AES_128_GCM_SHA256, TLS1_ECDHE_RSA_AES_128_SHA, TLS1_ECDHE_RSA_AES_128_SHA256, TLS1_ECDHE_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA, TLS1_RSA_AES_128_GCM_SHA256, TLS1_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA384, TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256, TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256, TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256 **Mutual Exclusion:** cipher-wo-prio, cipher-template, and shared-partition-cipher-template are mutually exclusive