ddos template udp¶
UDP template configuration
udp Specification¶
Parameter Value Type Collection Object Key(s) name Collection Name udp-list Collection URI /axapi/v3/ddos/template/udp Element Name udp Element URI /axapi/v3/ddos/template/udp/{name} Element Attributes udp_attributes Partition Visibility shared Schema udp schema
Operations Allowed:
Operation | Method | URI | Payload | |
---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/template/udp | ||
Create List | POST | /axapi/v3/ddos/template/udp | ||
Get Object | GET | /axapi/v3/ddos/template/udp/{name} | ||
Get List | GET | /axapi/v3/ddos/template/udp | ||
Modify Object | POST | /axapi/v3/ddos/template/udp/{name} | ||
Replace Object | PUT | /axapi/v3/ddos/template/udp/{name} | ||
Replace List | PUT | /axapi/v3/ddos/template/udp | ||
Delete Object | DELETE | /axapi/v3/ddos/template/udp/{name} | ||
udp-list¶
udp-list is JSON List of udp attributes
udp-list : [
]
udp attributes¶
age
Description Configure session age(in minutes) for UDP sessions
Type: number
Range: 1-63
drop-known-resp-src-port-cfg
Description: drop-known-resp-src-port-cfg is a JSON Block. Please see below for drop-known-resp-src-port-cfg
Type: Object
drop-ntp-monlist
Description Drop NTP monlist request/response
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
filter-list
Type: List
Reference Object: /axapi/v3/ddos/template/udp/{name}/filter/{udp-filter-seq}
max-payload-size
Description Maximum UDP payload size for each single packet
Type: number
Range: 1-1470
min-payload-size
Description Minimum UDP payload size for each single packet
Type: number
Range: 1-1470
name
Description DDOS UDP Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
per-conn-pkt-rate-limit
Description Packet rate limit per connection per rate-interval
Type: number
Range: 1-16000000
per-conn-rate-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
Default: 1sec
previous-salt-timeout
Description Token-Authentication previous salt-prefix timeout in minutes, default is 1 min
Type: number
Range: 1-10080
Default: 1
public-ipv4-addr
Description IP address
Type: string
Format: ipv4-address
public-ipv6-addr
Description IPV6 address
Type: string
Format: ipv6-address
spoof-detect-cfg
Description: spoof-detect-cfg is a JSON Block. Please see below for spoof-detect-cfg
Type: Object
token-authentication
Description Enable Token Authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-formula
Description ‘md5_Salt-SrcIp-SrcPort-DstIp-DstPort’: md5 of Salt-SrcIp-SrcPort-DstIp-DstPort; ‘md5_Salt-DstIp-DstPort’: md5 of Salt-DstIp-DstPort; ‘md5_Salt-SrcIp-DstIp’: md5 of Salt-SrcIp-DstIp; ‘md5_Salt-SrcPort-DstPort’: md5 of Salt-SrcPort-DstPort; ‘md5_Salt-UintDstIp-DstPort’: Using the uint value of IP for md5 of Salt-DstIp-DstPort; ‘sha1_Salt-SrcIp-SrcPort-DstIp-DstPort’: sha1 of Salt-SrcIp-SrcPort-DstIp-DstPort; ‘sha1_Salt-DstIp-DstPort’: sha1 of Salt-DstIp-DstPort; ‘sha1_Salt-SrcIp-DstIp’: sha1 of Salt-SrcIp-DstIp; ‘sha1_Salt-SrcPort-DstPort’: sha1 of Salt-SrcPort-DstPort; ‘sha1_Salt-UintDstIp-DstPort’: Using the uint value of IP for sha1 of Salt-DstIp-DstPort;
Type: string
Supported Values: md5_Salt-SrcIp-SrcPort-DstIp-DstPort, md5_Salt-DstIp-DstPort, md5_Salt-SrcIp-DstIp, md5_Salt-SrcPort-DstPort, md5_Salt-UintDstIp-DstPort, sha1_Salt-SrcIp-SrcPort-DstIp-DstPort, sha1_Salt-DstIp-DstPort, sha1_Salt-SrcIp-DstIp, sha1_Salt-SrcPort-DstPort, sha1_Salt-UintDstIp-DstPort
token-authentication-hw-assist-disable
Description token-authentication disable hardware assistance
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-public-address
Description The server public IP address
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-salt-prefix
Description token-authentication salt-prefix
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-salt-prefix-curr
Description
Type: number
Range: 1-4294967295
token-authentication-salt-prefix-prev
Description
Type: number
Range: 1-4294967295
tunnel-encap
Description: tunnel-encap is a JSON Block. Please see below for tunnel-encap
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
tunnel-encap¶
Specification Value Type object always
Description: always is a JSON Block. Please see below for tunnel-encap_always
Type: Object
gre-always
Description: gre-always is a JSON Block. Please see below for tunnel-encap_gre-always
Type: Object
gre-encap
Description Enable Tunnel encapsulation using GRE
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: gre-encap and ip-encap are mutually exclusive
ip-encap
Description Enable Tunnel encapsulation using IP in IP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: ip-encap and gre-encap are mutually exclusive
tunnel-encap_gre-always¶
Specification Value Type object gre-ipv4
Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv4-address
gre-ipv6
Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv6-address
key-ipv4
Description Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
key-ipv6
Description Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
preserve-src-ipv4-gre
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
preserve-src-ipv6-gre
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tunnel-encap_always¶
Specification Value Type object ipv4-addr
Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv4-address
ipv6-addr
Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv6-address
preserve-src-ipv4
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
preserve-src-ipv6
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
spoof-detect-cfg¶
Specification Value Type object min-retry-gap
Description Optional minimum gap between 2 UDP packets for spoof-detect pass, unit is specified by min-retry-gap-interval
Type: number
Range: 1-80
min-retry-gap-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
Default: 1sec
spoof-detect
Description Force client to retry on udp
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
spoof-detect-retry-timeout
Description timeout in seconds
Type: number
Range: 1-31
Default: 5
Mutual Exclusion: spoof-detect-retry-timeout and spoof-detect-retry-timeout-val-only are mutually exclusive
spoof-detect-retry-timeout-val-only
Description timeout in seconds
Type: number
Range: 1-31
Default: 5
Mutual Exclusion: spoof-detect-retry-timeout-val-only and spoof-detect-retry-timeout are mutually exclusive
drop-known-resp-src-port-cfg¶
Specification Value Type object drop-known-resp-src-port
Description Drop well-known if src-port is less than 1024
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exclude-src-resp-port
Description excluding src port equal destination port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description Filter Expression using Berkeley Packet Filter syntax
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
udp-filter-action
Description ‘blacklist-src’: Also blacklist the source when action is taken; ‘whitelist-src’: Whitelist the source after filter passes, packets are dropped until then; ‘count-only’: Take no action and continue processing the next filter;
Type: string
Supported Values: blacklist-src, whitelist-src, count-only
udp-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
udp-filter-seq
Description Sequence number
Type: number
Range: 1-5
udp-filter-unmatched
Description action taken when it does not match
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters