ddos zone-template¶
Define a DDOS zone-template
zone-template Specification¶
Parameter Value Type Intermediate Resource Element Name zone-template Element URI /axapi/v3/ddos/zone-template Element Attributes zone-template_attributes Partition Visibility shared Schema zone-template schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Get Object | GET | /axapi/v3/ddos/zone-template | zone-template_attributes |
zone-template attributes¶
dns-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/dns/{name}
encap-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/encap/{encap-tmpl-name}
http-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/http/{http-tmpl-name}
icmp-v4-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}
icmp-v6-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}
ip-proto-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/ip-proto/{name}
logging-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/logging/{logging-tmpl-name}
quic-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/quic/{quic-tmpl-name}
sip-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/sip/{sip-tmpl-name}
ssl-l4-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/ssl-l4/{ssl-l4-tmpl-name}
tcp-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/tcp/{name}
udp-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/udp/{name}
logging-list¶
Specification Value Type list Block object keys enable-action-logging
Description Log action taken
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-format-cef
Description Log in CEF format
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-format-custom
Description Customize log format
Type: string
Format: string-rlx
Maximum Length: 512 characters
Maximum Length: 1 characters
logging-tmpl-name
Description DDOS Logging Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Default: default
use-obj-name
Description Show obj name instead of ip in the log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
tcp-list¶
Specification Value Type list Block object keys ack-authentication
Description: ack-authentication is a JSON Block. Please see below for tcp-list_ack-authentication
Type: Object
ack-authentication-synack-reset
Description Reset client TCP SYN+ACK for authentication (DST support only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
action-on-ack-rto-retry-count
Description Take action if ack-auth RTO-authentication fail over retry time(default:5)
Type: number
Range: 2-10
action-on-syn-rto-retry-count
Description Take action if syn-auth RTO-authentication fail over retry time(default:5)
Type: number
Range: 2-10
age
Description Session age in minutes
Type: number
Range: 1-63
Default: 2
allow-syn-otherflags
Description Treat TCP SYN+PSH as a TCP SYN (DST tcp ports support only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-synack-skip-authentications
Description Allow create sessions on SYNACK without syn-auth and ack-auth (ASYM Mode only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-tcp-tfo
Description Allow TCP Fast Open
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
concurrent
Description Enable concurrent port access for non-matching ports (DST support only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
conn-rate-limit-on-syn-only
Description Only count SYN-initiated connections towards connection-rate tracking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
create-conn-on-syn-only
Description Enable connection establishment on SYN only
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst
Description: dst is a JSON Block. Please see below for tcp-list_dst
Type: Object
filter-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/tcp/{name}/filter/{tcp-filter-name}
filter-match-type
Description ‘default’: Stop matching on drop/blacklist action; ‘stop-on-first-match’: Stop matching on first match;
Type: string
Supported Values: default, stop-on-first-match
Default: default
known-resp-src-port-cfg
Description: known-resp-src-port-cfg is a JSON Block. Please see below for tcp-list_known-resp-src-port-cfg
Type: Object
max-rexmit-syn-per-flow-cfg
Description: max-rexmit-syn-per-flow-cfg is a JSON Block. Please see below for tcp-list_max-rexmit-syn-per-flow-cfg
Type: Object
name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
out-of-seq-cfg
Description: out-of-seq-cfg is a JSON Block. Please see below for tcp-list_out-of-seq-cfg
Type: Object
per-conn-out-of-seq-rate-cfg
Description: per-conn-out-of-seq-rate-cfg is a JSON Block. Please see below for tcp-list_per-conn-out-of-seq-rate-cfg
Type: Object
per-conn-pkt-rate-cfg
Description: per-conn-pkt-rate-cfg is a JSON Block. Please see below for tcp-list_per-conn-pkt-rate-cfg
Type: Object
per-conn-rate-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec; ’10sec’: 10sec;
Type: string
Supported Values: 100ms, 1sec, 10sec
Default: 1sec
per-conn-retransmit-rate-cfg
Description: per-conn-retransmit-rate-cfg is a JSON Block. Please see below for tcp-list_per-conn-retransmit-rate-cfg
Type: Object
per-conn-zero-win-rate-cfg
Description: per-conn-zero-win-rate-cfg is a JSON Block. Please see below for tcp-list_per-conn-zero-win-rate-cfg
Type: Object
progression-tracking
Description: progression-tracking is a JSON Block. Please see below for tcp-list_progression-tracking
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking
retransmit-cfg
Description: retransmit-cfg is a JSON Block. Please see below for tcp-list_retransmit-cfg
Type: Object
src
Description: src is a JSON Block. Please see below for tcp-list_src
Type: Object
syn-authentication
Description: syn-authentication is a JSON Block. Please see below for tcp-list_syn-authentication
Type: Object
syn-cookie
Description Enable SYN Cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
synack-rate-limit
Description Config SYNACK rate limit
Type: number
Range: 1-16000000
Mutual Exclusion: synack-rate-limit and track-together-with-syn are mutually exclusive
track-together-with-syn
Description SYNACK will be counted in Dst Syn-rate limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: track-together-with-syn and synack-rate-limit are mutually exclusive
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zero-win-cfg
Description: zero-win-cfg is a JSON Block. Please see below for tcp-list_zero-win-cfg
Type: Object
tcp-list_syn-authentication¶
Specification Value Type object allow-ra
Description Allow RA packets to be used for auth
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
syn-auth-fail-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Send reset to client (Applicable to retransmit-check only);
Type: string
Supported Values: drop, blacklist-src, reset
Mutual Exclusion: syn-auth-fail-action and syn-auth-fail-action-list-name are mutually exclusive
syn-auth-fail-action-list-name
Description Configure action-list to take for failing the authentication.
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: syn-auth-fail-action-list-name and syn-auth-fail-action are mutually exclusive
syn-auth-min-delay
Description Minimum delay (in 100ms intervals) between SYN retransmits for retransmit-check to pass
Type: number
Range: 1-80
Mutual Exclusion: syn-auth-min-delay and syn-auth-type are mutually exclusive
syn-auth-pass-action
Description ‘authenticate-src’: authenticate-src (Default);
Type: string
Supported Values: authenticate-src
Mutual Exclusion: syn-auth-pass-action and syn-auth-pass-action-list-name are mutually exclusive
syn-auth-pass-action-list-name
Description Configure action-list to take for passing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: syn-auth-pass-action-list-name and syn-auth-pass-action are mutually exclusive
syn-auth-rto
Description Estimate the RTO and apply the exponential back-off for authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
syn-auth-timeout
Description syn retransmit timeout in seconds(default timeout: 5 seconds)
Type: number
Range: 1-31
Mutual Exclusion: syn-auth-timeout and syn-auth-type are mutually exclusive
syn-auth-type
Description ‘send-rst’: Send reset to client after syn cookie check pass; ‘force-rst-by-ack’: Send client a bad ack after syn cookie check pass; ‘force-rst-by-synack’: Send client a bad synack after syn cookie check pass;
Type: string
Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, send-rst-once
Mutual Exclusion: syn-auth-type, syn-auth-timeout, and syn-auth-min-delay are mutually exclusive
tcp-list_ack-authentication¶
Specification Value Type object ack-auth-fail-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Send reset to client;
Type: string
Supported Values: drop, blacklist-src, reset
Mutual Exclusion: ack-auth-fail-action and ack-auth-fail-action-list-name are mutually exclusive
ack-auth-fail-action-list-name
Description Configure action-list to take for failing the authentication.
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: ack-auth-fail-action-list-name and ack-auth-fail-action are mutually exclusive
ack-auth-min-delay
Description Minimum delay (in 100ms intervals) between ACK retransmits for retransmit-check to pass
Type: number
Range: 1-80
ack-auth-only
Description Apply retransmit-check only once per source address for authentication purpose
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ack-auth-pass-action
Description ‘authenticate-src’: authenticate-src (Default);
Type: string
Supported Values: authenticate-src
Mutual Exclusion: ack-auth-pass-action and ack-auth-pass-action-list-name are mutually exclusive
ack-auth-pass-action-list-name
Description Configure action-list to take for passing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: ack-auth-pass-action-list-name and ack-auth-pass-action are mutually exclusive
ack-auth-rto
Description Estimate the RTO and apply the exponential back-off for authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ack-auth-timeout
Description ack retransmit timeout in seconds(default timeout: 5 seconds)
Type: number
Range: 1-31
tcp-list_retransmit-cfg¶
Specification Value Type object retransmit
Description Take action if retransmit pkts exceed configured threshold
Type: number
Range: 1-64000
Mutual Exclusion: retransmit and per-conn-retransmit-rate-limit are mutually exclusive
retransmit-action
Description ‘drop’: Drop packets for retrans exceed (Default); ‘blacklist-src’: help Blacklist-src for retrans exceed; ‘ignore’: help Ignore retrans exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: retransmit-action and retransmit-action-list-name are mutually exclusive
retransmit-action-list-name
Description Configure action-list to take for retransmit exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: retransmit-action-list-name and retransmit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
tcp-list_dst¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for tcp-list_dst_rate-limit
Type: Object
tcp-list_dst_rate-limit¶
Specification Value Type object syn-rate-limit
Description: syn-rate-limit is a JSON Block. Please see below for tcp-list_dst_rate-limit_syn-rate-limit
Type: Object
tcp-list_dst_rate-limit_syn-rate-limit¶
Specification Value Type object dst-syn-rate-action
Description ‘drop’: Drop packets for syn-rate exceed (Default); ‘ignore’: Ignore syn-rate-exceed;
Type: string
Supported Values: drop, ignore
Default: drop
dst-syn-rate-limit
Description
Type: number
Range: 1-16000000
tcp-list_per-conn-retransmit-rate-cfg¶
Specification Value Type object per-conn-retransmit-rate-action
Description ‘drop’: Drop packets for retrans rate exceed (Default); ‘blacklist-src’: help Blacklist-src for retrans rate exceed; ‘ignore’: help Ignore retrans rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: per-conn-retransmit-rate-action and per-conn-retransmit-rate-action-list-name are mutually exclusive
per-conn-retransmit-rate-action-list-name
Description Configure action-list to take for retransmit rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: per-conn-retransmit-rate-action-list-name and per-conn-retransmit-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
per-conn-retransmit-rate-limit
Description Take action if retransmit pkt rate exceed configured threshold
Type: number
Range: 1-16000000
Mutual Exclusion: per-conn-retransmit-rate-limit and retransmit are mutually exclusive
tcp-list_per-conn-zero-win-rate-cfg¶
Specification Value Type object per-conn-zero-win-rate-action
Description ‘drop’: Drop packets for zero-win rate exceed (Default); ‘blacklist-src’: help Blacklist-src for zero-win rate exceed; ‘ignore’: Ignore zero-win rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: per-conn-zero-win-rate-action and per-conn-zero-win-rate-action-list-name are mutually exclusive
per-conn-zero-win-rate-action-list-name
Description Configure action-list to take for zero window rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: per-conn-zero-win-rate-action-list-name and per-conn-zero-win-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
per-conn-zero-win-rate-limit
Description Take action if zero window pkt rate exceed configured threshold
Type: number
Range: 1-16000000
Mutual Exclusion: per-conn-zero-win-rate-limit and zero-win are mutually exclusive
tcp-list_per-conn-pkt-rate-cfg¶
Specification Value Type object per-conn-pkt-rate-action
Description ‘drop’: Drop packets for per-conn-pkt-rate exceed (Default); ‘blacklist-src’: help Blacklist-src for per-conn-pkt-rate exceed; ‘ignore’: Ignore per-conn-pkt-rate-exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: per-conn-pkt-rate-action and per-conn-pkt-rate-action-list-name are mutually exclusive
per-conn-pkt-rate-action-list-name
Description Configure action-list to take for per-conn-pkt-rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: per-conn-pkt-rate-action-list-name and per-conn-pkt-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
