ddos zone-template udp¶
UDP template configuration
udp Specification¶
Parameter Value Type Collection Object Key(s) name Collection Name udp-list Collection URI /axapi/v3/ddos/zone-template/udp Element Name udp Element URI /axapi/v3/ddos/zone-template/udp/{name} Element Attributes udp_attributes Partition Visibility shared Schema udp schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/zone-template/udp | ||
Create List | POST | /axapi/v3/ddos/zone-template/udp | ||
Get Object | GET | /axapi/v3/ddos/zone-template/udp/{name} | ||
Get List | GET | /axapi/v3/ddos/zone-template/udp | ||
Modify Object | POST | /axapi/v3/ddos/zone-template/udp/{name} | ||
Replace Object | PUT | /axapi/v3/ddos/zone-template/udp/{name} | ||
Replace List | PUT | /axapi/v3/ddos/zone-template/udp | ||
Delete Object | DELETE | /axapi/v3/ddos/zone-template/udp/{name} | ||
udp-list¶
udp-list is JSON List of udp attributes
udp-list : [
]
udp attributes¶
age
Description Configure session age(in minutes) for UDP sessions
Type: number
Range: 1-63
Default: 2
filter-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/udp/{name}/filter/{udp-filter-name}
filter-match-type
Description ‘default’: Stop matching on drop/blacklist action; ‘stop-on-first-match’: Stop matching on first match;
Type: string
Supported Values: default, stop-on-first-match
Default: default
known-resp-src-port-cfg
Description: known-resp-src-port-cfg is a JSON Block. Please see below for known-resp-src-port-cfg
Type: Object
max-payload-size-cfg
Description: max-payload-size-cfg is a JSON Block. Please see below for max-payload-size-cfg
Type: Object
min-payload-size-cfg
Description: min-payload-size-cfg is a JSON Block. Please see below for min-payload-size-cfg
Type: Object
name
Description DDOS UDP Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ntp-monlist-cfg
Description: ntp-monlist-cfg is a JSON Block. Please see below for ntp-monlist-cfg
Type: Object
per-conn-pkt-rate-cfg
Description: per-conn-pkt-rate-cfg is a JSON Block. Please see below for per-conn-pkt-rate-cfg
Type: Object
per-conn-rate-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
Default: 1sec
previous-salt-timeout
Description Token-Authentication previous salt-prefix timeout in minutes, default is 1 min
Type: number
Range: 1-10080
Default: 1
public-ipv4-addr
Description IP address
Type: string
Format: ipv4-address
public-ipv6-addr
Description IPV6 address
Type: string
Format: ipv6-address
spoof-detect-fail-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src for spoof-detect fail;
Type: string
Supported Values: drop, blacklist-src
Mutual Exclusion: spoof-detect-fail-action and spoof-detect-fail-action-list-name are mutually exclusive
spoof-detect-fail-action-list-name
Description Configure action-list to take for failing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: spoof-detect-fail-action-list-name and spoof-detect-fail-action are mutually exclusive
spoof-detect-min-delay
Description Optional minimum delay between UDP retransmits for authentication to pass, unit is specified by min-delay-interval
Type: number
Range: 1-80
spoof-detect-min-delay-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
Default: 1sec
spoof-detect-pass-action
Description ‘authenticate-src’: authenticate-src (Default);
Type: string
Supported Values: authenticate-src
Mutual Exclusion: spoof-detect-pass-action and spoof-detect-pass-action-list-name are mutually exclusive
spoof-detect-pass-action-list-name
Description Configure action-list to take for passing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: spoof-detect-pass-action-list-name and spoof-detect-pass-action are mutually exclusive
spoof-detect-retry-timeout
Description Timeout in seconds
Type: number
Range: 1-31
token-authentication
Description Enable Token Authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-formula
Description ‘md5_Salt-SrcIp-SrcPort-DstIp-DstPort’: md5 of Salt-SrcIp-SrcPort-DstIp-DstPort; ‘md5_Salt-DstIp-DstPort’: md5 of Salt-DstIp-DstPort; ‘md5_Salt-SrcIp-DstIp’: md5 of Salt-SrcIp-DstIp; ‘md5_Salt-SrcPort-DstPort’: md5 of Salt-SrcPort-DstPort; ‘md5_Salt-UintDstIp-DstPort’: Using the uint value of IP for md5 of Salt-DstIp-DstPort; ‘sha1_Salt-SrcIp-SrcPort-DstIp-DstPort’: sha1 of Salt-SrcIp-SrcPort-DstIp-DstPort; ‘sha1_Salt-DstIp-DstPort’: sha1 of Salt-DstIp-DstPort; ‘sha1_Salt-SrcIp-DstIp’: sha1 of Salt-SrcIp-DstIp; ‘sha1_Salt-SrcPort-DstPort’: sha1 of Salt-SrcPort-DstPort; ‘sha1_Salt-UintDstIp-DstPort’: Using the uint value of IP for sha1 of Salt-DstIp-DstPort;
Type: string
Supported Values: md5_Salt-SrcIp-SrcPort-DstIp-DstPort, md5_Salt-DstIp-DstPort, md5_Salt-SrcIp-DstIp, md5_Salt-SrcPort-DstPort, md5_Salt-UintDstIp-DstPort, sha1_Salt-SrcIp-SrcPort-DstIp-DstPort, sha1_Salt-DstIp-DstPort, sha1_Salt-SrcIp-DstIp, sha1_Salt-SrcPort-DstPort, sha1_Salt-UintDstIp-DstPort
token-authentication-hw-assist-disable
Description token-authentication disable hardware assistance
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-public-address
Description The server public IP address
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-salt-prefix
Description token-authentication salt-prefix
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-salt-prefix-curr
Description
Type: number
Range: 1-4294967295
token-authentication-salt-prefix-prev
Description
Type: number
Range: 1-4294967295
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ntp-monlist-cfg¶
Specification Value Type object ntp-monlist
Description Take action for ntp monlist request/response
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ntp-monlist-action
Description ‘drop’: Drop packets for ntp-monlist (Default); ‘blacklist-src’: Blacklist-src for ntp-monlist; ‘ignore’: Ignore ntp-monlist;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: ntp-monlist-action and ntp-monlist-action-list-name are mutually exclusive
ntp-monlist-action-list-name
Description Configure action-list to take for ntp-monlist
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: ntp-monlist-action-list-name and ntp-monlist-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
known-resp-src-port-cfg¶
Specification Value Type object exclude-src-resp-port
Description Exclude src port equal to dst port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
known-resp-src-port
Description Take action if src-port is less than 1024
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
known-resp-src-port-action
Description ‘drop’: Drop packets from well-known src-port(Default); ‘blacklist-src’: Blacklist-src from well-known src-port; ‘ignore’: Ignore well-known src-port;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: known-resp-src-port-action and known-resp-src-port-action-list-name are mutually exclusive
known-resp-src-port-action-list-name
Description Configure action-list to take for well-known src-port
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: known-resp-src-port-action-list-name and known-resp-src-port-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
per-conn-pkt-rate-cfg¶
Specification Value Type object per-conn-pkt-rate-action
Description ‘drop’: Drop packets for per-conn-pkt-rate exceed (Default); ‘blacklist-src’: help Blacklist-src for per-conn-pkt-rate exceed; ‘ignore’: Ignore per-conn-pkt-rate-exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: per-conn-pkt-rate-action and per-conn-pkt-rate-action-list-name are mutually exclusive
per-conn-pkt-rate-action-list-name
Description Configure action-list to take for per-conn-pkt-rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: per-conn-pkt-rate-action-list-name and per-conn-pkt-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
per-conn-pkt-rate-limit
Description Packet rate limit per connection per rate-interval
Type: number
Range: 1-16000000
min-payload-size-cfg¶
Specification Value Type object min-payload-size
Description Minimum UDP payload size for each single packet
Type: number
Range: 1-1470
min-payload-size-action
Description ‘drop’: Drop packets for min-payload-size (Default); ‘blacklist-src’: Blacklist-src for min-payload-size; ‘ignore’: Do nothing for min-payload-size exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: min-payload-size-action and min-payload-size-action-list-name are mutually exclusive
min-payload-size-action-list-name
Description Configure action-list to take for min-payload-size exceed
Type: string
Format: string-rlx
Maximum Length: 64 characters
Maximum Length: 1 characters
Mutual Exclusion: min-payload-size-action-list-name and min-payload-size-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description Filter using Berkeley Packet Filter syntax
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
udp-filter-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src;
Type: string
Supported Values: drop, ignore, blacklist-src, authenticate-src
Default: drop
Mutual Exclusion: udp-filter-action and udp-filter-action-list-name are mutually exclusive
udp-filter-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: udp-filter-action-list-name and udp-filter-action are mutually exclusive
udp-filter-inverse-match
Description Inverse the result of the matching
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
udp-filter-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
udp-filter-seq
Description Sequence number
Type: number
Range: 1-200
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
max-payload-size-cfg¶
Specification Value Type object max-payload-size
Description Maximum UDP payload size for each single packet
Type: number
Range: 1-1470
max-payload-size-action
Description ‘drop’: Drop packets for max-payload-size exceed (Default); ‘blacklist-src’: Blacklist-src for max-payload-size exceed; ‘ignore’: Do nothing for max-payload-size exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: max-payload-size-action and max-payload-size-action-list-name are mutually exclusive
max-payload-size-action-list-name
Description Configure action-list to take for max-payload-size exceed
Type: string
Format: string-rlx
Maximum Length: 64 characters
Maximum Length: 1 characters
Mutual Exclusion: max-payload-size-action-list-name and max-payload-size-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list