ddos zone-template tcp¶
TCP template Configuration
tcp Specification¶
Parameter Value Type Collection Object Key(s) name Collection Name tcp-list Collection URI /axapi/v3/ddos/zone-template/tcp Element Name tcp Element URI /axapi/v3/ddos/zone-template/tcp/{name} Element Attributes tcp_attributes Partition Visibility shared Schema tcp schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/zone-template/tcp | ||
Create List | POST | /axapi/v3/ddos/zone-template/tcp | ||
Get Object | GET | /axapi/v3/ddos/zone-template/tcp/{name} | ||
Get List | GET | /axapi/v3/ddos/zone-template/tcp | ||
Modify Object | POST | /axapi/v3/ddos/zone-template/tcp/{name} | ||
Replace Object | PUT | /axapi/v3/ddos/zone-template/tcp/{name} | ||
Replace List | PUT | /axapi/v3/ddos/zone-template/tcp | ||
Delete Object | DELETE | /axapi/v3/ddos/zone-template/tcp/{name} | ||
tcp-list¶
tcp-list is JSON List of tcp attributes
tcp-list : [
]
tcp attributes¶
ack-authentication
Description: ack-authentication is a JSON Block. Please see below for ack-authentication
Type: Object
ack-authentication-synack-reset
Description Reset client TCP SYN+ACK for authentication (DST support only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
action-on-ack-rto-retry-count
Description Take action if ack-auth RTO-authentication fail over retry time(default:5)
Type: number
Range: 2-10
action-on-syn-rto-retry-count
Description Take action if syn-auth RTO-authentication fail over retry time(default:5)
Type: number
Range: 2-10
age
Description Session age in minutes
Type: number
Range: 1-63
Default: 2
allow-syn-otherflags
Description Treat TCP SYN+PSH as a TCP SYN (DST tcp ports support only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-synack-skip-authentications
Description Allow create sessions on SYNACK without syn-auth and ack-auth (ASYM Mode only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-tcp-tfo
Description Allow TCP Fast Open
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
concurrent
Description Enable concurrent port access for non-matching ports (DST support only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
conn-rate-limit-on-syn-only
Description Only count SYN-initiated connections towards connection-rate tracking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
create-conn-on-syn-only
Description Enable connection establishment on SYN only
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst
Description: dst is a JSON Block. Please see below for dst
Type: Object
filter-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/tcp/{name}/filter/{tcp-filter-name}
filter-match-type
Description ‘default’: Stop matching on drop/blacklist action; ‘stop-on-first-match’: Stop matching on first match;
Type: string
Supported Values: default, stop-on-first-match
Default: default
known-resp-src-port-cfg
Description: known-resp-src-port-cfg is a JSON Block. Please see below for known-resp-src-port-cfg
Type: Object
max-rexmit-syn-per-flow-cfg
Description: max-rexmit-syn-per-flow-cfg is a JSON Block. Please see below for max-rexmit-syn-per-flow-cfg
Type: Object
name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
out-of-seq-cfg
Description: out-of-seq-cfg is a JSON Block. Please see below for out-of-seq-cfg
Type: Object
per-conn-out-of-seq-rate-cfg
Description: per-conn-out-of-seq-rate-cfg is a JSON Block. Please see below for per-conn-out-of-seq-rate-cfg
Type: Object
per-conn-pkt-rate-cfg
Description: per-conn-pkt-rate-cfg is a JSON Block. Please see below for per-conn-pkt-rate-cfg
Type: Object
per-conn-rate-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec; ’10sec’: 10sec;
Type: string
Supported Values: 100ms, 1sec, 10sec
Default: 1sec
per-conn-retransmit-rate-cfg
Description: per-conn-retransmit-rate-cfg is a JSON Block. Please see below for per-conn-retransmit-rate-cfg
Type: Object
per-conn-zero-win-rate-cfg
Description: per-conn-zero-win-rate-cfg is a JSON Block. Please see below for per-conn-zero-win-rate-cfg
Type: Object
progression-tracking
Description: progression-tracking is a JSON Block. Please see below for progression-tracking
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking
retransmit-cfg
Description: retransmit-cfg is a JSON Block. Please see below for retransmit-cfg
Type: Object
src
Description: src is a JSON Block. Please see below for src
Type: Object
syn-authentication
Description: syn-authentication is a JSON Block. Please see below for syn-authentication
Type: Object
syn-cookie
Description Enable SYN Cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
synack-rate-limit
Description Config SYNACK rate limit
Type: number
Range: 1-16000000
Mutual Exclusion: synack-rate-limit and track-together-with-syn are mutually exclusive
track-together-with-syn
Description SYNACK will be counted in Dst Syn-rate limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: track-together-with-syn and synack-rate-limit are mutually exclusive
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zero-win-cfg
Description: zero-win-cfg is a JSON Block. Please see below for zero-win-cfg
Type: Object
syn-authentication¶
Specification Value Type object allow-ra
Description Allow RA packets to be used for auth
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
syn-auth-fail-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Send reset to client (Applicable to retransmit-check only);
Type: string
Supported Values: drop, blacklist-src, reset
Mutual Exclusion: syn-auth-fail-action and syn-auth-fail-action-list-name are mutually exclusive
syn-auth-fail-action-list-name
Description Configure action-list to take for failing the authentication.
