ddos zone-template ssl-l4¶
SSL-L4 template Configuration
ssl-l4 Specification¶
Parameter Value Type Collection Object Key(s) ssl-l4-tmpl-name Collection Name ssl-l4-list Collection URI /axapi/v3/ddos/zone-template/ssl-l4 Element Name ssl-l4 Element URI /axapi/v3/ddos/zone-template/ssl-l4/{ssl-l4-tmpl-name} Element Attributes ssl-l4_attributes Partition Visibility shared Schema ssl-l4 schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/zone-template/ssl-l4 | ||
Create List | POST | /axapi/v3/ddos/zone-template/ssl-l4 | ||
Get Object | GET | /axapi/v3/ddos/zone-template/ssl-l4/{ssl-l4-tmpl-name} | ||
Get List | GET | /axapi/v3/ddos/zone-template/ssl-l4 | ||
Modify Object | POST | /axapi/v3/ddos/zone-template/ssl-l4/{ssl-l4-tmpl-name} | ||
Replace Object | PUT | /axapi/v3/ddos/zone-template/ssl-l4/{ssl-l4-tmpl-name} | ||
Replace List | PUT | /axapi/v3/ddos/zone-template/ssl-l4 | ||
Delete Object | DELETE | /axapi/v3/ddos/zone-template/ssl-l4/{ssl-l4-tmpl-name} | ||
ssl-l4-list¶
ssl-l4-list is JSON List of ssl-l4 attributes
ssl-l4-list : [
]
ssl-l4 attributes¶
allow-non-tls
Description Allow Non-TLS (SSLv3 and lower) traffic (Warning: security may be compromised)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
auth-handshake
Description: auth-handshake is a JSON Block. Please see below for auth-handshake
Type: Object
disable
Description Disable this template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst
Description: dst is a JSON Block. Please see below for dst
Type: Object
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for multi-pu-threshold-distribution
Type: Object
renegotiation
Description: renegotiation is a JSON Block. Please see below for renegotiation
Type: Object
src
Description: src is a JSON Block. Please see below for src
Type: Object
ssl-l4-tmpl-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-traffic-check
Description: ssl-traffic-check is a JSON Block. Please see below for ssl-traffic-check
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/ssl-l4/{ssl-l4-tmpl-name}/ssl-traffic-check
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
auth-handshake¶
Specification Value Type object auth-handshake-fail-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, blacklist-src, reset
Mutual Exclusion: auth-handshake-fail-action and auth-handshake-fail-action-list-name are mutually exclusive
auth-handshake-fail-action-list-name
Description Configure action-list to take for failing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: auth-handshake-fail-action-list-name and auth-handshake-fail-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
auth-handshake-pass-action
Description ‘authenticate-src’: authenticate-src (Default);
Type: string
Supported Values: authenticate-src
Mutual Exclusion: auth-handshake-pass-action and auth-handshake-pass-action-list-name are mutually exclusive
auth-handshake-pass-action-list-name
Description Configure action-list to take for passing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: auth-handshake-pass-action-list-name and auth-handshake-pass-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
auth-handshake-timeout
Description Connection timeout (default 5 seconds) and trials (default 5 times) (DST support only)
Type: number
Range: 1-31
Default: 5
auth-handshake-trials
Description Number of failed handshakes before entry marked black
Type: number
Range: 0-15
Default: 5
cert-cfg
Description: cert-cfg is a JSON Block. Please see below for auth-handshake_cert-cfg
Type: Object
server-name-list
Type: List
auth-handshake_cert-cfg¶
Specification Value Type object cert
Description SSL certificate
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
key
Description SSL key
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
key-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)key-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
auth-handshake_server-name-list¶
Specification Value Type list Block object keys server-cert
Description Server Certificate associated to SNI (Server Certificate Name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
server-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)server-key
Description Server Private Key associated to SNI (Server Private Key Name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
server-name
Description Server name indication in Client hello extension (Server name String)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
server-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
src¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for src_rate-limit
Type: Object
src_rate-limit¶
Specification Value Type object request
Description: request is a JSON Block. Please see below for src_rate-limit_request
Type: Object
src_rate-limit_request¶
Specification Value Type object src-request-rate-limit
Description
Type: number
Range: 1-16000000
src-request-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, reset
Mutual Exclusion: src-request-rate-limit-action and src-request-rate-limit-action-list-name are mutually exclusive
src-request-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-request-rate-limit-action-list-name and src-request-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
dst¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for dst_rate-limit
Type: Object
dst_rate-limit¶
Specification Value Type object request
Description: request is a JSON Block. Please see below for dst_rate-limit_request
Type: Object
dst_rate-limit_request¶
Specification Value Type object dst-request-rate-limit
Description
Type: number
Range: 1-16000000
dst-request-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, reset
Mutual Exclusion: dst-request-rate-limit-action and dst-request-rate-limit-action-list-name are mutually exclusive
dst-request-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-request-rate-limit-action-list-name and dst-request-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
ssl-traffic-check¶
Specification Value Type object check-resumed-connection
Description Apply checks to SSL connections initialized by ACK packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
header-action
Description ‘drop’: Drop packets with bad ssl header; ‘ignore’: Forward packets with bad ssl header;
Type: string
Supported Values: drop, ignore
header-inspection
Description Inspect ssl header
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
renegotiation¶
Specification Value Type object num-renegotiation
Description Number of renegotiation allowed
Type: number
Range: 0-7
ssl-l4-reneg-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: ssl-l4-reneg-action and ssl-l4-reneg-action-list-name are mutually exclusive
ssl-l4-reneg-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: ssl-l4-reneg-action-list-name and ssl-l4-reneg-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list