ddos template http¶
HTTP template Configuration
http Specification¶
Parameter Value Type Collection Object Key(s) http-tmpl-name Collection Name http-list Collection URI /axapi/v3/ddos/template/http Element Name http Element URI /axapi/v3/ddos/template/http/{http-tmpl-name} Element Attributes http_attributes Partition Visibility shared Schema http schema
Operations Allowed:
Operation | Method | URI | Payload | |
---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/template/http | ||
Create List | POST | /axapi/v3/ddos/template/http | ||
Get Object | GET | /axapi/v3/ddos/template/http/{http-tmpl-name} | ||
Get List | GET | /axapi/v3/ddos/template/http | ||
Modify Object | POST | /axapi/v3/ddos/template/http/{http-tmpl-name} | ||
Replace Object | PUT | /axapi/v3/ddos/template/http/{http-tmpl-name} | ||
Replace List | PUT | /axapi/v3/ddos/template/http | ||
Delete Object | DELETE | /axapi/v3/ddos/template/http/{http-tmpl-name} | ||
http-list¶
http-list is JSON List of http attributes
http-list : [
]
http attributes¶
action
Description ‘drop’: Drop packets for the connection; ‘reset’: Send RST for the connection;
Type: string
Supported Values: drop, reset
Default: drop
agent-filter
Description: agent-filter is a JSON Block. Please see below for agent-filter
Type: Object
challenge-cookie-name
Description Set the cookie name used to send back to client. Default is sto-idd
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Default: sto-idd
challenge-interval
Description Specify the challenge interval. Default is 8 seconds
Type: number
Range: 1-31
Default: 8
challenge-keep-cookie
Description Keep the challenge cookie from client and forward to backend. Default is do not keep
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
challenge-method
Description ‘http-redirect’: http-redirect; ‘javascript’: javascript;
Type: string
Supported Values: http-redirect, javascript
challenge-redirect-code
Description ‘302’: 302 Found; ‘307’: 307 Temporary Redirect;
Type: string
Supported Values: 302, 307
Default: 302
challenge-uri-encode
Description Encode the challenge phrase in uri instead of in http cookie. Default encoded in http cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable
Description Disable this template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disallow-connect-method
Description Do not allow HTTP Connect method (asymmetric mode only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
filter-header-list
Type: List
Reference Object: /axapi/v3/ddos/template/http/{http-tmpl-name}/filter-header/{http-filter-header-seq}
http-tmpl-name
Description DDOS HTTP Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
idle-timeout
Description Set the the idle timeout value in seconds for HTTP connections
Type: number
Range: 1-63
ignore-zero-payload
Description Don’t reset idle timer on packets with zero payload length from clients
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-http
Description: malformed-http is a JSON Block. Please see below for malformed-http
Type: Object
mss-cfg
Description: mss-cfg is a JSON Block. Please see below for mss-cfg
Type: Object
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for multi-pu-threshold-distribution
Type: Object
non-http-bypass
Description Bypass non-http traffic instead of dropping
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
out-of-order-queue-size
Description Set the number of packets for the out-of-order HTTP queue (asym mode only)
Type: number
Range: 0-15
Default: 3
out-of-order-queue-timeout
Description Set the timeout value in seconds for out-of-order queue in HTTP (asym mode only)
Type: number
Range: 0-15
Default: 3
post-rate-limit
Description Configure rate limiting for HTTP POST request
Type: number
Range: 1-16000000
referer-filter
Description: referer-filter is a JSON Block. Please see below for referer-filter
Type: Object
request-header
Description: request-header is a JSON Block. Please see below for request-header
Type: Object
request-rate-limit
Description: request-rate-limit is a JSON Block. Please see below for request-rate-limit
Type: Object
response-rate-limit
Description: response-rate-limit is a JSON Block. Please see below for response-rate-limit
Type: Object
slow-read-drop
Description: slow-read-drop is a JSON Block. Please see below for slow-read-drop
Type: Object
use-hdr-ip-cfg
Description: use-hdr-ip-cfg is a JSON Block. Please see below for use-hdr-ip-cfg
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
request-rate-limit¶
Specification Value Type object request-rate
Description HTTP request rate limit
Type: number
Range: 1-16000000
uri
Type: List
request-rate-limit_uri¶
Specification Value Type list Block object keys contains-cfg
Description: contains-cfg is a JSON Block. Please see below for request-rate-limit_uri_contains-cfg
Type: Object
ends-cfg
Description: ends-cfg is a JSON Block. Please see below for request-rate-limit_uri_ends-cfg
Type: Object
equal-cfg
Description: equal-cfg is a JSON Block. Please see below for request-rate-limit_uri_equal-cfg
Type: Object
starts-cfg
Description: starts-cfg is a JSON Block. Please see below for request-rate-limit_uri_starts-cfg
Type: Object
request-rate-limit_uri_equal-cfg¶
Specification Value Type object url-equals
Description Request rate-limit HTTP URI matching a specified pattern
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
url-equals-rate
Description Request rate limit
Type: number
Range: 1-16000000
request-rate-limit_uri_starts-cfg¶
Specification Value Type object url-starts-with
Description Request rate-limit HTTP URI strting with a specified pattern
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
url-starts-with-rate
Description Request rate limit
Type: number
Range: 1-16000000
request-rate-limit_uri_contains-cfg¶
Specification Value Type object url-contains
Description Request rate-limit HTTP URI containing a specified pattern
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
url-contains-rate
Description Request rate limit
Type: number
Range: 1-16000000
request-rate-limit_uri_ends-cfg¶
Specification Value Type object url-ends-with
Description Request rate-limit HTTP URI ending with a specified pattern
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
url-ends-with-rate
Description Request rate limit
Type: number
Range: 1-16000000
multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
malformed-http¶
Specification Value Type object malformed-http-bad-chunk-mon-enabled
Description Enabling bad chunk monitoring. Default is disabled
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-http-enabled
Description Enabling ddos malformed http protection. Default value is disabled.
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-http-max-content-length
Description Set the maximum content-length header. Default value is 4294967295 bytes
Type: number
Range: 1-4294967295
Default: 4294967295
malformed-http-max-header-name-size
Description Set the maxinum header name length. Default value is 64.
Type: number
Range: 1-64
Default: 64
malformed-http-max-line-size
Description Set the maximum line size. Default value is 32512
Type: number
Range: 1-65280
Default: 32512
malformed-http-max-num-headers
Description Set the maximum number of headers. Default value is 90
Type: number
Range: 1-90
Default: 90
malformed-http-max-req-line-size
Description Set the maximum request line size. Default value is 32512
Type: number
Range: 1-65280
Default: 32512
request-header¶
Specification Value Type object timeout
Description
Type: number
Range: 1-63
agent-filter¶
Specification Value Type object agent-contains-cfg
Type: Listagent-ends-cfg
Type: Listagent-equals-cfg
Type: Listagent-filter-blacklist
Description Blacklist the source if the user-agent matches
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
agent-starts-cfg
Type: List
agent-filter_agent-contains-cfg¶
Specification Value Type list Block object keys agent-contains
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
agent-filter_agent-ends-cfg¶
Specification Value Type list Block object keys agent-ends-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
agent-filter_agent-equals-cfg¶
Specification Value Type list Block object keys agent-equals
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
agent-filter_agent-starts-cfg¶
Specification Value Type list Block object keys agent-starts-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
filter-header-list¶
Specification Value Type list Block object keys http-filter-header-blacklist
Description Also blacklist the source when action is taken
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-filter-header-count-only
Description Take no action and continue processing the next filter
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-filter-header-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
http-filter-header-seq
Description Sequence number
Type: number
Range: 1-5
http-filter-header-unmatched
Description action taken when it does not match
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-filter-header-whitelist
Description Whitelist the source after filter passes, packets are dropped until then
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
response-rate-limit¶
Specification Value Type object obj-size
Description: obj-size is a JSON Block. Please see below for response-rate-limit_obj-size
Type: Object
response-rate-limit_obj-size¶
Specification Value Type object between-cfg
Type: Listgreater-cfg
Type: Listless-cfg
Type: List
response-rate-limit_obj-size_between-cfg¶
Specification Value Type list Block object keys obj-between-rate
Description Response rate limit
Type: number
Range: 1-16000000
obj-between1
Description Response size configuration
Type: number
Range: 1-16000000
obj-between2
Description Response size configuration
Type: number
Range: 1-16000000
response-rate-limit_obj-size_greater-cfg¶
Specification Value Type list Block object keys obj-greater
Description Response size configuration
Type: number
Range: 1-16000000
obj-greater-rate
Description Response rate limit
Type: number
Range: 1-16000000
response-rate-limit_obj-size_less-cfg¶
Specification Value Type list Block object keys obj-less
Description Response size configuration
Type: number
Range: 1-16000000
obj-less-rate
Description Response rate limit
Type: number
Range: 1-16000000
mss-cfg¶
Specification Value Type object mss-percent
Description Configure percentage of mss such that if a packet size is below the mss times mss-percent, packet is considered bad.
Type: number
Range: 1-100
mss-timeout
Description Configure DDOS detection based on mss and packet size
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
number-packets
Description Specify percentage of mss. Default is 0, mss-timeout is not enabled.
Type: number
Range: 1-31
referer-filter¶
Specification Value Type object ref-filter-blacklist
Description Blacklist the source if the referer matches
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
referer-contains-cfg
Type: Listreferer-ends-cfg
Type: Listreferer-equals-cfg
Type: Listreferer-starts-cfg
Type: List
referer-filter_referer-equals-cfg¶
Specification Value Type list Block object keys referer-equals
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
referer-filter_referer-starts-cfg¶
Specification Value Type list Block object keys referer-starts-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
referer-filter_referer-contains-cfg¶
Specification Value Type list Block object keys referer-contains
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
referer-filter_referer-ends-cfg¶
Specification Value Type list Block object keys referer-ends-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
slow-read-drop¶
Specification Value Type object min-window-count
Description Number of packets
Type: number
Range: 1-31
min-window-size
Description minimum window size
Type: number
Range: 1-65535
use-hdr-ip-cfg¶
Specification Value Type object l7-hdr-name
Description Set the http header name to parse for client ip. Default is X-Forwarded-For
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Default: X-Forwarded-For
use-hdr-ip-as-source
Description Mitigate on src ip specified by http header for example X-Forwarded-For header. Default is disabled
Type: boolean
Supported Values: true, false, 1, 0
Default: 0