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: syn-auth-fail-action-list-name and syn-auth-fail-action are mutually exclusive
syn-auth-min-delay
Description Minimum delay (in 100ms intervals) between SYN retransmits for retransmit-check to pass
Type: number
Range: 1-80
Mutual Exclusion: syn-auth-min-delay and syn-auth-type are mutually exclusive
syn-auth-pass-action
Description ‘authenticate-src’: authenticate-src (Default);
Type: string
Supported Values: authenticate-src
Mutual Exclusion: syn-auth-pass-action and syn-auth-pass-action-list-name are mutually exclusive
syn-auth-pass-action-list-name
Description Configure action-list to take for passing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: syn-auth-pass-action-list-name and syn-auth-pass-action are mutually exclusive
syn-auth-rto
Description Estimate the RTO and apply the exponential back-off for authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
syn-auth-timeout
Description syn retransmit timeout in seconds(default timeout: 5 seconds)
Type: number
Range: 1-31
Mutual Exclusion: syn-auth-timeout and syn-auth-type are mutually exclusive
syn-auth-type
Description ‘send-rst’: Send reset to client after syn cookie check pass; ‘force-rst-by-ack’: Send client a bad ack after syn cookie check pass; ‘force-rst-by-synack’: Send client a bad synack after syn cookie check pass;
Type: string
Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, send-rst-once
Mutual Exclusion: syn-auth-type, syn-auth-timeout, and syn-auth-min-delay are mutually exclusive
ack-authentication¶
Specification Value Type object ack-auth-fail-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Send reset to client;
Type: string
Supported Values: drop, blacklist-src, reset
Mutual Exclusion: ack-auth-fail-action and ack-auth-fail-action-list-name are mutually exclusive
ack-auth-fail-action-list-name
Description Configure action-list to take for failing the authentication.
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: ack-auth-fail-action-list-name and ack-auth-fail-action are mutually exclusive
ack-auth-min-delay
Description Minimum delay (in 100ms intervals) between ACK retransmits for retransmit-check to pass
Type: number
Range: 1-80
ack-auth-only
Description Apply retransmit-check only once per source address for authentication purpose
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ack-auth-pass-action
Description ‘authenticate-src’: authenticate-src (Default);
Type: string
Supported Values: authenticate-src
Mutual Exclusion: ack-auth-pass-action and ack-auth-pass-action-list-name are mutually exclusive
ack-auth-pass-action-list-name
Description Configure action-list to take for passing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: ack-auth-pass-action-list-name and ack-auth-pass-action are mutually exclusive
ack-auth-rto
Description Estimate the RTO and apply the exponential back-off for authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ack-auth-timeout
Description ack retransmit timeout in seconds(default timeout: 5 seconds)
Type: number
Range: 1-31
retransmit-cfg¶
Specification Value Type object retransmit
Description Take action if retransmit pkts exceed configured threshold
Type: number
Range: 1-64000
Mutual Exclusion: retransmit and per-conn-retransmit-rate-limit are mutually exclusive
retransmit-action
Description ‘drop’: Drop packets for retrans exceed (Default); ‘blacklist-src’: help Blacklist-src for retrans exceed; ‘ignore’: help Ignore retrans exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: retransmit-action and retransmit-action-list-name are mutually exclusive
retransmit-action-list-name
Description Configure action-list to take for retransmit exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: retransmit-action-list-name and retransmit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
dst¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for dst_rate-limit
Type: Object
dst_rate-limit¶
Specification Value Type object syn-rate-limit
Description: syn-rate-limit is a JSON Block. Please see below for dst_rate-limit_syn-rate-limit
Type: Object
dst_rate-limit_syn-rate-limit¶
Specification Value Type object dst-syn-rate-action
Description ‘drop’: Drop packets for syn-rate exceed (Default); ‘ignore’: Ignore syn-rate-exceed;
Type: string
Supported Values: drop, ignore
Default: drop
dst-syn-rate-limit
Description
Type: number
Range: 1-16000000
per-conn-retransmit-rate-cfg¶
Specification Value Type object per-conn-retransmit-rate-action
Description ‘drop’: Drop packets for retrans rate exceed (Default); ‘blacklist-src’: help Blacklist-src for retrans rate exceed; ‘ignore’: help Ignore retrans rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: per-conn-retransmit-rate-action and per-conn-retransmit-rate-action-list-name are mutually exclusive
per-conn-retransmit-rate-action-list-name
Description Configure action-list to take for retransmit rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: per-conn-retransmit-rate-action-list-name and per-conn-retransmit-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
per-conn-retransmit-rate-limit
Description Take action if retransmit pkt rate exceed configured threshold
Type: number
Range: 1-16000000
Mutual Exclusion: per-conn-retransmit-rate-limit and retransmit are mutually exclusive
per-conn-zero-win-rate-cfg¶
Specification Value Type object per-conn-zero-win-rate-action
Description ‘drop’: Drop packets for zero-win rate exceed (Default); ‘blacklist-src’: help Blacklist-src for zero-win rate exceed; ‘ignore’: Ignore zero-win rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: per-conn-zero-win-rate-action and per-conn-zero-win-rate-action-list-name are mutually exclusive
per-conn-zero-win-rate-action-list-name
Description Configure action-list to take for zero window rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: per-conn-zero-win-rate-action-list-name and per-conn-zero-win-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
per-conn-zero-win-rate-limit
Description Take action if zero window pkt rate exceed configured threshold
Type: number
Range: 1-16000000
Mutual Exclusion: per-conn-zero-win-rate-limit and zero-win are mutually exclusive
per-conn-pkt-rate-cfg¶
Specification Value Type object per-conn-pkt-rate-action
Description ‘drop’: Drop packets for per-conn-pkt-rate exceed (Default); ‘blacklist-src’: help Blacklist-src for per-conn-pkt-rate exceed; ‘ignore’: Ignore per-conn-pkt-rate-exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: per-conn-pkt-rate-action and per-conn-pkt-rate-action-list-name are mutually exclusive
per-conn-pkt-rate-action-list-name
Description Configure action-list to take for per-conn-pkt-rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: per-conn-pkt-rate-action-list-name and per-conn-pkt-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
per-conn-pkt-rate-limit
Description Packet rate limit per connection per rate-interval
Type: number
Range: 1-16000000
max-rexmit-syn-per-flow-cfg¶
Specification Value Type object max-rexmit-syn-per-flow
Description Maximum number of re-transmit SYN per flow
Type: number
Range: 1-6
max-rexmit-syn-per-flow-action
Description ‘drop’: Drop SYN packets for max-rexmit-syn-per-flow exceed (Default); ‘blacklist-src’: help Blacklist-src for max-rexmit-syn-per-flow exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
max-rexmit-syn-per-flow-action-list-name
Description Configure action-list to take for max-rexmit-syn-per-flow exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
src¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for src_rate-limit
Type: Object
src_rate-limit¶
Specification Value Type object syn-rate-limit
Description: syn-rate-limit is a JSON Block. Please see below for src_rate-limit_syn-rate-limit
Type: Object
src_rate-limit_syn-rate-limit¶
Specification Value Type object src-syn-rate-action
Description ‘drop’: Drop packets for syn-rate exceed (Default); ‘blacklist-src’: Blacklist-src for syn-rate exceed; ‘ignore’: Ignore syn-rate-exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: src-syn-rate-action and src-syn-rate-action-list-name are mutually exclusive
src-syn-rate-action-list-name
Description Configure action-list to take for syn-rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-syn-rate-action-list-name and src-syn-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
src-syn-rate-limit
Description
Type: number
Range: 1-16000000
progression-tracking¶
Specification Value Type object connection-tracking
Description: connection-tracking is a JSON Block. Please see below for progression-tracking_connection-tracking
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking/connection-tracking
first-request-max-time
Description Set the maximum wait time from connection creation until the first data is transmitted over the connection (100 ms)
Type: number
Range: 1-65535
ignore-TLS-handshake
Description Ignore TLS handshake
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
profiling-connection-life-model
Description Enable auto-config progression tracking learning for connection model
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
profiling-request-response-model
Description Enable auto-config progression tracking learning for Request Response model
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
profiling-time-window-model
Description Enable auto-config progression tracking learning for time window model
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
progression-tracking-action
Description ‘drop’: Drop packets for progression tracking violation exceed (Default); ‘blacklist-src’: Blacklist-src for progression tracking violation exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
Mutual Exclusion: progression-tracking-action and progression-tracking-action-list-name are mutually exclusive
progression-tracking-action-list-name
Description Configure action-list to take when progression tracking violation exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: progression-tracking-action-list-name and progression-tracking-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
progression-tracking-enabled
Description ‘enable-check’: Enable Progression Tracking Check;
Type: string
Supported Values: enable-check
request-length-max
Description Set the maximum request length
Type: number
Range: 1-65535
request-length-min
Description Set the minimum request length
Type: number
Range: 1-65535
request-response-model
Description ‘enable’: Enable Request Response Model; ‘disable’: Disable Request Response Model;
Type: string
Supported Values: enable, disable
Default: enable
request-to-response-max-time
Description Set the maximum request to response time (100 ms)
Type: number
Range: 1-65535
response-length-max
Description Set the maximum response length
Type: number
Range: 1-4294967295
response-length-min
Description Set the minimum response length
Type: number
Range: 1-65535
response-request-max-ratio
Description Set the maximum response to request ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-4294967295
response-request-min-ratio
Description Set the minimum response to request ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
response-to-request-max-time
Description Set the maximum response to request time (100 ms)
Type: number
Range: 1-65535
time-window-tracking
Description: time-window-tracking is a JSON Block. Please see below for progression-tracking_time-window-tracking
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking/time-window-tracking
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
violation
Description Set the violation threshold
Type: number
Range: 1-255
progression-tracking_connection-tracking¶
Specification Value Type object conn-duration-max
Description Set the maximum duration time (in unit of 100ms, up to 24 hours)
Type: number
Range: 1-2147483647
conn-duration-min
Description Set the minimum duration time (in unit of 100ms, up to 24 hours)
Type: number
Range: 1-864000
conn-rcvd-max
Description Set the maximum total received byte
Type: number
Range: 1-2147483647
conn-rcvd-min
Description Set the minimum total received byte
Type: number
Range: 1-2147483647
conn-rcvd-sent-ratio-max
Description Set the maximum received to sent ratio (in unit of milli-, 0.001)
Type: number
Range: 1-2147483647
conn-rcvd-sent-ratio-min
Description Set the minimum received to sent ratio (in unit of milli-, 0.001)
Type: number
Range: 1-65535
conn-sent-max
Description Set the maximum total sent byte
Type: number
Range: 1-2147483647
conn-sent-min
Description Set the minimum total sent byte
Type: number
Range: 1-65535
conn-violation
Description Set the violation threshold
Type: number
Range: 1-255
progression-tracking-conn-action
Description ‘drop’: Drop packets for progression tracking violation exceed (Default); ‘blacklist-src’: Blacklist-src for progression tracking violation exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
Mutual Exclusion: progression-tracking-conn-action and progression-tracking-conn-action-list-name are mutually exclusive
progression-tracking-conn-action-list-name
Description Configure action-list to take when progression tracking violation exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: progression-tracking-conn-action-list-name and progression-tracking-conn-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
progression-tracking-conn-enabled
Description ‘enable-check’: Enable General Progression Tracking per Connection;
Type: string
Supported Values: enable-check
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
progression-tracking_time-window-tracking¶
Specification Value Type object progression-tracking-win-enabled
Description ‘enable-check’: Enable Progression Tracking per Time Window;
Type: string
Supported Values: enable-check
progression-tracking-windows-action
Description ‘drop’: Drop packets for progression tracking violation exceed (Default); ‘blacklist-src’: Blacklist-src for progression tracking violation exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
Mutual Exclusion: progression-tracking-windows-action and progression-tracking-windows-action-list-name are mutually exclusive
progression-tracking-windows-action-list-name
Description Configure action-list to take when progression tracking violation exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: progression-tracking-windows-action-list-name and progression-tracking-windows-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
window-rcvd-max
Description Set the maximum total received byte
Type: number
Range: 1-65535
window-rcvd-min
Description Set the minimum total received byte
Type: number
Range: 1-65535
window-rcvd-sent-ratio-max
Description Set the maximum received to sent ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
window-rcvd-sent-ratio-min
Description Set the minimum received to sent ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
window-sent-max
Description Set the maximum total sent byte
Type: number
Range: 1-65535
window-sent-min
Description Set the minimum total sent byte
Type: number
Range: 1-65535
window-violation
Description Set the violation threshold
Type: number
Range: 1-255
filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description Filter using Berkeley Packet Filter syntax
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
tcp-filter-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src;
Type: string
Supported Values: drop, ignore, blacklist-src, authenticate-src
Default: drop
Mutual Exclusion: tcp-filter-action and tcp-filter-action-list-name are mutually exclusive
tcp-filter-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: tcp-filter-action-list-name and tcp-filter-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
tcp-filter-inverse-match
Description Inverse the result of the matching
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-filter-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
tcp-filter-seq
Description Sequence number
Type: number
Range: 1-200
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
known-resp-src-port-cfg¶
Specification Value Type object exclude-src-resp-port
Description Exclude src port equal to dst port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
known-resp-src-port
Description Take action if src-port is less than 1024
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
known-resp-src-port-action
Description ‘drop’: Drop packets from well-known src-port(Default); ‘blacklist-src’: Blacklist-src from well-known src-port; ‘ignore’: Ignore well-known src-port;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: known-resp-src-port-action and known-resp-src-port-action-list-name are mutually exclusive
known-resp-src-port-action-list-name
Description Configure action-list to take for well-known src-port
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: known-resp-src-port-action-list-name and known-resp-src-port-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zero-win-cfg¶
Specification Value Type object zero-win
Description Take action if zero window pkts exceed configured threshold
Type: number
Range: 1-250
Mutual Exclusion: zero-win and per-conn-zero-win-rate-limit are mutually exclusive
zero-win-action
Description ‘drop’: Drop packets for zero-win exceed (Default); ‘blacklist-src’: help Blacklist-src for zero-win exceed; ‘ignore’: Ignore zero-win exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: zero-win-action and zero-win-action-list-name are mutually exclusive
zero-win-action-list-name
Description Configure action-list to take for zero window exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: zero-win-action-list-name and zero-win-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
per-conn-out-of-seq-rate-cfg¶
Specification Value Type object per-conn-out-of-seq-rate-action
Description ‘drop’: Drop packets for out-of-seq rate exceed (Default); ‘blacklist-src’: help Blacklist-src for out-of-seq rate exceed; ‘ignore’: help Ignore out-of-seq rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: per-conn-out-of-seq-rate-action and per-conn-out-of-seq-rate-action-list-name are mutually exclusive
per-conn-out-of-seq-rate-action-list-name
Description Configure action-list to take for out-of-seq rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: per-conn-out-of-seq-rate-action-list-name and per-conn-out-of-seq-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
per-conn-out-of-seq-rate-limit
Description Take action if out-of-seq pkt rate exceed configured threshold
Type: number
Range: 1-16000000
Mutual Exclusion: per-conn-out-of-seq-rate-limit and out-of-seq are mutually exclusive
out-of-seq-cfg¶
Specification Value Type object out-of-seq
Description Take action if out-of-seq pkts exceed configured threshold
Type: number
Range: 1-64000
Mutual Exclusion: out-of-seq and per-conn-out-of-seq-rate-limit are mutually exclusive
out-of-seq-action
Description ‘drop’: Drop packets for out-of-seq exceed (Default); ‘blacklist-src’: help Blacklist-src for out-of-seq exceed; ‘ignore’: help Ignore out-of-seq exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: out-of-seq-action and out-of-seq-action-list-name are mutually exclusive
out-of-seq-action-list-name
Description Configure action-list to take for out-of-seq exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: out-of-seq-action-list-name and out-of-seq-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list