ddos zone-template http¶
HTTP template Configuration
http Specification¶
Parameter Value Type Collection Object Key(s) http-tmpl-name Collection Name http-list Collection URI /axapi/v3/ddos/zone-template/http Element Name http Element URI /axapi/v3/ddos/zone-template/http/{http-tmpl-name} Element Attributes http_attributes Partition Visibility shared Schema http schema
Operations Allowed:
Operation | Method | URI | Payload | |
---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/zone-template/http | ||
Create List | POST | /axapi/v3/ddos/zone-template/http | ||
Get Object | GET | /axapi/v3/ddos/zone-template/http/{http-tmpl-name} | ||
Get List | GET | /axapi/v3/ddos/zone-template/http | ||
Modify Object | POST | /axapi/v3/ddos/zone-template/http/{http-tmpl-name} | ||
Replace Object | PUT | /axapi/v3/ddos/zone-template/http/{http-tmpl-name} | ||
Replace List | PUT | /axapi/v3/ddos/zone-template/http | ||
Delete Object | DELETE | /axapi/v3/ddos/zone-template/http/{http-tmpl-name} | ||
http-list¶
http-list is JSON List of http attributes
http-list : [
]
http attributes¶
challenge
Description: challenge is a JSON Block. Please see below for challenge
Type: Object
client-source-ip
Description: client-source-ip is a JSON Block. Please see below for client-source-ip
Type: Object
disable
Description Disable this template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disallow-connect-method
Description Do not allow HTTP Connect method (asymmetric mode only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst
Description: dst is a JSON Block. Please see below for dst
Type: Object
filter-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/http/{http-tmpl-name}/filter/{http-filter-name}
http-tmpl-name
Description DDOS HTTP Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
idle-timeout
Description: idle-timeout is a JSON Block. Please see below for idle-timeout
Type: Object
malformed-http
Description: malformed-http is a JSON Block. Please see below for malformed-http
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/http/{http-tmpl-name}/malformed-http
mss-timeout
Description: mss-timeout is a JSON Block. Please see below for mss-timeout
Type: Object
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for multi-pu-threshold-distribution
Type: Object
non-http-bypass
Description Bypass non-http traffic instead of dropping
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
out-of-order-queue-size
Description Set the number of packets for the out-of-order HTTP queue (asym mode only)
Type: number
Range: 0-15
Default: 3
out-of-order-queue-timeout
Description Set the timeout value in seconds for out-of-order queue in HTTP (asym mode only)
Type: number
Range: 0-15
Default: 3
request-header
Description: request-header is a JSON Block. Please see below for request-header
Type: Object
slow-read
Description: slow-read is a JSON Block. Please see below for slow-read
Type: Object
src
Description: src is a JSON Block. Please see below for src
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
client-source-ip¶
Specification Value Type object client-source-ip
Description Mitigate on src ip specified by http header for example X-Forwarded-For header. Default is disabled
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-header-name
Description Set the http header name to parse for client ip. Default is X-Forwarded-For
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Default: X-Forwarded-For
dst¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for dst_rate-limit
Type: Object
dst_rate-limit¶
Specification Value Type object http-post
Description: http-post is a JSON Block. Please see below for dst_rate-limit_http-post
Type: Object
http-request
Description: http-request is a JSON Block. Please see below for dst_rate-limit_http-request
Type: Object
response-size
Description: response-size is a JSON Block. Please see below for dst_rate-limit_response-size
Type: Object
dst_rate-limit_response-size¶
Specification Value Type object between-cfg
Type: Listgreater-cfg
Type: Listless-cfg
Type: Listresponse-size-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: response-size-action and response-size-action-list-name are mutually exclusive
response-size-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: response-size-action-list-name and response-size-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
dst_rate-limit_response-size_between-cfg¶
Specification Value Type list Block object keys obj-between-rate
Description Response rate limit
Type: number
Range: 1-16000000
obj-between1
Description Response size configuration
Type: number
Range: 1-16000000
obj-between2
Description Response size configuration
Type: number
Range: 1-16000000
dst_rate-limit_response-size_greater-cfg¶
Specification Value Type list Block object keys obj-greater
Description Response size configuration
Type: number
Range: 1-16000000
obj-greater-rate
Description Response rate limit
Type: number
Range: 1-16000000
dst_rate-limit_response-size_less-cfg¶
Specification Value Type list Block object keys obj-less
Description Response size configuration
Type: number
Range: 1-16000000
obj-less-rate
Description Response rate limit
Type: number
Range: 1-16000000
dst_rate-limit_http-post¶
Specification Value Type object dst-post-rate-limit
Description
Type: number
Range: 1-16000000
dst-post-rate-limit-action
Description ‘drop’: Drop packets(Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Default: drop
Mutual Exclusion: dst-post-rate-limit-action and dst-post-rate-limit-action-list-name are mutually exclusive
dst-post-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-post-rate-limit-action-list-name and dst-post-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
dst_rate-limit_http-request¶
Specification Value Type object dst-request-rate
Description
Type: number
Range: 1-16000000
dst-request-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Default: drop
Mutual Exclusion: dst-request-rate-limit-action and dst-request-rate-limit-action-list-name are mutually exclusive
dst-request-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-request-rate-limit-action-list-name and dst-request-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
src¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for src_rate-limit
Type: Object
src_rate-limit¶
Specification Value Type object http-post
Description: http-post is a JSON Block. Please see below for src_rate-limit_http-post
Type: Object
http-request
Description: http-request is a JSON Block. Please see below for src_rate-limit_http-request
Type: Object
src_rate-limit_http-post¶
Specification Value Type object src-post-rate-limit
Description
Type: number
Range: 1-16000000
src-post-rate-limit-action
Description ‘drop’: Drop packets(Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Default: drop
Mutual Exclusion: src-post-rate-limit-action and src-post-rate-limit-action-list-name are mutually exclusive
src-post-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-post-rate-limit-action-list-name and src-post-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
src_rate-limit_http-request¶
Specification Value Type object src-request-rate
Description
Type: number
Range: 1-16000000
src-request-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Default: drop
Mutual Exclusion: src-request-rate-limit-action and src-request-rate-limit-action-list-name are mutually exclusive
src-request-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-request-rate-limit-action-list-name and src-request-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
challenge¶
Specification Value Type object challenge-cookie-name
Description Set the cookie name used to send back to client. Default is sto-idd
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Default: sto-idd
challenge-fail-action
Description ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection(Default);
Type: string
Supported Values: blacklist-src, reset
Default: reset
Mutual Exclusion: challenge-fail-action and challenge-fail-action-list-name are mutually exclusive
challenge-fail-action-list-name
Description Configure action-list to take for failing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: challenge-fail-action-list-name and challenge-fail-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
challenge-interval
Description Specify the challenge interval. Default is 8 seconds
Type: number
Range: 1-31
Default: 8
challenge-keep-cookie
Description Keep the challenge cookie from client and forward to backend. Default is do not keep
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
challenge-method
Description ‘http-redirect’: http-redirect; ‘javascript’: javascript;
Type: string
Supported Values: http-redirect, javascript
challenge-pass-action
Description ‘authenticate-src’: Authenticate-src (Default);
Type: string
Supported Values: authenticate-src
Mutual Exclusion: challenge-pass-action and challenge-pass-action-list-name are mutually exclusive
challenge-pass-action-list-name
Description Configure action-list to take for passing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: challenge-pass-action-list-name and challenge-pass-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
challenge-redirect-code
Description ‘302’: 302 Found; ‘307’: 307 Temporary Redirect;
Type: string
Supported Values: 302, 307
Default: 302
challenge-uri-encode
Description Encode the challenge phrase in uri instead of in http cookie. Default encoded in http cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
idle-timeout¶
Specification Value Type object idle-timeout-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, blacklist-src, reset
Mutual Exclusion: idle-timeout-action and idle-timeout-action-list-name are mutually exclusive
idle-timeout-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: idle-timeout-action-list-name and idle-timeout-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
idle-timeout-value
Description Set the the idle timeout value in seconds for HTTP connections
Type: number
Range: 1-63
ignore-zero-payload
Description Don’t reset idle timer on packets with zero payload length from clients
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
slow-read¶
Specification Value Type object min-window-count
Description Number of packets
Type: number
Range: 1-31
min-window-size
Description minimum window size
Type: number
Range: 1-65535
slow-read-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘ignore’: Take no action; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, blacklist-src, ignore, reset
Mutual Exclusion: slow-read-action and slow-read-action-list-name are mutually exclusive
slow-read-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: slow-read-action-list-name and slow-read-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
filter-list¶
Specification Value Type list Block object keys dst
Description: dst is a JSON Block. Please see below for filter-list_dst
Type: Object
http-agent-cfg
Description: http-agent-cfg is a JSON Block. Please see below for filter-list_http-agent-cfg
Type: Object
http-filter-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, authenticate-src, reset
Mutual Exclusion: http-filter-action and http-filter-action-list-name are mutually exclusive
http-filter-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: http-filter-action-list-name and http-filter-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
http-filter-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-filter-seq
Description Sequence number
Type: number
Range: 1-200
http-header-cfg
Description: http-header-cfg is a JSON Block. Please see below for filter-list_http-header-cfg
Type: Object
http-referer-cfg
Description: http-referer-cfg is a JSON Block. Please see below for filter-list_http-referer-cfg
Type: Object
http-uri-cfg
Description: http-uri-cfg is a JSON Block. Please see below for filter-list_http-uri-cfg
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
filter-list_http-uri-cfg¶
Specification Value Type object uri-contains-cfg
Type: Listuri-ends-cfg
Type: Listuri-equal-cfg
Type: Listuri-starts-cfg
Type: List
filter-list_http-uri-cfg_uri-equal-cfg¶
Specification Value Type list Block object keys http-filter-uri-equals
Description
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
filter-list_http-uri-cfg_uri-starts-cfg¶
Specification Value Type list Block object keys http-filter-uri-starts-with
Description
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
filter-list_http-uri-cfg_uri-ends-cfg¶
Specification Value Type list Block object keys http-filter-uri-ends-with
Description
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
filter-list_http-uri-cfg_uri-contains-cfg¶
Specification Value Type list Block object keys http-filter-uri-contains
Description
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
filter-list_dst¶
Specification Value Type object http-filter-rate-limit
Description Set rate limit
Type: number
Range: 1-16000000
filter-list_http-agent-cfg¶
Specification Value Type object agent-contains-cfg
Type: Listagent-ends-cfg
Type: Listagent-equals-cfg
Type: Listagent-starts-cfg
Type: List
filter-list_http-agent-cfg_agent-contains-cfg¶
Specification Value Type list Block object keys http-filter-agent-contains
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
filter-list_http-agent-cfg_agent-ends-cfg¶
Specification Value Type list Block object keys http-filter-agent-ends-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
filter-list_http-agent-cfg_agent-equals-cfg¶
Specification Value Type list Block object keys http-filter-agent-equals
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
filter-list_http-agent-cfg_agent-starts-cfg¶
Specification Value Type list Block object keys http-filter-agent-starts-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
filter-list_http-header-cfg¶
Specification Value Type object http-filter-header-inverse-match
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-filter-header-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
filter-list_http-referer-cfg¶
Specification Value Type object referer-contains-cfg
Type: Listreferer-ends-cfg
Type: Listreferer-equals-cfg
Type: Listreferer-starts-cfg
Type: List
filter-list_http-referer-cfg_referer-equals-cfg¶
Specification Value Type list Block object keys http-filter-referer-equals
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
filter-list_http-referer-cfg_referer-starts-cfg¶
Specification Value Type list Block object keys http-filter-referer-starts-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
filter-list_http-referer-cfg_referer-contains-cfg¶
Specification Value Type list Block object keys http-filter-referer-contains
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
filter-list_http-referer-cfg_referer-ends-cfg¶
Specification Value Type list Block object keys http-filter-referer-ends-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
mss-timeout¶
Specification Value Type object mss-percent
Description Configure percentage of mss such that if a packet size is below the mss times mss-percent, packet is considered bad.
Type: number
Range: 1-100
mss-timeout-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: mss-timeout-action and mss-timeout-action-list-name are mutually exclusive
mss-timeout-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: mss-timeout-action-list-name and mss-timeout-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
number-packets
Description Specify percentage of mss. Default is 0, mss-timeout is not enabled.
Type: number
Range: 1-31
malformed-http¶
Specification Value Type object malformed-http
Description ‘check’: Configure malformed HTTP parameters;
Type: string
Supported Values: check
Default: check
malformed-http-action
Description ‘drop’: Drop packets (Default); ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, reset, blacklist-src
Mutual Exclusion: malformed-http-action and malformed-http-action-list-name are mutually exclusive
malformed-http-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: malformed-http-action-list-name and malformed-http-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
malformed-http-bad-chunk-mon-enabled
Description Enabling bad chunk monitoring. Default is disabled
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-http-max-content-length
Description Set the maxinum content-length header. Default value is 4294967295 bytes
Type: number
Range: 1-4294967295
Default: 4294967295
malformed-http-max-header-name-size
Description Set the maxinum header name length. Default value is 64.
Type: number
Range: 1-64
Default: 64
malformed-http-max-line-size
Description Set the maximum line size. Default value is 32512
Type: number
Range: 1-65280
Default: 32512
malformed-http-max-num-headers
Description Set the maximum number of headers. Default value is 90
Type: number
Range: 1-90
Default: 90
malformed-http-max-req-line-size
Description Set the maximum request line size. Default value is 32512
Type: number
Range: 1-65280
Default: 32512
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
request-header¶
Specification Value Type object header-timeout-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, blacklist-src, reset
Default: drop
Mutual Exclusion: header-timeout-action and header-timeout-action-list-name are mutually exclusive
header-timeout-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: header-timeout-action-list-name and header-timeout-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
timeout
Description
Type: number
Range: 1-63