per-conn-pkt-rate-limit
Description Packet rate limit per connection per rate-interval
Type: number
Range: 1-16000000
tcp-list_max-rexmit-syn-per-flow-cfg¶
Specification Value Type object max-rexmit-syn-per-flow
Description Maximum number of re-transmit SYN per flow
Type: number
Range: 1-6
max-rexmit-syn-per-flow-action
Description ‘drop’: Drop SYN packets for max-rexmit-syn-per-flow exceed (Default); ‘blacklist-src’: help Blacklist-src for max-rexmit-syn-per-flow exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
max-rexmit-syn-per-flow-action-list-name
Description Configure action-list to take for max-rexmit-syn-per-flow exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
tcp-list_src¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for tcp-list_src_rate-limit
Type: Object
tcp-list_src_rate-limit¶
Specification Value Type object syn-rate-limit
Description: syn-rate-limit is a JSON Block. Please see below for tcp-list_src_rate-limit_syn-rate-limit
Type: Object
tcp-list_src_rate-limit_syn-rate-limit¶
Specification Value Type object src-syn-rate-action
Description ‘drop’: Drop packets for syn-rate exceed (Default); ‘blacklist-src’: Blacklist-src for syn-rate exceed; ‘ignore’: Ignore syn-rate-exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: src-syn-rate-action and src-syn-rate-action-list-name are mutually exclusive
src-syn-rate-action-list-name
Description Configure action-list to take for syn-rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-syn-rate-action-list-name and src-syn-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
src-syn-rate-limit
Description
Type: number
Range: 1-16000000
tcp-list_progression-tracking¶
Specification Value Type object connection-tracking
Description: connection-tracking is a JSON Block. Please see below for tcp-list_progression-tracking_connection-tracking
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking/connection-tracking
first-request-max-time
Description Set the maximum wait time from connection creation until the first data is transmitted over the connection (100 ms)
Type: number
Range: 1-65535
ignore-TLS-handshake
Description Ignore TLS handshake
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
profiling-connection-life-model
Description Enable auto-config progression tracking learning for connection model
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
profiling-request-response-model
Description Enable auto-config progression tracking learning for Request Response model
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
profiling-time-window-model
Description Enable auto-config progression tracking learning for time window model
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
progression-tracking-action
Description ‘drop’: Drop packets for progression tracking violation exceed (Default); ‘blacklist-src’: Blacklist-src for progression tracking violation exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
Mutual Exclusion: progression-tracking-action and progression-tracking-action-list-name are mutually exclusive
progression-tracking-action-list-name
Description Configure action-list to take when progression tracking violation exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: progression-tracking-action-list-name and progression-tracking-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
progression-tracking-enabled
Description ‘enable-check’: Enable Progression Tracking Check;
Type: string
Supported Values: enable-check
request-length-max
Description Set the maximum request length
Type: number
Range: 1-65535
request-length-min
Description Set the minimum request length
Type: number
Range: 1-65535
request-response-model
Description ‘enable’: Enable Request Response Model; ‘disable’: Disable Request Response Model;
Type: string
Supported Values: enable, disable
Default: enable
request-to-response-max-time
Description Set the maximum request to response time (100 ms)
Type: number
Range: 1-65535
response-length-max
Description Set the maximum response length
Type: number
Range: 1-4294967295
response-length-min
Description Set the minimum response length
Type: number
Range: 1-65535
response-request-max-ratio
Description Set the maximum response to request ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-4294967295
response-request-min-ratio
Description Set the minimum response to request ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
response-to-request-max-time
Description Set the maximum response to request time (100 ms)
Type: number
Range: 1-65535
time-window-tracking
Description: time-window-tracking is a JSON Block. Please see below for tcp-list_progression-tracking_time-window-tracking
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking/time-window-tracking
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
violation
Description Set the violation threshold
Type: number
Range: 1-255
tcp-list_progression-tracking_connection-tracking¶
Specification Value Type object conn-duration-max
Description Set the maximum duration time (in unit of 100ms, up to 24 hours)
Type: number
Range: 1-2147483647
conn-duration-min
Description Set the minimum duration time (in unit of 100ms, up to 24 hours)
Type: number
Range: 1-864000
conn-rcvd-max
Description Set the maximum total received byte
Type: number
Range: 1-2147483647
conn-rcvd-min
Description Set the minimum total received byte
Type: number
Range: 1-2147483647
conn-rcvd-sent-ratio-max
Description Set the maximum received to sent ratio (in unit of milli-, 0.001)
Type: number
Range: 1-2147483647
conn-rcvd-sent-ratio-min
Description Set the minimum received to sent ratio (in unit of milli-, 0.001)
Type: number
Range: 1-65535
conn-sent-max
Description Set the maximum total sent byte
Type: number
Range: 1-2147483647
conn-sent-min
Description Set the minimum total sent byte
Type: number
Range: 1-65535
conn-violation
Description Set the violation threshold
Type: number
Range: 1-255
progression-tracking-conn-action
Description ‘drop’: Drop packets for progression tracking violation exceed (Default); ‘blacklist-src’: Blacklist-src for progression tracking violation exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
Mutual Exclusion: progression-tracking-conn-action and progression-tracking-conn-action-list-name are mutually exclusive
progression-tracking-conn-action-list-name
Description Configure action-list to take when progression tracking violation exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: progression-tracking-conn-action-list-name and progression-tracking-conn-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
progression-tracking-conn-enabled
Description ‘enable-check’: Enable General Progression Tracking per Connection;
Type: string
Supported Values: enable-check
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
tcp-list_progression-tracking_time-window-tracking¶
Specification Value Type object progression-tracking-win-enabled
Description ‘enable-check’: Enable Progression Tracking per Time Window;
Type: string
Supported Values: enable-check
progression-tracking-windows-action
Description ‘drop’: Drop packets for progression tracking violation exceed (Default); ‘blacklist-src’: Blacklist-src for progression tracking violation exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
Mutual Exclusion: progression-tracking-windows-action and progression-tracking-windows-action-list-name are mutually exclusive
progression-tracking-windows-action-list-name
Description Configure action-list to take when progression tracking violation exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: progression-tracking-windows-action-list-name and progression-tracking-windows-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
window-rcvd-max
Description Set the maximum total received byte
Type: number
Range: 1-65535
window-rcvd-min
Description Set the minimum total received byte
Type: number
Range: 1-65535
window-rcvd-sent-ratio-max
Description Set the maximum received to sent ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
window-rcvd-sent-ratio-min
Description Set the minimum received to sent ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
window-sent-max
Description Set the maximum total sent byte
Type: number
Range: 1-65535
window-sent-min
Description Set the minimum total sent byte
Type: number
Range: 1-65535
window-violation
Description Set the violation threshold
Type: number
Range: 1-255
tcp-list_filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description Filter using Berkeley Packet Filter syntax
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
tcp-filter-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src;
Type: string
Supported Values: drop, ignore, blacklist-src, authenticate-src
Default: drop
Mutual Exclusion: tcp-filter-action and tcp-filter-action-list-name are mutually exclusive
tcp-filter-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: tcp-filter-action-list-name and tcp-filter-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
tcp-filter-inverse-match
Description Inverse the result of the matching
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-filter-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
tcp-filter-seq
Description Sequence number
Type: number
Range: 1-200
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
tcp-list_known-resp-src-port-cfg¶
Specification Value Type object exclude-src-resp-port
Description Exclude src port equal to dst port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
known-resp-src-port
Description Take action if src-port is less than 1024
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
known-resp-src-port-action
Description ‘drop’: Drop packets from well-known src-port(Default); ‘blacklist-src’: Blacklist-src from well-known src-port; ‘ignore’: Ignore well-known src-port;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: known-resp-src-port-action and known-resp-src-port-action-list-name are mutually exclusive
known-resp-src-port-action-list-name
Description Configure action-list to take for well-known src-port
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: known-resp-src-port-action-list-name and known-resp-src-port-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
tcp-list_zero-win-cfg¶
Specification Value Type object zero-win
Description Take action if zero window pkts exceed configured threshold
Type: number
Range: 1-250
Mutual Exclusion: zero-win and per-conn-zero-win-rate-limit are mutually exclusive
zero-win-action
Description ‘drop’: Drop packets for zero-win exceed (Default); ‘blacklist-src’: help Blacklist-src for zero-win exceed; ‘ignore’: Ignore zero-win exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: zero-win-action and zero-win-action-list-name are mutually exclusive
zero-win-action-list-name
Description Configure action-list to take for zero window exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: zero-win-action-list-name and zero-win-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
tcp-list_per-conn-out-of-seq-rate-cfg¶
Specification Value Type object per-conn-out-of-seq-rate-action
Description ‘drop’: Drop packets for out-of-seq rate exceed (Default); ‘blacklist-src’: help Blacklist-src for out-of-seq rate exceed; ‘ignore’: help Ignore out-of-seq rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: per-conn-out-of-seq-rate-action and per-conn-out-of-seq-rate-action-list-name are mutually exclusive
per-conn-out-of-seq-rate-action-list-name
Description Configure action-list to take for out-of-seq rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: per-conn-out-of-seq-rate-action-list-name and per-conn-out-of-seq-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
per-conn-out-of-seq-rate-limit
Description Take action if out-of-seq pkt rate exceed configured threshold
Type: number
Range: 1-16000000
Mutual Exclusion: per-conn-out-of-seq-rate-limit and out-of-seq are mutually exclusive
tcp-list_out-of-seq-cfg¶
Specification Value Type object out-of-seq
Description Take action if out-of-seq pkts exceed configured threshold
Type: number
Range: 1-64000
Mutual Exclusion: out-of-seq and per-conn-out-of-seq-rate-limit are mutually exclusive
out-of-seq-action
Description ‘drop’: Drop packets for out-of-seq exceed (Default); ‘blacklist-src’: help Blacklist-src for out-of-seq exceed; ‘ignore’: help Ignore out-of-seq exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: out-of-seq-action and out-of-seq-action-list-name are mutually exclusive
out-of-seq-action-list-name
Description Configure action-list to take for out-of-seq exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: out-of-seq-action-list-name and out-of-seq-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
quic-list¶
Specification Value Type list Block object keys fixed-bit-check-disable
Description Disable fixed-bit malform check
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
quic-tmpl-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
version-supported-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/quic/{quic-tmpl-name}/version-supported/{version-start}+{version-end}
quic-list_version-supported-list¶
Specification Value Type list Block object keys malformed-check
Description: malformed-check is a JSON Block. Please see below for quic-list_version-supported-list_malformed-check
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/quic/{quic-tmpl-name}/version-supported/{version-start}+{version-end}/malformed-check
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
version-action
Description ‘drop’: Drop packets; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, blacklist-src
Mutual Exclusion: version-action and version-action-list-name are mutually exclusive
version-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: version-action-list-name and version-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
version-end
Description Version supported range end
Type: string
Format: time
Maximum Length: 4294967295 characters
Maximum Length: 1 characters
version-start
Description Configure versions supported
Type: string
Format: time
Maximum Length: 4294967295 characters
Maximum Length: 1 characters
quic-list_version-supported-list_malformed-check¶
Specification Value Type object malformed-check-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, blacklist-src
Mutual Exclusion: malformed-check-action and malformed-check-action-list-name are mutually exclusive
malformed-check-action-list-name
Description Configure action-list to take. Overwrites version action
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: malformed-check-action-list-name and malformed-check-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
malformed-enable
Description ‘enable’: Enable malformed check;
Type: string
Supported Values: enable
Default: enable
max-destination-cid-length
Description Set the maximum destination CID length
Type: number
Range: 0-255
Default: 255
max-source-cid-length
Description Set the maximum source CID length
Type: number
Range: 0-255
Default: 255
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ssl-l4-list¶
Specification Value Type list Block object keys allow-non-tls
Description Allow Non-TLS (SSLv3 and lower) traffic (Warning: security may be compromised)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
auth-handshake
Description: auth-handshake is a JSON Block. Please see below for ssl-l4-list_auth-handshake
Type: Object
disable
Description Disable this template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst
Description: dst is a JSON Block. Please see below for ssl-l4-list_dst
Type: Object
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for ssl-l4-list_multi-pu-threshold-distribution
Type: Object
renegotiation
Description: renegotiation is a JSON Block. Please see below for ssl-l4-list_renegotiation
Type: Object
src
Description: src is a JSON Block. Please see below for ssl-l4-list_src
Type: Object
ssl-l4-tmpl-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-traffic-check
Description: ssl-traffic-check is a JSON Block. Please see below for ssl-l4-list_ssl-traffic-check
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/ssl-l4/{ssl-l4-tmpl-name}/ssl-traffic-check
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ssl-l4-list_auth-handshake¶
Specification Value Type object auth-handshake-fail-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, blacklist-src, reset
Mutual Exclusion: auth-handshake-fail-action and auth-handshake-fail-action-list-name are mutually exclusive
auth-handshake-fail-action-list-name
Description Configure action-list to take for failing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: auth-handshake-fail-action-list-name and auth-handshake-fail-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
auth-handshake-pass-action
Description ‘authenticate-src’: authenticate-src (Default);
Type: string
Supported Values: authenticate-src
Mutual Exclusion: auth-handshake-pass-action and auth-handshake-pass-action-list-name are mutually exclusive
auth-handshake-pass-action-list-name
Description Configure action-list to take for passing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: auth-handshake-pass-action-list-name and auth-handshake-pass-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
auth-handshake-timeout
Description Connection timeout (default 5 seconds) and trials (default 5 times) (DST support only)
Type: number
Range: 1-31
Default: 5
auth-handshake-trials
Description Number of failed handshakes before entry marked black
Type: number
Range: 0-15
Default: 5
cert-cfg
Description: cert-cfg is a JSON Block. Please see below for ssl-l4-list_auth-handshake_cert-cfg
Type: Object
server-name-list
Type: List
ssl-l4-list_auth-handshake_cert-cfg¶
Specification Value Type object cert
Description SSL certificate
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
key
Description SSL key
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
key-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)key-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4-list_auth-handshake_server-name-list¶
Specification Value Type list Block object keys server-cert
Description Server Certificate associated to SNI (Server Certificate Name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
server-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)server-key
Description Server Private Key associated to SNI (Server Private Key Name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
server-name
Description Server name indication in Client hello extension (Server name String)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
server-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4-list_src¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for ssl-l4-list_src_rate-limit
Type: Object
ssl-l4-list_src_rate-limit¶
Specification Value Type object request
Description: request is a JSON Block. Please see below for ssl-l4-list_src_rate-limit_request
Type: Object
ssl-l4-list_src_rate-limit_request¶
Specification Value Type object src-request-rate-limit
Description
Type: number
Range: 1-16000000
src-request-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, reset
Mutual Exclusion: src-request-rate-limit-action and src-request-rate-limit-action-list-name are mutually exclusive
src-request-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-request-rate-limit-action-list-name and src-request-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
ssl-l4-list_dst¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for ssl-l4-list_dst_rate-limit
Type: Object
ssl-l4-list_dst_rate-limit¶
Specification Value Type object request
Description: request is a JSON Block. Please see below for ssl-l4-list_dst_rate-limit_request
Type: Object
ssl-l4-list_dst_rate-limit_request¶
Specification Value Type object dst-request-rate-limit
Description
Type: number
Range: 1-16000000
dst-request-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, reset
Mutual Exclusion: dst-request-rate-limit-action and dst-request-rate-limit-action-list-name are mutually exclusive
dst-request-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-request-rate-limit-action-list-name and dst-request-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
ssl-l4-list_ssl-traffic-check¶
Specification Value Type object check-resumed-connection
Description Apply checks to SSL connections initialized by ACK packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
header-action
Description ‘drop’: Drop packets with bad ssl header; ‘ignore’: Forward packets with bad ssl header;
Type: string
Supported Values: drop, ignore
header-inspection
Description Inspect ssl header
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ssl-l4-list_multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
ssl-l4-list_renegotiation¶
Specification Value Type object num-renegotiation
Description Number of renegotiation allowed
Type: number
Range: 0-7
ssl-l4-reneg-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: ssl-l4-reneg-action and ssl-l4-reneg-action-list-name are mutually exclusive
ssl-l4-reneg-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: ssl-l4-reneg-action-list-name and ssl-l4-reneg-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
ip-proto-list¶
Specification Value Type list Block object keys filter-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/ip-proto/{name}/filter/{other-filter-name}
filter-match-type
Description ‘default’: Stop matching on drop/blacklist action; ‘stop-on-first-match’: Stop matching on first match;
Type: string
Supported Values: default, stop-on-first-match
Default: default
name
Description DDOS Ip-proto Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ip-proto-list_filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description Filter using Berkeley Packet Filter syntax
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
other-filter-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src;
Type: string
Supported Values: drop, ignore, blacklist-src, authenticate-src
Mutual Exclusion: other-filter-action and other-filter-action-list-name are mutually exclusive
other-filter-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: other-filter-action-list-name and other-filter-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
other-filter-inverse-match
Description Inverse the result of the matching
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
other-filter-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
other-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
other-filter-seq
Description Sequence number
Type: number
Range: 1-200
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-list¶
Specification Value Type list Block object keys allow-query-class
Description: allow-query-class is a JSON Block. Please see below for dns-list_allow-query-class
Type: Object
allow-record-type
Description: allow-record-type is a JSON Block. Please see below for dns-list_allow-record-type
Type: Object
dns-any-check
Description Drop DNS queries of Type ANY
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-any-check-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Default: drop
Mutual Exclusion: dns-any-check-action and dns-any-check-action-list-name are mutually exclusive
dns-any-check-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dns-any-check-action-list-name and dns-any-check-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
dns-udp-authentication
Description: dns-udp-authentication is a JSON Block. Please see below for dns-list_dns-udp-authentication
Type: Object
domain-group-name
Description Apply a domain-group to the DNS template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst
Description: dst is a JSON Block. Please see below for dns-list_dst
Type: Object
fqdn-label-count-cfg
Description: fqdn-label-count-cfg is a JSON Block. Please see below for dns-list_fqdn-label-count-cfg
Type: Object
fqdn-label-len-cfg
Type: Listmalformed-query-check
Description: malformed-query-check is a JSON Block. Please see below for dns-list_malformed-query-check
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/dns/{name}/malformed-query-check
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for dns-list_multi-pu-threshold-distribution
Type: Object
name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
on-no-match
Description ‘permit’: permit; ‘deny’: deny (default);
Type: string
Supported Values: permit, deny
Default: deny
src
Description: src is a JSON Block. Please see below for dns-list_src
Type: Object
symtimeout-cfg
Description: symtimeout-cfg is a JSON Block. Please see below for dns-list_symtimeout-cfg
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-list_src¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for dns-list_src_rate-limit
Type: Object
dns-list_src_rate-limit¶
Specification Value Type object nxdomain
Description: nxdomain is a JSON Block. Please see below for dns-list_src_rate-limit_nxdomain
Type: Object
request
Description: request is a JSON Block. Please see below for dns-list_src_rate-limit_request
Type: Object
dns-list_src_rate-limit_request¶
Specification Value Type object src-dns-request-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: src-dns-request-rate-limit-action and src-dns-request-rate-limit-action-list-name are mutually exclusive
src-dns-request-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-dns-request-rate-limit-action-list-name and src-dns-request-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
type
Description: type is a JSON Block. Please see below for dns-list_src_rate-limit_request_type
Type: Object
dns-list_src_rate-limit_request_type¶
Specification Value Type object A-cfg
Description: A-cfg is a JSON Block. Please see below for dns-list_src_rate-limit_request_type_A-cfg
Type: Object
AAAA-cfg
Description: AAAA-cfg is a JSON Block. Please see below for dns-list_src_rate-limit_request_type_AAAA-cfg
Type: Object
CNAME-cfg
Description: CNAME-cfg is a JSON Block. Please see below for dns-list_src_rate-limit_request_type_CNAME-cfg
Type: Object
MX-cfg
Description: MX-cfg is a JSON Block. Please see below for dns-list_src_rate-limit_request_type_MX-cfg
Type: Object
NS-cfg
Description: NS-cfg is a JSON Block. Please see below for dns-list_src_rate-limit_request_type_NS-cfg
Type: Object
SRV-cfg
Description: SRV-cfg is a JSON Block. Please see below for dns-list_src_rate-limit_request_type_SRV-cfg
Type: Object
dns-type-cfg
Type: List
dns-list_src_rate-limit_request_type_SRV-cfg¶
Specification Value Type object SRV
Description Service locator
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dns-srv-rate
Description DNS request rate
Type: number
Range: 1-16000000
dns-list_src_rate-limit_request_type_CNAME-cfg¶
Specification Value Type object CNAME
Description Canonical name record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dns-cname-rate
Description
Type: number
Range: 1-16000000
dns-list_src_rate-limit_request_type_dns-type-cfg¶
Specification Value Type list Block object keys src-dns-request-type
Description Other type value
Type: number
Range: 1-65535
src-dns-request-type-rate
Description request rate limit
Type: number
Range: 1-16000000
dns-list_src_rate-limit_request_type_AAAA-cfg¶
Specification Value Type object AAAA
Description IPv6 address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dns-aaaa-rate
Description
Type: number
Range: 1-16000000
dns-list_src_rate-limit_request_type_A-cfg¶
Specification Value Type object A
Description Address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dns-a-rate
Description
Type: number
Range: 1-16000000
dns-list_src_rate-limit_request_type_MX-cfg¶
Specification Value Type object MX
Description Mail exchange record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dns-mx-rate
Description
Type: number
Range: 1-16000000
dns-list_src_rate-limit_request_type_NS-cfg¶
Specification Value Type object NS
Description Name server record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dns-ns-rate
Description
Type: number
Range: 1-16000000
dns-list_src_rate-limit_nxdomain¶
Specification Value Type object dns-nxdomain-rate
Description Limiting rate
Type: number
Range: 1-16000000
dns-nxdomain-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: dns-nxdomain-rate-limit-action and dns-nxdomain-rate-limit-action-list-name are mutually exclusive
dns-nxdomain-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dns-nxdomain-rate-limit-action-list-name and dns-nxdomain-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
dns-list_fqdn-label-count-cfg¶
Specification Value Type object fqdn-label-count-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Send reset to client;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: fqdn-label-count-action and fqdn-label-count-action-list-name are mutually exclusive
fqdn-label-count-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: fqdn-label-count-action-list-name and fqdn-label-count-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
label-count
Description Maximum number of FQDN labels per FQDN
Type: number
Range: 1-10
dns-list_malformed-query-check¶
Specification Value Type object dns-malformed-query-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: dns-malformed-query-action and dns-malformed-query-action-list-name are mutually exclusive
dns-malformed-query-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dns-malformed-query-action-list-name and dns-malformed-query-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
non-query-opcode-check
Description ‘disable’: When malform check is enabled, TPS always drops DNS query with non query opcode, this option disables this opcode check;
Type: string
Supported Values: disable
skip-multi-packet-check
Description Bypass DNS fragmented and TCP segmented Queries(Default: dropped)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
validation-type
Description ‘basic-header-check’: Basic header validation for DNS TCP/UDP queries; ‘extended-header-check’: Extended header/query validation for DNS TCP/UDP queries; ‘disable’: Disable Malform query validation for DNS TCP/UDP;
Type: string
Supported Values: basic-header-check, extended-header-check, disable
dns-list_dst¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for dns-list_dst_rate-limit
Type: Object
dns-list_dst_rate-limit¶
Specification Value Type object domain-group-rate-exceed-action
Description ‘drop’: Drop the query (default); ‘tunnel-encap-packet’: Encapsulate the query and send on a tunnel;
Type: string
Supported Values: drop, tunnel-encap-packet
Default: drop
domain-group-rate-per-service
Description Enable per service domain rate checking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
encap-template
Description DDOS encap template to sepcify the tunnel endpoint
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
fqdn
Description: fqdn is a JSON Block. Please see below for dns-list_dst_rate-limit_fqdn
Type: Object
request
Description: request is a JSON Block. Please see below for dns-list_dst_rate-limit_request
Type: Object
dns-list_dst_rate-limit_request¶
Specification Value Type object dst-dns-request-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Mutual Exclusion: dst-dns-request-rate-limit-action and dst-dns-request-rate-limit-action-list-name are mutually exclusive
dst-dns-request-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-dns-request-rate-limit-action-list-name and dst-dns-request-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
type
Description: type is a JSON Block. Please see below for dns-list_dst_rate-limit_request_type
Type: Object
dns-list_dst_rate-limit_request_type¶
Specification Value Type object A-cfg
Description: A-cfg is a JSON Block. Please see below for dns-list_dst_rate-limit_request_type_A-cfg
Type: Object
AAAA-cfg
Description: AAAA-cfg is a JSON Block. Please see below for dns-list_dst_rate-limit_request_type_AAAA-cfg
Type: Object
CNAME-cfg
Description: CNAME-cfg is a JSON Block. Please see below for dns-list_dst_rate-limit_request_type_CNAME-cfg
Type: Object
MX-cfg
Description: MX-cfg is a JSON Block. Please see below for dns-list_dst_rate-limit_request_type_MX-cfg
Type: Object
NS-cfg
Description: NS-cfg is a JSON Block. Please see below for dns-list_dst_rate-limit_request_type_NS-cfg
Type: Object
SRV-cfg
Description: SRV-cfg is a JSON Block. Please see below for dns-list_dst_rate-limit_request_type_SRV-cfg
Type: Object
dns-type-cfg
Type: List
dns-list_dst_rate-limit_request_type_SRV-cfg¶
Specification Value Type object SRV
Description Service locator
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-srv-rate
Description DNS request rate
Type: number
Range: 1-16000000
dns-list_dst_rate-limit_request_type_CNAME-cfg¶
Specification Value Type object CNAME
Description Canonical name record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-cname-rate
Description
Type: number
Range: 1-16000000
dns-list_dst_rate-limit_request_type_dns-type-cfg¶
Specification Value Type list Block object keys dns-request-type
Description Other type value
Type: number
Range: 1-65535
dns-request-type-rate
Description request rate limit
Type: number
Range: 1-16000000
dns-list_dst_rate-limit_request_type_AAAA-cfg¶
Specification Value Type object AAAA
Description IPv6 address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-aaaa-rate
Description
Type: number
Range: 1-16000000
dns-list_dst_rate-limit_request_type_A-cfg¶
Specification Value Type object A
Description Address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-a-rate
Description
Type: number
Range: 1-16000000
dns-list_dst_rate-limit_request_type_MX-cfg¶
Specification Value Type object MX
Description Mail exchange record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-mx-rate
Description
Type: number
Range: 1-16000000
dns-list_dst_rate-limit_request_type_NS-cfg¶
Specification Value Type object NS
Description Name server record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-ns-rate
Description
Type: number
Range: 1-16000000
dns-list_dst_rate-limit_fqdn¶
Specification Value Type object dns-fqdn-rate-cfg
Type: Listdns-fqdn-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Mutual Exclusion: dns-fqdn-rate-limit-action and dns-fqdn-rate-limit-action-list-name are mutually exclusive
dns-fqdn-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dns-fqdn-rate-limit-action-list-name and dns-fqdn-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
dns-list_dst_rate-limit_fqdn_dns-fqdn-rate-cfg¶
Specification Value Type list Block object keys dns-fqdn-rate
Description Limiting rate (Range: 5-8000 for FQDN domain based rate limiting, 5-16000000 for FQDN label count based rate limiting)
Type: number
Range: 5-16000000
fqdn-rate-label-count
Description FQDN label count (Range: 1-8)
Type: number
Range: 1-8
fqdn-rate-suffix
Description Suffix count
Type: number
Range: 1-5
per
Description ‘domain-name’: Domain Name; ‘src-ip’: Source IP address; ‘label-count’: FQDN label count;
Type: string
Supported Values: domain-name, src-ip, label-count
per-domain-per-src-ip
Description Use both Domain Name and Source IP address for rate-limiting
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-list_allow-record-type¶
Specification Value Type object allow-a-type
Description Address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-aaaa-type
Description IPv6 address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-cname-type
Description Canonical name record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-mx-type
Description Mail exchange record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-ns-type
Description Name server record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-record-type-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, blacklist-src, reset
Mutual Exclusion: allow-record-type-action and allow-record-type-action-list-name are mutually exclusive
allow-record-type-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: allow-record-type-action-list-name and allow-record-type-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
allow-srv-type
Description Service locator
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
record-num-cfg
Type: List
dns-list_allow-record-type_record-num-cfg¶
Specification Value Type list Block object keys allow-num-type
Description Other record type value
Type: number
Range: 1-65535
dns-list_allow-query-class¶
Specification Value Type object allow-any-query-class
Description ANY query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-chaos-query-class
Description CHAOS query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-csnet-query-class
Description CSNET query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-hesiod-query-class
Description HESIOD query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-internet-query-class
Description INTERNET query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-none-query-class
Description NONE query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-query-class-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, blacklist-src, reset
Mutual Exclusion: allow-query-class-action and allow-query-class-action-list-name are mutually exclusive
allow-query-class-action-list-name
Description Configure action-list to take when query class doesn’t match
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: allow-query-class-action-list-name and allow-query-class-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
dns-list_dns-udp-authentication¶
Specification Value Type object dns-udp-auth-fail-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, blacklist-src
Mutual Exclusion: dns-udp-auth-fail-action and dns-udp-auth-fail-action-list-name are mutually exclusive
dns-udp-auth-fail-action-list-name
Description Configure action-list to take for failing the authentication. (Applicable to dns-udp retry only)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dns-udp-auth-fail-action-list-name and dns-udp-auth-fail-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
dns-udp-auth-pass-action
Description ‘authenticate-src’: authenticate-src (Default);
Type: string
Supported Values: authenticate-src
Mutual Exclusion: dns-udp-auth-pass-action and dns-udp-auth-pass-action-list-name are mutually exclusive
dns-udp-auth-pass-action-list-name
Description Configure action-list to take for passing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dns-udp-auth-pass-action-list-name and dns-udp-auth-pass-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
force-tcp-cfg
Description: force-tcp-cfg is a JSON Block. Please see below for dns-list_dns-udp-authentication_force-tcp-cfg
Type: Object
min-delay
Description Optional minimum delay between DNS retransmits for authentication to pass, unit is specified by min-delay-interval
Type: number
Range: 1-80
Mutual Exclusion: min-delay and force-tcp are mutually exclusive
min-delay-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
udp-timeout
Description UDP authentication timeout in seconds
Type: number
Range: 1-16
Mutual Exclusion: udp-timeout and force-tcp are mutually exclusive
dns-list_dns-udp-authentication_force-tcp-cfg¶
Specification Value Type object force-tcp
Description Force DNS request over TCP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: force-tcp, udp-timeout, and min-delay are mutually exclusive
force-tcp-ignore-client-source-port
Description Allow client to retransmit DNS request using different source port during udp-auth (supported in asymmetric mode only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
force-tcp-min-delay
Description Optional minimum delay (seconds) between DNS retransmits for authentication to pass
Type: number
Range: 1-15
force-tcp-timeout
Description UDP authentication timeout in seconds
Type: number
Range: 1-16
dns-list_multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
dns-list_fqdn-label-len-cfg¶
Specification Value Type list Block object keys fqdn-label-length-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: fqdn-label-length-action and fqdn-label-length-action-list-name are mutually exclusive
fqdn-label-length-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: fqdn-label-length-action-list-name and fqdn-label-length-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
fqdn-label-suffix
Description Number of suffixes
Type: number
Range: 1-5
label-length
Description Maximum length of FQDN label
Type: number
Range: 1-63
dns-list_symtimeout-cfg¶
Specification Value Type object sym-timeout
Description Timeout for DNS Symmetric session
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sym-timeout-value
Description Session timeout value in seconds
Type: number
Range: 1-31
icmp-v4-list¶
Specification Value Type list Block object keys filter-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}/filter/{icmp-filter-name}
filter-match-type
Description ‘default’: Stop matching on drop/blacklist action; ‘stop-on-first-match’: Stop matching on first match;
Type: string
Supported Values: default, stop-on-first-match
Default: default
icmp-tmpl-name
Description DDOS ICMPv4 Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
type-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}/type/{type-number}
type-other
Description: type-other is a JSON Block. Please see below for icmp-v4-list_type-other
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}/type-other
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
icmp-v4-list_type-list¶
Specification Value Type list Block object keys dst-code-other-rate
Description Specify the rate with other code
Type: number
Range: 1-16000000
dst-code-other-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: dst-code-other-rate-action and dst-code-other-rate-action-list-name are mutually exclusive
dst-code-other-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-code-other-rate-action-list-name and dst-code-other-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
icmp-type-action
Description ‘drop’: Reject this ICMP type; ‘blacklist-src’: Blacklist-src this ICMP type; ‘ignore’: Ignore this ICMP type;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: icmp-type-action and icmp-type-action-list-name are mutually exclusive
icmp-type-action-list-name
Description Configure action-list to take for this ICMP type
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: icmp-type-action-list-name and icmp-type-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
src-code-other-rate
Description Specify the rate with other code
Type: number
Range: 1-16000000
src-code-other-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: src-code-other-rate-action and src-code-other-rate-action-list-name are mutually exclusive
src-code-other-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-code-other-rate-action-list-name and src-code-other-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
type-number
Description Specify ICMP type number
Type: number
Range: 0-255
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
v4-dst-code-cfg
Type: Listv4-dst-rate-cfg
Description: v4-dst-rate-cfg is a JSON Block. Please see below for icmp-v4-list_type-list_v4-dst-rate-cfg
Type: Object
v4-src-code-cfg
Type: Listv4-src-rate-cfg
Description: v4-src-rate-cfg is a JSON Block. Please see below for icmp-v4-list_type-list_v4-src-rate-cfg
Type: Object
icmp-v4-list_type-list_v4-src-rate-cfg¶
Specification Value Type object src-type-rate
Description Specify the whole src rate for this type
Type: number
Range: 1-16000000
src-type-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: src-type-rate-action and src-type-rate-action-list-name are mutually exclusive
src-type-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-type-rate-action-list-name and src-type-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
icmp-v4-list_type-list_v4-dst-code-cfg¶
Specification Value Type list Block object keys dst-code-number
Description Specify the ICMP code for this dst rate
Type: number
Range: 0-255
dst-code-rate
Description Specify the rate with the code
Type: number
Range: 1-16000000
dst-code-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: dst-code-rate-action and dst-code-rate-action-list-name are mutually exclusive
dst-code-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-code-rate-action-list-name and dst-code-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
icmp-v4-list_type-list_v4-src-code-cfg¶
Specification Value Type list Block object keys src-code-number
Description Specify the ICMP code for this src rate
Type: number
Range: 0-255
src-code-rate
Description Specify the rate with the code
Type: number
Range: 1-16000000
src-code-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: src-code-rate-action and src-code-rate-action-list-name are mutually exclusive
src-code-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-code-rate-action-list-name and src-code-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
icmp-v4-list_type-list_v4-dst-rate-cfg¶
Specification Value Type object dst-type-rate
Description Specify the whole dst rate for this type
Type: number
Range: 1-16000000
dst-type-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: dst-type-rate-action and dst-type-rate-action-list-name are mutually exclusive
dst-type-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-type-rate-action-list-name and dst-type-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
icmp-v4-list_type-other¶
Specification Value Type object dst
Description: dst is a JSON Block. Please see below for icmp-v4-list_type-other_dst
Type: Object
icmp-type-other-action
Description ‘drop’: Reject wildcard ICMP type; ‘blacklist-src’: Blacklist-src wildcard ICMP type; ‘ignore’: Ignore wildcard ICMP type;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: icmp-type-other-action and icmp-type-other-action-list-name are mutually exclusive
icmp-type-other-action-list-name
Description Configure action-list to take for wildcard ICMP match
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: icmp-type-other-action-list-name and icmp-type-other-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
src
Description: src is a JSON Block. Please see below for icmp-v4-list_type-other_src
Type: Object
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
icmp-v4-list_type-other_src¶
Specification Value Type object src-type-other-rate
Description Specify the whole src rate for wildcard ICMP type
Type: number
Range: 1-16000000
src-type-other-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: src-type-other-rate-action and src-type-other-rate-action-list-name are mutually exclusive
src-type-other-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-type-other-rate-action-list-name and src-type-other-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
icmp-v4-list_type-other_dst¶
Specification Value Type object dst-type-other-rate
Description Specify the whole dst rate for wildcard ICMP type
Type: number
Range: 1-16000000
dst-type-other-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: dst-type-other-rate-action and dst-type-other-rate-action-list-name are mutually exclusive
dst-type-other-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-type-other-rate-action-list-name and dst-type-other-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
icmp-v4-list_filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description filter using Berkeley packet filter syntax
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
icmp-filter-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, blacklist-src
Default: drop
Mutual Exclusion: icmp-filter-action and icmp-filter-action-list-name are mutually exclusive
icmp-filter-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: icmp-filter-action-list-name and icmp-filter-action are mutually exclusive
icmp-filter-inverse-match
Description Inverse the result of matching
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
icmp-filter-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
icmp-filter-seq
Description sequence number
Type: number
Range: 1-200
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
encap-list¶
Specification Value Type list Block object keys encap-tmpl-name
Description DDOS Tunnel Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
preserve-source-ip
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tunnel-encap
Description: tunnel-encap is a JSON Block. Please see below for encap-list_tunnel-encap
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
encap-list_tunnel-encap¶
Specification Value Type object gre-cfg
Description: gre-cfg is a JSON Block. Please see below for encap-list_tunnel-encap_gre-cfg
Type: Object
ip-cfg
Description: ip-cfg is a JSON Block. Please see below for encap-list_tunnel-encap_ip-cfg
Type: Object
encap-list_tunnel-encap_ip-cfg¶
Specification Value Type object always
Description: always is a JSON Block. Please see below for encap-list_tunnel-encap_ip-cfg_always
Type: Object
ip-encap
Description Enable Tunnel encapsulation using IP in IP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
encap-list_tunnel-encap_ip-cfg_always¶
Specification Value Type object ipv4-addr
Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv4-address
ipv6-addr
Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv6-address
encap-list_tunnel-encap_gre-cfg¶
Specification Value Type object gre-always
Description: gre-always is a JSON Block. Please see below for encap-list_tunnel-encap_gre-cfg_gre-always
Type: Object
gre-encap
Description Enable Tunnel encapsulation using GRE
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
encap-list_tunnel-encap_gre-cfg_gre-always¶
Specification Value Type object gre-ipv4
Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv4-address
gre-ipv6
Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv6-address
key-ipv4
Description Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
key-ipv6
Description Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
udp-list¶
Specification Value Type list Block object keys age
Description Configure session age(in minutes) for UDP sessions
Type: number
Range: 1-63
Default: 2
filter-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/udp/{name}/filter/{udp-filter-name}
filter-match-type
Description ‘default’: Stop matching on drop/blacklist action; ‘stop-on-first-match’: Stop matching on first match;
Type: string
Supported Values: default, stop-on-first-match
Default: default
known-resp-src-port-cfg
Description: known-resp-src-port-cfg is a JSON Block. Please see below for udp-list_known-resp-src-port-cfg
Type: Object
max-payload-size-cfg
Description: max-payload-size-cfg is a JSON Block. Please see below for udp-list_max-payload-size-cfg
Type: Object
min-payload-size-cfg
Description: min-payload-size-cfg is a JSON Block. Please see below for udp-list_min-payload-size-cfg
Type: Object
name
Description DDOS UDP Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ntp-monlist-cfg
Description: ntp-monlist-cfg is a JSON Block. Please see below for udp-list_ntp-monlist-cfg
Type: Object
per-conn-pkt-rate-cfg
Description: per-conn-pkt-rate-cfg is a JSON Block. Please see below for udp-list_per-conn-pkt-rate-cfg
Type: Object
per-conn-rate-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
Default: 1sec
previous-salt-timeout
Description Token-Authentication previous salt-prefix timeout in minutes, default is 1 min
Type: number
Range: 1-10080
Default: 1
public-ipv4-addr
Description IP address
Type: string
Format: ipv4-address
public-ipv6-addr
Description IPV6 address
Type: string
Format: ipv6-address
spoof-detect-fail-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src for spoof-detect fail;
Type: string
Supported Values: drop, blacklist-src
Mutual Exclusion: spoof-detect-fail-action and spoof-detect-fail-action-list-name are mutually exclusive
spoof-detect-fail-action-list-name
Description Configure action-list to take for failing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: spoof-detect-fail-action-list-name and spoof-detect-fail-action are mutually exclusive
spoof-detect-min-delay
Description Optional minimum delay between UDP retransmits for authentication to pass, unit is specified by min-delay-interval
Type: number
Range: 1-80
spoof-detect-min-delay-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
Default: 1sec
spoof-detect-pass-action
Description ‘authenticate-src’: authenticate-src (Default);
Type: string
Supported Values: authenticate-src
Mutual Exclusion: spoof-detect-pass-action and spoof-detect-pass-action-list-name are mutually exclusive
spoof-detect-pass-action-list-name
Description Configure action-list to take for passing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: spoof-detect-pass-action-list-name and spoof-detect-pass-action are mutually exclusive
spoof-detect-retry-timeout
Description Timeout in seconds
Type: number
Range: 1-31
token-authentication
Description Enable Token Authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-formula
Description ‘md5_Salt-SrcIp-SrcPort-DstIp-DstPort’: md5 of Salt-SrcIp-SrcPort-DstIp-DstPort; ‘md5_Salt-DstIp-DstPort’: md5 of Salt-DstIp-DstPort; ‘md5_Salt-SrcIp-DstIp’: md5 of Salt-SrcIp-DstIp; ‘md5_Salt-SrcPort-DstPort’: md5 of Salt-SrcPort-DstPort; ‘md5_Salt-UintDstIp-DstPort’: Using the uint value of IP for md5 of Salt-DstIp-DstPort; ‘sha1_Salt-SrcIp-SrcPort-DstIp-DstPort’: sha1 of Salt-SrcIp-SrcPort-DstIp-DstPort; ‘sha1_Salt-DstIp-DstPort’: sha1 of Salt-DstIp-DstPort; ‘sha1_Salt-SrcIp-DstIp’: sha1 of Salt-SrcIp-DstIp; ‘sha1_Salt-SrcPort-DstPort’: sha1 of Salt-SrcPort-DstPort; ‘sha1_Salt-UintDstIp-DstPort’: Using the uint value of IP for sha1 of Salt-DstIp-DstPort;
Type: string
Supported Values: md5_Salt-SrcIp-SrcPort-DstIp-DstPort, md5_Salt-DstIp-DstPort, md5_Salt-SrcIp-DstIp, md5_Salt-SrcPort-DstPort, md5_Salt-UintDstIp-DstPort, sha1_Salt-SrcIp-SrcPort-DstIp-DstPort, sha1_Salt-DstIp-DstPort, sha1_Salt-SrcIp-DstIp, sha1_Salt-SrcPort-DstPort, sha1_Salt-UintDstIp-DstPort
token-authentication-hw-assist-disable
Description token-authentication disable hardware assistance
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-public-address
Description The server public IP address
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-salt-prefix
Description token-authentication salt-prefix
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-salt-prefix-curr
Description
Type: number
Range: 1-4294967295
token-authentication-salt-prefix-prev
Description
Type: number
Range: 1-4294967295
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
udp-list_ntp-monlist-cfg¶
Specification Value Type object ntp-monlist
Description Take action for ntp monlist request/response
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ntp-monlist-action
Description ‘drop’: Drop packets for ntp-monlist (Default); ‘blacklist-src’: Blacklist-src for ntp-monlist; ‘ignore’: Ignore ntp-monlist;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: ntp-monlist-action and ntp-monlist-action-list-name are mutually exclusive
ntp-monlist-action-list-name
Description Configure action-list to take for ntp-monlist
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: ntp-monlist-action-list-name and ntp-monlist-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
udp-list_known-resp-src-port-cfg¶
Specification Value Type object exclude-src-resp-port
Description Exclude src port equal to dst port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
known-resp-src-port
Description Take action if src-port is less than 1024
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
known-resp-src-port-action
Description ‘drop’: Drop packets from well-known src-port(Default); ‘blacklist-src’: Blacklist-src from well-known src-port; ‘ignore’: Ignore well-known src-port;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: known-resp-src-port-action and known-resp-src-port-action-list-name are mutually exclusive
known-resp-src-port-action-list-name
Description Configure action-list to take for well-known src-port
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: known-resp-src-port-action-list-name and known-resp-src-port-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
udp-list_per-conn-pkt-rate-cfg¶
Specification Value Type object per-conn-pkt-rate-action
Description ‘drop’: Drop packets for per-conn-pkt-rate exceed (Default); ‘blacklist-src’: help Blacklist-src for per-conn-pkt-rate exceed; ‘ignore’: Ignore per-conn-pkt-rate-exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: per-conn-pkt-rate-action and per-conn-pkt-rate-action-list-name are mutually exclusive
per-conn-pkt-rate-action-list-name
Description Configure action-list to take for per-conn-pkt-rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: per-conn-pkt-rate-action-list-name and per-conn-pkt-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
per-conn-pkt-rate-limit
Description Packet rate limit per connection per rate-interval
Type: number
Range: 1-16000000
udp-list_min-payload-size-cfg¶
Specification Value Type object min-payload-size
Description Minimum UDP payload size for each single packet
Type: number
Range: 1-1470
min-payload-size-action
Description ‘drop’: Drop packets for min-payload-size (Default); ‘blacklist-src’: Blacklist-src for min-payload-size; ‘ignore’: Do nothing for min-payload-size exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: min-payload-size-action and min-payload-size-action-list-name are mutually exclusive
min-payload-size-action-list-name
Description Configure action-list to take for min-payload-size exceed
Type: string
Format: string-rlx
Maximum Length: 64 characters
Maximum Length: 1 characters
Mutual Exclusion: min-payload-size-action-list-name and min-payload-size-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
udp-list_filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description Filter using Berkeley Packet Filter syntax
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
udp-filter-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src;
Type: string
Supported Values: drop, ignore, blacklist-src, authenticate-src
Default: drop
Mutual Exclusion: udp-filter-action and udp-filter-action-list-name are mutually exclusive
udp-filter-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: udp-filter-action-list-name and udp-filter-action are mutually exclusive
udp-filter-inverse-match
Description Inverse the result of the matching
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
udp-filter-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
udp-filter-seq
Description Sequence number
Type: number
Range: 1-200
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
udp-list_max-payload-size-cfg¶
Specification Value Type object max-payload-size
Description Maximum UDP payload size for each single packet
Type: number
Range: 1-1470
max-payload-size-action
Description ‘drop’: Drop packets for max-payload-size exceed (Default); ‘blacklist-src’: Blacklist-src for max-payload-size exceed; ‘ignore’: Do nothing for max-payload-size exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: max-payload-size-action and max-payload-size-action-list-name are mutually exclusive
max-payload-size-action-list-name
Description Configure action-list to take for max-payload-size exceed
Type: string
Format: string-rlx
Maximum Length: 64 characters
Maximum Length: 1 characters
Mutual Exclusion: max-payload-size-action-list-name and max-payload-size-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
http-list¶
Specification Value Type list Block object keys challenge
Description: challenge is a JSON Block. Please see below for http-list_challenge
Type: Object
client-source-ip
Description: client-source-ip is a JSON Block. Please see below for http-list_client-source-ip
Type: Object
disable
Description Disable this template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disallow-connect-method
Description Do not allow HTTP Connect method (asymmetric mode only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst
Description: dst is a JSON Block. Please see below for http-list_dst
Type: Object
filter-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/http/{http-tmpl-name}/filter/{http-filter-name}
http-tmpl-name
Description DDOS HTTP Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
idle-timeout
Description: idle-timeout is a JSON Block. Please see below for http-list_idle-timeout
Type: Object
malformed-http
Description: malformed-http is a JSON Block. Please see below for http-list_malformed-http
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/http/{http-tmpl-name}/malformed-http
mss-timeout
Description: mss-timeout is a JSON Block. Please see below for http-list_mss-timeout
Type: Object
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for http-list_multi-pu-threshold-distribution
Type: Object
non-http-bypass
Description Bypass non-http traffic instead of dropping
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
out-of-order-queue-size
Description Set the number of packets for the out-of-order HTTP queue (asym mode only)
Type: number
Range: 0-15
Default: 3
out-of-order-queue-timeout
Description Set the timeout value in seconds for out-of-order queue in HTTP (asym mode only)
Type: number
Range: 0-15
Default: 3
request-header
Description: request-header is a JSON Block. Please see below for http-list_request-header
Type: Object
slow-read
Description: slow-read is a JSON Block. Please see below for http-list_slow-read
Type: Object
src
Description: src is a JSON Block. Please see below for http-list_src
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
http-list_client-source-ip¶
Specification Value Type object client-source-ip
Description Mitigate on src ip specified by http header for example X-Forwarded-For header. Default is disabled
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-header-name
Description Set the http header name to parse for client ip. Default is X-Forwarded-For
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Default: X-Forwarded-For
http-list_dst¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for http-list_dst_rate-limit
Type: Object
http-list_dst_rate-limit¶
Specification Value Type object http-post
Description: http-post is a JSON Block. Please see below for http-list_dst_rate-limit_http-post
Type: Object
http-request
Description: http-request is a JSON Block. Please see below for http-list_dst_rate-limit_http-request
Type: Object
response-size
Description: response-size is a JSON Block. Please see below for http-list_dst_rate-limit_response-size
Type: Object
http-list_dst_rate-limit_response-size¶
Specification Value Type object between-cfg
Type: Listgreater-cfg
Type: Listless-cfg
Type: Listresponse-size-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: response-size-action and response-size-action-list-name are mutually exclusive
response-size-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: response-size-action-list-name and response-size-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
http-list_dst_rate-limit_response-size_between-cfg¶
Specification Value Type list Block object keys obj-between-rate
Description Response rate limit
Type: number
Range: 1-16000000
obj-between1
Description Response size configuration
Type: number
Range: 1-16000000
obj-between2
Description Response size configuration
Type: number
Range: 1-16000000
http-list_dst_rate-limit_response-size_greater-cfg¶
Specification Value Type list Block object keys obj-greater
Description Response size configuration
Type: number
Range: 1-16000000
obj-greater-rate
Description Response rate limit
Type: number
Range: 1-16000000
http-list_dst_rate-limit_response-size_less-cfg¶
Specification Value Type list Block object keys obj-less
Description Response size configuration
Type: number
Range: 1-16000000
obj-less-rate
Description Response rate limit
Type: number
Range: 1-16000000
http-list_dst_rate-limit_http-post¶
Specification Value Type object dst-post-rate-limit
Description
Type: number
Range: 1-16000000
dst-post-rate-limit-action
Description ‘drop’: Drop packets(Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Default: drop
Mutual Exclusion: dst-post-rate-limit-action and dst-post-rate-limit-action-list-name are mutually exclusive
dst-post-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-post-rate-limit-action-list-name and dst-post-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
http-list_dst_rate-limit_http-request¶
Specification Value Type object dst-request-rate
Description
Type: number
Range: 1-16000000
dst-request-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Default: drop
Mutual Exclusion: dst-request-rate-limit-action and dst-request-rate-limit-action-list-name are mutually exclusive
dst-request-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-request-rate-limit-action-list-name and dst-request-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
http-list_src¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for http-list_src_rate-limit
Type: Object
http-list_src_rate-limit¶
Specification Value Type object http-post
Description: http-post is a JSON Block. Please see below for http-list_src_rate-limit_http-post
Type: Object
http-request
Description: http-request is a JSON Block. Please see below for http-list_src_rate-limit_http-request
Type: Object
http-list_src_rate-limit_http-post¶
Specification Value Type object src-post-rate-limit
Description
Type: number
Range: 1-16000000
src-post-rate-limit-action
Description ‘drop’: Drop packets(Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Default: drop
Mutual Exclusion: src-post-rate-limit-action and src-post-rate-limit-action-list-name are mutually exclusive
src-post-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-post-rate-limit-action-list-name and src-post-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
http-list_src_rate-limit_http-request¶
Specification Value Type object src-request-rate
Description
Type: number
Range: 1-16000000
src-request-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Default: drop
Mutual Exclusion: src-request-rate-limit-action and src-request-rate-limit-action-list-name are mutually exclusive
src-request-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-request-rate-limit-action-list-name and src-request-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
http-list_challenge¶
Specification Value Type object challenge-cookie-name
Description Set the cookie name used to send back to client. Default is sto-idd
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Default: sto-idd
challenge-fail-action
Description ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection(Default);
Type: string
Supported Values: blacklist-src, reset
Default: reset
Mutual Exclusion: challenge-fail-action and challenge-fail-action-list-name are mutually exclusive
challenge-fail-action-list-name
Description Configure action-list to take for failing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: challenge-fail-action-list-name and challenge-fail-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
challenge-interval
Description Specify the challenge interval. Default is 8 seconds
Type: number
Range: 1-31
Default: 8
challenge-keep-cookie
Description Keep the challenge cookie from client and forward to backend. Default is do not keep
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
challenge-method
Description ‘http-redirect’: http-redirect; ‘javascript’: javascript;
Type: string
Supported Values: http-redirect, javascript
challenge-pass-action
Description ‘authenticate-src’: Authenticate-src (Default);
Type: string
Supported Values: authenticate-src
Mutual Exclusion: challenge-pass-action and challenge-pass-action-list-name are mutually exclusive
challenge-pass-action-list-name
Description Configure action-list to take for passing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: challenge-pass-action-list-name and challenge-pass-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
challenge-redirect-code
Description ‘302’: 302 Found; ‘307’: 307 Temporary Redirect;
Type: string
Supported Values: 302, 307
Default: 302
challenge-uri-encode
Description Encode the challenge phrase in uri instead of in http cookie. Default encoded in http cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-list_idle-timeout¶
Specification Value Type object idle-timeout-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, blacklist-src, reset
Mutual Exclusion: idle-timeout-action and idle-timeout-action-list-name are mutually exclusive
idle-timeout-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: idle-timeout-action-list-name and idle-timeout-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
idle-timeout-value
Description Set the the idle timeout value in seconds for HTTP connections
Type: number
Range: 1-63
ignore-zero-payload
Description Don’t reset idle timer on packets with zero payload length from clients
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-list_slow-read¶
Specification Value Type object min-window-count
Description Number of packets
Type: number
Range: 1-31
min-window-size
Description minimum window size
Type: number
Range: 1-65535
slow-read-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘ignore’: Take no action; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, blacklist-src, ignore, reset
Mutual Exclusion: slow-read-action and slow-read-action-list-name are mutually exclusive
slow-read-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: slow-read-action-list-name and slow-read-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
http-list_multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
http-list_filter-list¶
Specification Value Type list Block object keys dst
Description: dst is a JSON Block. Please see below for http-list_filter-list_dst
Type: Object
http-agent-cfg
Description: http-agent-cfg is a JSON Block. Please see below for http-list_filter-list_http-agent-cfg
Type: Object
http-filter-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, authenticate-src, reset
Mutual Exclusion: http-filter-action and http-filter-action-list-name are mutually exclusive
http-filter-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: http-filter-action-list-name and http-filter-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
http-filter-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-filter-seq
Description Sequence number
Type: number
Range: 1-200
http-header-cfg
Description: http-header-cfg is a JSON Block. Please see below for http-list_filter-list_http-header-cfg
Type: Object
http-referer-cfg
Description: http-referer-cfg is a JSON Block. Please see below for http-list_filter-list_http-referer-cfg
Type: Object
http-uri-cfg
Description: http-uri-cfg is a JSON Block. Please see below for http-list_filter-list_http-uri-cfg
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
http-list_filter-list_http-uri-cfg¶
Specification Value Type object uri-contains-cfg
Type: Listuri-ends-cfg
Type: Listuri-equal-cfg
Type: Listuri-starts-cfg
Type: List
http-list_filter-list_http-uri-cfg_uri-equal-cfg¶
Specification Value Type list Block object keys http-filter-uri-equals
Description
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
http-list_filter-list_http-uri-cfg_uri-starts-cfg¶
Specification Value Type list Block object keys http-filter-uri-starts-with
Description
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
http-list_filter-list_http-uri-cfg_uri-ends-cfg¶
Specification Value Type list Block object keys http-filter-uri-ends-with
Description
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
http-list_filter-list_http-uri-cfg_uri-contains-cfg¶
Specification Value Type list Block object keys http-filter-uri-contains
Description
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
http-list_filter-list_dst¶
Specification Value Type object http-filter-rate-limit
Description Set rate limit
Type: number
Range: 1-16000000
http-list_filter-list_http-agent-cfg¶
Specification Value Type object agent-contains-cfg
Type: Listagent-ends-cfg
Type: Listagent-equals-cfg
Type: Listagent-starts-cfg
Type: List
http-list_filter-list_http-agent-cfg_agent-contains-cfg¶
Specification Value Type list Block object keys http-filter-agent-contains
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-list_filter-list_http-agent-cfg_agent-ends-cfg¶
Specification Value Type list Block object keys http-filter-agent-ends-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-list_filter-list_http-agent-cfg_agent-equals-cfg¶
Specification Value Type list Block object keys http-filter-agent-equals
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-list_filter-list_http-agent-cfg_agent-starts-cfg¶
Specification Value Type list Block object keys http-filter-agent-starts-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-list_filter-list_http-header-cfg¶
Specification Value Type object http-filter-header-inverse-match
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-filter-header-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
http-list_filter-list_http-referer-cfg¶
Specification Value Type object referer-contains-cfg
Type: Listreferer-ends-cfg
Type: Listreferer-equals-cfg
Type: Listreferer-starts-cfg
Type: List
http-list_filter-list_http-referer-cfg_referer-equals-cfg¶
Specification Value Type list Block object keys http-filter-referer-equals
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-list_filter-list_http-referer-cfg_referer-starts-cfg¶
Specification Value Type list Block object keys http-filter-referer-starts-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-list_filter-list_http-referer-cfg_referer-contains-cfg¶
Specification Value Type list Block object keys http-filter-referer-contains
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-list_filter-list_http-referer-cfg_referer-ends-cfg¶
Specification Value Type list Block object keys http-filter-referer-ends-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-list_mss-timeout¶
Specification Value Type object mss-percent
Description Configure percentage of mss such that if a packet size is below the mss times mss-percent, packet is considered bad.
Type: number
Range: 1-100
mss-timeout-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: mss-timeout-action and mss-timeout-action-list-name are mutually exclusive
mss-timeout-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: mss-timeout-action-list-name and mss-timeout-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
number-packets
Description Specify percentage of mss. Default is 0, mss-timeout is not enabled.
Type: number
Range: 1-31
http-list_malformed-http¶
Specification Value Type object malformed-http
Description ‘check’: Configure malformed HTTP parameters;
Type: string
Supported Values: check
Default: check
malformed-http-action
Description ‘drop’: Drop packets (Default); ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, reset, blacklist-src
Mutual Exclusion: malformed-http-action and malformed-http-action-list-name are mutually exclusive
malformed-http-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: malformed-http-action-list-name and malformed-http-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
malformed-http-bad-chunk-mon-enabled
Description Enabling bad chunk monitoring. Default is disabled
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-http-max-content-length
Description Set the maxinum content-length header. Default value is 4294967295 bytes
Type: number
Range: 1-4294967295
Default: 4294967295
malformed-http-max-header-name-size
Description Set the maxinum header name length. Default value is 64.
Type: number
Range: 1-64
Default: 64
malformed-http-max-line-size
Description Set the maximum line size. Default value is 32512
Type: number
Range: 1-65280
Default: 32512
malformed-http-max-num-headers
Description Set the maximum number of headers. Default value is 90
Type: number
Range: 1-90
Default: 90
malformed-http-max-req-line-size
Description Set the maximum request line size. Default value is 32512
Type: number
Range: 1-65280
Default: 32512
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
http-list_request-header¶
Specification Value Type object header-timeout-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, blacklist-src, reset
Default: drop
Mutual Exclusion: header-timeout-action and header-timeout-action-list-name are mutually exclusive
header-timeout-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: header-timeout-action-list-name and header-timeout-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
timeout
Description
Type: number
Range: 1-63
sip-list¶
Specification Value Type list Block object keys dst
Description: dst is a JSON Block. Please see below for sip-list_dst
Type: Object
filter-header-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/sip/{sip-tmpl-name}/filter-header/{sip-filter-name}
idle-timeout
Description: idle-timeout is a JSON Block. Please see below for sip-list_idle-timeout
Type: Object
malformed-sip
Description: malformed-sip is a JSON Block. Please see below for sip-list_malformed-sip
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/sip/{sip-tmpl-name}/malformed-sip
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for sip-list_multi-pu-threshold-distribution
Type: Object
sip-tmpl-name
Description DDOS SIP Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
src
Description: src is a JSON Block. Please see below for sip-list_src
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
sip-list_src¶
Specification Value Type object sip-request-rate-limit
Description: sip-request-rate-limit is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit
Type: Object
sip-list_src_sip-request-rate-limit¶
Specification Value Type object method
Description: method is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit_method
Type: Object
src-sip-rate-action
Description ‘drop’: Drop packets(Default); ‘ignore’: Take no action; ‘reset’: Reset (sip-tcp) client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Default: drop
Mutual Exclusion: src-sip-rate-action and src-sip-rate-action-list-name are mutually exclusive
src-sip-rate-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-sip-rate-action-list-name and src-sip-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
sip-list_src_sip-request-rate-limit_method¶
Specification Value Type object bye-cfg
Description: bye-cfg is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit_method_bye-cfg
Type: Object
invite-cfg
Description: invite-cfg is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit_method_invite-cfg
Type: Object
message-cfg
Description: message-cfg is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit_method_message-cfg
Type: Object
notify-cfg
Description: notify-cfg is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit_method_notify-cfg
Type: Object
options-cfg
Description: options-cfg is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit_method_options-cfg
Type: Object
refer-cfg
Description: refer-cfg is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit_method_refer-cfg
Type: Object
register-cfg
Description: register-cfg is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit_method_register-cfg
Type: Object
subscribe-cfg
Description: subscribe-cfg is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit_method_subscribe-cfg
Type: Object
update-cfg
Description: update-cfg is a JSON Block. Please see below for sip-list_src_sip-request-rate-limit_method_update-cfg
Type: Object
sip-list_src_sip-request-rate-limit_method_options-cfg¶
Specification Value Type object OPTIONS
Description OPTIONS method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-options-rate
Description
Type: number
Range: 1-16000000
sip-list_src_sip-request-rate-limit_method_refer-cfg¶
Specification Value Type object REFER
Description REFER method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-refer-rate
Description
Type: number
Range: 1-16000000
sip-list_src_sip-request-rate-limit_method_bye-cfg¶
Specification Value Type object BYE
Description BYE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-bye-rate
Description
Type: number
Range: 1-16000000
sip-list_src_sip-request-rate-limit_method_subscribe-cfg¶
Specification Value Type object SUBSCRIBE
Description SUBSCRIBE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-subscribe-rate
Description
Type: number
Range: 1-16000000
sip-list_src_sip-request-rate-limit_method_register-cfg¶
Specification Value Type object REGISTER
Description REGISTER method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-register-rate
Description
Type: number
Range: 1-16000000
sip-list_src_sip-request-rate-limit_method_invite-cfg¶
Specification Value Type object INVITE
Description INVITE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-invite-rate
Description
Type: number
Range: 1-16000000
sip-list_src_sip-request-rate-limit_method_message-cfg¶
Specification Value Type object MESSAGE
Description MESSAGE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-message-rate
Description
Type: number
Range: 1-16000000
sip-list_src_sip-request-rate-limit_method_update-cfg¶
Specification Value Type object UPDATE
Description UPDATE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-update-rate
Description
Type: number
Range: 1-16000000
sip-list_src_sip-request-rate-limit_method_notify-cfg¶
Specification Value Type object NOTIFY
Description NOTIFY method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-notify-rate
Description
Type: number
Range: 1-16000000
sip-list_dst¶
Specification Value Type object sip-request-rate-limit
Description: sip-request-rate-limit is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit
Type: Object
sip-list_dst_sip-request-rate-limit¶
Specification Value Type object dst-sip-rate-action
Description ‘drop’: Drop packets(Default); ‘ignore’: Take no action; ‘reset’: Reset (sip-tcp) client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Default: drop
Mutual Exclusion: dst-sip-rate-action and dst-sip-rate-action-list-name are mutually exclusive
dst-sip-rate-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-sip-rate-action-list-name and dst-sip-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
method
Description: method is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit_method
Type: Object
sip-list_dst_sip-request-rate-limit_method¶
Specification Value Type object bye-cfg
Description: bye-cfg is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit_method_bye-cfg
Type: Object
invite-cfg
Description: invite-cfg is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit_method_invite-cfg
Type: Object
message-cfg
Description: message-cfg is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit_method_message-cfg
Type: Object
notify-cfg
Description: notify-cfg is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit_method_notify-cfg
Type: Object
options-cfg
Description: options-cfg is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit_method_options-cfg
Type: Object
refer-cfg
Description: refer-cfg is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit_method_refer-cfg
Type: Object
register-cfg
Description: register-cfg is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit_method_register-cfg
Type: Object
subscribe-cfg
Description: subscribe-cfg is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit_method_subscribe-cfg
Type: Object
update-cfg
Description: update-cfg is a JSON Block. Please see below for sip-list_dst_sip-request-rate-limit_method_update-cfg
Type: Object
sip-list_dst_sip-request-rate-limit_method_options-cfg¶
Specification Value Type object OPTIONS
Description OPTIONS method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-options-rate
Description
Type: number
Range: 1-16000000
sip-list_dst_sip-request-rate-limit_method_refer-cfg¶
Specification Value Type object REFER
Description REFER method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-refer-rate
Description
Type: number
Range: 1-16000000
sip-list_dst_sip-request-rate-limit_method_bye-cfg¶
Specification Value Type object BYE
Description BYE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-bye-rate
Description
Type: number
Range: 1-16000000
sip-list_dst_sip-request-rate-limit_method_subscribe-cfg¶
Specification Value Type object SUBSCRIBE
Description SUBSCRIBE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-subscribe-rate
Description
Type: number
Range: 1-16000000
sip-list_dst_sip-request-rate-limit_method_register-cfg¶
Specification Value Type object REGISTER
Description REGISTER method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-register-rate
Description
Type: number
Range: 1-16000000
sip-list_dst_sip-request-rate-limit_method_invite-cfg¶
Specification Value Type object INVITE
Description INVITE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-invite-rate
Description
Type: number
Range: 1-16000000
sip-list_dst_sip-request-rate-limit_method_message-cfg¶
Specification Value Type object MESSAGE
Description MESSAGE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-message-rate
Description
Type: number
Range: 1-16000000
sip-list_dst_sip-request-rate-limit_method_update-cfg¶
Specification Value Type object UPDATE
Description UPDATE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-update-rate
Description
Type: number
Range: 1-16000000
sip-list_dst_sip-request-rate-limit_method_notify-cfg¶
Specification Value Type object NOTIFY
Description NOTIFY method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-notify-rate
Description
Type: number
Range: 1-16000000
sip-list_idle-timeout¶
Specification Value Type object idle-timeout-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset (sip-tcp) client connection;
Type: string
Supported Values: drop, blacklist-src, reset
Mutual Exclusion: idle-timeout-action and idle-timeout-action-list-name are mutually exclusive
idle-timeout-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: idle-timeout-action-list-name and idle-timeout-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
idle-timeout-value
Description Set the the idle timeout value for SIP-TCP connections
Type: number
Range: 1-63
ignore-zero-payload
Description Don’t reset idle timer on packets with zero payload length from clients
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sip-list_multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
sip-list_malformed-sip¶
Specification Value Type object malformed-sip-action
Description ‘drop’: Drop packets (Default); ‘reset’: Reset (sip-tcp) client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, reset, blacklist-src
Default: drop
Mutual Exclusion: malformed-sip-action and malformed-sip-action-list-name are mutually exclusive
malformed-sip-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: malformed-sip-action-list-name and malformed-sip-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
malformed-sip-call-id-max-length
Description Set the maximum call-id length. Default value is 32511
Type: number
Range: 1-32511
Default: 32511
malformed-sip-check
Description ‘enable-check’: Enable malformed SIP parameters;
Type: string
Supported Values: enable-check
malformed-sip-max-header-name-length
Description Set the maximum header name length. Default value is 63
Type: number
Range: 1-63
Default: 63
malformed-sip-max-header-value-length
Description Set the maximum header value length. Default value is 32511
Type: number
Range: 1-32511
Default: 32511
malformed-sip-max-line-size
Description Set the maximum line size. Default value is 32511
Type: number
Range: 1-32511
Default: 32511
malformed-sip-max-uri-length
Description Set the maximum uri size. Default value is 32511
Type: number
Range: 1-32511
Default: 32511
malformed-sip-sdp-max-length
Description Set the maxinum SDP content length. Default value is 32511
Type: number
Range: 1-32511
Default: 32511
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
sip-list_filter-header-list¶
Specification Value Type list Block object keys sip-filter-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src; ‘reset’: Reset client connection(for sip-tcp);
Type: string
Supported Values: drop, ignore, blacklist-src, authenticate-src, reset
Mutual Exclusion: sip-filter-action and sip-filter-action-list-name are mutually exclusive
sip-filter-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: sip-filter-action-list-name and sip-filter-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
sip-filter-header-seq
Description Sequence number
Type: number
Range: 1-200
sip-filter-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip-header-cfg
Description: sip-header-cfg is a JSON Block. Please see below for sip-list_filter-header-list_sip-header-cfg
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
sip-list_filter-header-list_sip-header-cfg¶
Specification Value Type object sip-filter-header-inverse-match
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sip-filter-header-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
icmp-v6-list¶
Specification Value Type list Block object keys filter-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}/filter/{icmp-filter-name}
filter-match-type
Description ‘default’: Stop matching on drop/blacklist action; ‘stop-on-first-match’: Stop matching on first match;
Type: string
Supported Values: default, stop-on-first-match
Default: default
icmp-tmpl-name
Description DDOS ICMPv6 Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
type-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}/type/{type-number}
type-other
Description: type-other is a JSON Block. Please see below for icmp-v6-list_type-other
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}/type-other
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
icmp-v6-list_type-list¶
Specification Value Type list Block object keys dst-code-other-rate
Description Specify the rate with other code
Type: number
Range: 1-16000000
dst-code-other-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: dst-code-other-rate-action and dst-code-other-rate-action-list-name are mutually exclusive
dst-code-other-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-code-other-rate-action-list-name and dst-code-other-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
icmp-type-action
Description ‘drop’: Reject this ICMP type; ‘blacklist-src’: Blacklist-src this ICMP type; ‘ignore’: Ignore this ICMP type;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: icmp-type-action and icmp-type-action-list-name are mutually exclusive
icmp-type-action-list-name
Description Configure action-list to take for this ICMP type
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: icmp-type-action-list-name and icmp-type-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
src-code-other-rate
Description Specify the rate with other code
Type: number
Range: 1-16000000
src-code-other-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: src-code-other-rate-action and src-code-other-rate-action-list-name are mutually exclusive
src-code-other-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-code-other-rate-action-list-name and src-code-other-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
type-number
Description Specify ICMP type number
Type: number
Range: 0-255
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
v6-dst-code-cfg
Type: Listv6-dst-rate-cfg
Description: v6-dst-rate-cfg is a JSON Block. Please see below for icmp-v6-list_type-list_v6-dst-rate-cfg
Type: Object
v6-src-code-cfg
Type: Listv6-src-rate-cfg
Description: v6-src-rate-cfg is a JSON Block. Please see below for icmp-v6-list_type-list_v6-src-rate-cfg
Type: Object
icmp-v6-list_type-list_v6-dst-rate-cfg¶
Specification Value Type object dst-type-rate
Description Specify the whole dst rate for this type
Type: number
Range: 1-16000000
dst-type-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: dst-type-rate-action and dst-type-rate-action-list-name are mutually exclusive
dst-type-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-type-rate-action-list-name and dst-type-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
icmp-v6-list_type-list_v6-src-rate-cfg¶
Specification Value Type object src-type-rate
Description Specify the whole src rate for this type
Type: number
Range: 1-16000000
src-type-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: src-type-rate-action and src-type-rate-action-list-name are mutually exclusive
src-type-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-type-rate-action-list-name and src-type-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
icmp-v6-list_type-list_v6-src-code-cfg¶
Specification Value Type list Block object keys src-code-number
Description Specify the ICMP code for this src rate
Type: number
Range: 0-255
src-code-rate
Description Specify the rate with the code
Type: number
Range: 1-16000000
src-code-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: src-code-rate-action and src-code-rate-action-list-name are mutually exclusive
src-code-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-code-rate-action-list-name and src-code-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
icmp-v6-list_type-list_v6-dst-code-cfg¶
Specification Value Type list Block object keys dst-code-number
Description Specify the ICMP code for this dst rate
Type: number
Range: 0-255
dst-code-rate
Description Specify the rate with the code
Type: number
Range: 1-16000000
dst-code-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: dst-code-rate-action and dst-code-rate-action-list-name are mutually exclusive
dst-code-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-code-rate-action-list-name and dst-code-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
icmp-v6-list_type-other¶
Specification Value Type object dst
Description: dst is a JSON Block. Please see below for icmp-v6-list_type-other_dst
Type: Object
icmp-type-other-action
Description ‘drop’: Reject wildcard ICMP type; ‘blacklist-src’: Blacklist-src wildcard ICMP type; ‘ignore’: Ignore wildcard ICMP type;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: icmp-type-other-action and icmp-type-other-action-list-name are mutually exclusive
icmp-type-other-action-list-name
Description Configure action-list to take for wildcard ICMP match
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: icmp-type-other-action-list-name and icmp-type-other-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
src
Description: src is a JSON Block. Please see below for icmp-v6-list_type-other_src
Type: Object
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
icmp-v6-list_type-other_src¶
Specification Value Type object src-type-other-rate
Description Specify the whole src rate for wildcard ICMP type
Type: number
Range: 1-16000000
src-type-other-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: src-type-other-rate-action and src-type-other-rate-action-list-name are mutually exclusive
src-type-other-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-type-other-rate-action-list-name and src-type-other-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
icmp-v6-list_type-other_dst¶
Specification Value Type object dst-type-other-rate
Description Specify the whole dst rate for wildcard ICMP type
Type: number
Range: 1-16000000
dst-type-other-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: dst-type-other-rate-action and dst-type-other-rate-action-list-name are mutually exclusive
dst-type-other-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-type-other-rate-action-list-name and dst-type-other-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
icmp-v6-list_filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description filter using Berkeley packet filter syntax
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
icmp-filter-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, blacklist-src
Default: drop
Mutual Exclusion: icmp-filter-action and icmp-filter-action-list-name are mutually exclusive
icmp-filter-action-list-name
Description list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: icmp-filter-action-list-name and icmp-filter-action are mutually exclusive
icmp-filter-inverse-match
Description Inverse the result of matching
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
icmp-filter-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
icmp-filter-seq
Description sequence number
Type: number
Range: 1-200
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters