ddos template ssl-l4¶
SSL-L4 template Configuration
ssl-l4 Specification¶
Parameter Value Type Collection Object Key(s) ssl-l4-tmpl-name Collection Name ssl-l4-list Collection URI /axapi/v3/ddos/template/ssl-l4 Element Name ssl-l4 Element URI /axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name} Element Attributes ssl-l4_attributes Partition Visibility shared Schema ssl-l4 schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/template/ssl-l4 | ||
Create List | POST | /axapi/v3/ddos/template/ssl-l4 | ||
Get Object | GET | /axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name} | ||
Get List | GET | /axapi/v3/ddos/template/ssl-l4 | ||
Modify Object | POST | /axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name} | ||
Replace Object | PUT | /axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name} | ||
Replace List | PUT | /axapi/v3/ddos/template/ssl-l4 | ||
Delete Object | DELETE | /axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name} | ||
ssl-l4-list¶
ssl-l4-list is JSON List of ssl-l4 attributes
ssl-l4-list : [
]
ssl-l4 attributes¶
action
Description ‘drop’: drop; ‘reset’: reset;
Type: string
Supported Values: drop, reset
Default: drop
allow-non-tls
Description Allow Non-TLS (SSLv3 and lower) traffic (Warning: security may be compromised)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
auth-config-cfg
Description: auth-config-cfg is a JSON Block. Please see below for auth-config-cfg
Type: Object
cert-cfg
Description: cert-cfg is a JSON Block. Please see below for cert-cfg
Type: Object
disable
Description Disable this template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for multi-pu-threshold-distribution
Type: Object
renegotiation
Description Configure renegotiation limiting for SSL (Number of renegotiation allowed)
Type: number
Range: 0-7
request-rate-limit
Description Configure rate limiting for SSL
Type: number
Range: 1-16000000
server-name-list
Type: Listssl-l4-tmpl-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-traffic-check
Description: ssl-traffic-check is a JSON Block. Please see below for ssl-traffic-check
Type: Object
Reference Object: /axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name}/ssl-traffic-check
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
cert-cfg¶
Specification Value Type object cert
Description SSL certificate
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
key
Description SSL key
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
key-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)key-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
auth-config-cfg¶
Specification Value Type object auth-handshake-fail-action
Description ‘blacklist-src’: Blacklist-src when auth handshake fails;
Type: string
Supported Values: blacklist-src
timeout
Description Connection timeout
Type: number
Range: 1-31
Default: 5
trials
Description Number of failed handshakes
Type: number
Range: 0-15
Default: 5
ssl-traffic-check¶
Specification Value Type object check-resumed-connection
Description Apply checks to SSL connections initialized by ACK packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
header-action
Description ‘drop’: Drop packets with bad ssl header; ‘ignore’: Forward packets with bad ssl header;
Type: string
Supported Values: drop, ignore
header-inspection
Description Inspect ssl header
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
server-name-list¶
Specification Value Type list Block object keys server-cert
Description Server Certificate associated to SNI (Server Certificate Name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
server-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)server-key
Description Server Private Key associated to SNI (Server Private Key Name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
server-name
Description Server name indication in Client hello extension (Server name String)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
server-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters