slb template¶
Define an SLB template
template Specification¶
Parameter Value Type Intermediate Resource Element Name template Element URI /axapi/v3/slb/template Element Attributes template_attributes Partition Visibility shared Schema template schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Get Object | GET | /axapi/v3/slb/template | template_attributes |
template attributes¶
cache-list
Type: List
Reference Object: /axapi/v3/slb/template/cache/{name}
cipher-list
Type: List
Reference Object: /axapi/v3/slb/template/cipher/{name}
client-ssh-list
Type: List
Reference Object: /axapi/v3/slb/template/client-ssh/{name}
client-ssl-list
Type: List
Reference Object: /axapi/v3/slb/template/client-ssl/{name}
connection-reuse-list
Type: List
Reference Object: /axapi/v3/slb/template/connection-reuse/{name}
dblb-list
Type: List
Reference Object: /axapi/v3/slb/template/dblb/{name}
diameter-list
Type: List
Reference Object: /axapi/v3/slb/template/diameter/{name}
dns-list
Type: List
Reference Object: /axapi/v3/slb/template/dns/{name}
dns-logging-list
Type: List
Reference Object: /axapi/v3/slb/template/dns-logging/{name}
doh-list
Type: List
Reference Object: /axapi/v3/slb/template/doh/{name}
dynamic-service-list
Type: List
Reference Object: /axapi/v3/slb/template/dynamic-service/{name}
external-service-list
Type: List
Reference Object: /axapi/v3/slb/template/external-service/{name}
fix-list
Type: List
Reference Object: /axapi/v3/slb/template/fix/{name}
ftp-list
Type: List
Reference Object: /axapi/v3/slb/template/ftp/{name}
http-list
Type: List
Reference Object: /axapi/v3/slb/template/http/{name}
http-policy-list
Type: List
Reference Object: /axapi/v3/slb/template/http-policy/{name}
imap-pop3-list
Type: List
Reference Object: /axapi/v3/slb/template/imap-pop3/{name}
link-block-as-down
Description: link-block-as-down is a JSON Block. Please see below for link-block-as-down
Type: Object
Reference Object: /axapi/v3/slb/template/link-block-as-down
link-cost-list
Type: List
Reference Object: /axapi/v3/slb/template/link-cost/{name}
link-down-on-restart
Description: link-down-on-restart is a JSON Block. Please see below for link-down-on-restart
Type: Object
Reference Object: /axapi/v3/slb/template/link-down-on-restart
link-probe-list
Type: List
Reference Object: /axapi/v3/slb/template/link-probe/{name}
logging-list
Type: List
Reference Object: /axapi/v3/slb/template/logging/{name}
monitor-list
Type: List
Reference Object: /axapi/v3/slb/template/monitor/{id}
mqtt-list
Type: List
Reference Object: /axapi/v3/slb/template/mqtt/{name}
persist
Description: persist is a JSON Block. Please see below for persist
Type: Object
Reference Object: /axapi/v3/slb/template/persist
policy-list
Type: List
Reference Object: /axapi/v3/slb/template/policy/{name}
port-list
Type: List
Reference Object: /axapi/v3/slb/template/port/{name}
quic-list
Type: List
Reference Object: /axapi/v3/slb/template/quic/{name}
reqmod-icap-list
Type: List
Reference Object: /axapi/v3/slb/template/reqmod-icap/{name}
respmod-icap-list
Type: List
Reference Object: /axapi/v3/slb/template/respmod-icap/{name}
server-list
Type: List
Reference Object: /axapi/v3/slb/template/server/{name}
server-ssh-list
Type: List
Reference Object: /axapi/v3/slb/template/server-ssh/{name}
server-ssl-list
Type: List
Reference Object: /axapi/v3/slb/template/server-ssl/{name}
sip-list
Type: List
Reference Object: /axapi/v3/slb/template/sip/{name}
smpp-list
Type: List
Reference Object: /axapi/v3/slb/template/smpp/{name}
smtp-list
Type: List
Reference Object: /axapi/v3/slb/template/smtp/{name}
ssli-list
Type: List
Reference Object: /axapi/v3/slb/template/ssli/{name}
tcp-list
Type: List
Reference Object: /axapi/v3/slb/template/tcp/{name}
tcp-proxy-list
Type: List
Reference Object: /axapi/v3/slb/template/tcp-proxy/{name}
udp-list
Type: List
Reference Object: /axapi/v3/slb/template/udp/{name}
virtual-port-list
Type: List
Reference Object: /axapi/v3/slb/template/virtual-port/{name}
virtual-server-list
Type: List
Reference Object: /axapi/v3/slb/template/virtual-server/{name}
logging-list¶
Specification Value Type list Block object keys auto
Description ‘auto’: Configure auto NAT for logging, default is auto enabled;
Type: string
Supported Values: auto
Default: auto
Mutual Exclusion: auto and pool are mutually exclusive
format
Description Specify a format string for web logging (format string(less than 250 characters) for web logging)
Type: string
Format: string-rlx
Maximum Length: 250 characters
Maximum Length: 1 characters
keep-end
Description Number of unmasked characters at the end (default: 0)
Type: number
Range: 0-65535
Default: 0
keep-start
Description Number of unmasked characters at the beginning (default: 0)
Type: number
Range: 0-65535
Default: 0
local-logging
Description 1 to enable local logging (1 to enable local logging, default 0)
Type: number
Range: 0-1
Default: 0
mask
Description Character to mask the matched pattern (default: X)
Type: string
Maximum Length: 1 characters
Maximum Length: 1 characters
Default: X
name
Description Logging Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
pcre-mask
Description Mask matched PCRE pattern in the log
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
pool
Description Specify NAT pool or pool group
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: pool, shared-partition-pool, and auto are mutually exclusive
Reference Object: /axapi/v3/ip/nat/pool
pool-shared
Description Specify NAT pool or pool group
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ip/nat/pool
service-group
Description Bind a Service Group to the logging template (Service Group Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
shared-partition-pool
Description Reference a NAT pool or pool group from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: shared-partition-pool and pool are mutually exclusive
shared-partition-tcp-proxy-template
Description Reference a TCP Proxy template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: shared-partition-tcp-proxy-template and tcp-proxy are mutually exclusive
tcp-proxy
Description TCP Proxy Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: tcp-proxy and shared-partition-tcp-proxy-template are mutually exclusive
Reference Object: /axapi/v3/slb/template/tcp-proxy
template-tcp-proxy-shared
Description TCP Proxy Template name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/tcp-proxy
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
cache-list¶
Specification Value Type list Block object keys accept-reload-req
Description Accept reload requests via cache-control directives in HTTP headers
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
age
Description Specify duration in seconds cached content valid, default is 3600 seconds (seconds that the cached content is valid (default 3600 seconds))
Type: number
Range: 1-999999
Default: 3600
default-policy-nocache
Description Specify default policy to be to not cache
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-insert-age
Description Disable insertion of age header in response served from RAM cache
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-insert-via
Description Disable insertion of via header in response served from RAM cache
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
local-uri-policy
Type: Listlogging
Description Specify logging template (Logging Config name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/logging
max-cache-size
Description Specify maximum cache size in megabytes, default is 80MB (RAM cache size in megabytes (default 80MB))
Type: number
Range: 1-4096
Default: 80
max-content-size
Description Maximum size (bytes) of response that can be cached - default 81920 (80KB)
Type: number
Range: 0-268435455
Default: 81920
min-content-size
Description Minimum size (bytes) of response that can be cached - default 512
Type: number
Range: 0-268435455
Default: 512
name
Description Specify cache template name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
packet-capture-template
Description Name of the packet capture template to be bind with this object
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/visibility/packet-capture/object-templates/slb-templ-cache-tmpl
remove-cookies
Description Remove cookies in response and cache
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
replacement-policy
Description ‘LFU’: LFU;
Type: string
Supported Values: LFU
Default: LFU
sampling-enable
Type: Listuri-policy
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
verify-host
Description Verify request using host before sending response from RAM cache
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cache-list_local-uri-policy¶
Specification Value Type list Block object keys local-uri
Description Specify Local URI for caching (Specify URI pattern that the policy should be applied to, maximum 63 charaters)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
cache-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘hits’: Cache hits; ‘miss’: Cache misses; ‘bytes_served’: Bytes served from cache; ‘total_req’: Total requests received; ‘caching_req’: Total requests to cache; ‘nc_req_header’: slbTemplateCacheNcReqHeader, help nc_req_header; ‘nc_res_header’: slbTemplateCacheNcResHeader, help nc_res_header; ‘rv_success’: some help string; ‘rv_failure’: slbTemplateCacheRvFailure, help rv_failure; ‘ims_request’: some help string; ‘nm_response’: some help string; ‘rsp_type_CL’: some help string; ‘rsp_type_CE’: some help string; ‘rsp_type_304’: some help string; ‘rsp_type_other’: some help string; ‘rsp_no_compress’: some help string; ‘rsp_gzip’: some help string; ‘rsp_deflate’: some help string; ‘rsp_other’: some help string; ‘nocache_match’: some help string; ‘match’: some help string; ‘invalidate_match’: some help string; ‘content_toobig’: slbTemplateCacheContentToobig, help content_toobig; ‘content_toosmall’: slbTemplateCacheContentToosmall, help content_toosmall; ‘entry_create_failures’: slbTemplateCacheEntryCreateFailures, help entry_create_failures; ‘mem_size’: some help string; ‘entry_num’: some help string; ‘replaced_entry’: some help string; ‘aging_entry’: some help string; ‘cleaned_entry’: some help string; ‘rsp_type_stream’: some help string; ‘header_save_error’: some help string; ‘rsp_br’: rsp_br;
Type: string
Supported Values: all, hits, miss, bytes_served, total_req, caching_req, nc_req_header, nc_res_header, rv_success, rv_failure, ims_request, nm_response, rsp_type_CL, rsp_type_CE, rsp_type_304, rsp_type_other, rsp_no_compress, rsp_gzip, rsp_deflate, rsp_other, nocache_match, match, invalidate_match, content_toobig, content_toosmall, entry_create_failures, mem_size, entry_num, replaced_entry, aging_entry, cleaned_entry, rsp_type_stream, header_save_error, rsp_br
cache-list_uri-policy¶
Specification Value Type list Block object keys cache-action
Description ‘cache’: Specify if certain URIs should be cached; ‘nocache’: Specify if certain URIs should not be cached;
Type: string
Supported Values: cache, nocache
cache-value
Description Specify seconds that content should be cached, default is age specified in cache template
Type: number
Range: 1-999999
invalidate
Description Specify if URI should invalidate cache entries matching pattern (pattern that would match entries to be invalidated (64 chars max))
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
uri
Description Specify URI for cache policy (Specify URI pattern that the policy should be applied to, maximum 63 charaters)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
port-list¶
Specification Value Type list Block object keys add
Description Slow start connection limit add by a number every interval (Add by this number every interval)
Type: number
Range: 1-4095
Mutual Exclusion: add and times are mutually exclusive
bw-rate-limit
Description Configure bandwidth rate limit on real server port (Bandwidth rate limit in Kbps)
Type: number
Range: 1-16777216
bw-rate-limit-duration
Description Duration in seconds the observed rate needs to honor
Type: number
Range: 1-250
bw-rate-limit-no-logging
Description Do not log bandwidth rate limit related state transitions
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
bw-rate-limit-resume
Description Resume server selection after bandwidth drops below this threshold (in Kbps) (Bandwidth rate limit resume threshold (in Kbps))
Type: number
Range: 1-16777216
conn-limit
Description Connection limit
Type: number
Range: 1-64000000
Default: 64000000
conn-limit-no-logging
Description Do not log connection over limit event
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
conn-rate-limit
Description Connection rate limit
Type: number
Range: 1-1048575
conn-rate-limit-no-logging
Description Do not log connection over limit event
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dampening-flaps
Description service dampening flaps count (max-flaps allowed in flap period)
Type: number
Range: 1-255
decrement
Description Decrease after every round of DNS query (default is 0)
Type: number
Range: 0-7
Default: 0
del-session-on-server-down
Description Delete session if the server/port goes down (either disabled/hm down)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dest-nat
Description Destination NAT
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
down-grace-period
Description Port down grace period (Down grace period in seconds)
Type: number
Range: 1-86400
down-timer
Description The timer to bring the marked down server/port to up (default is 0, never bring up) (The timer to bring up server (in second, default is 0))
Type: number
Range: 0-255
Default: 0
dscp
Description Differentiated Services Code Point (DSCP to Real Server IP Mapping Value)
Type: number
Range: 1-63
dynamic-member-priority
Description Set dynamic member’s priority (Initial priority (default is 16))
Type: number
Range: 1-16
Default: 16
every
Description Slow start connection limit increment interval (default 10)
Type: number
Range: 1-60
Default: 10
extended-stats
Description Enable extended statistics on real server port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
flap-period
Description take service out of rotation if max-flaps exceeded within time in seconds
Type: number
Range: 1-255
health-check
Description Health Check Monitor (Health monitor name)
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: health-check and health-check-disable are mutually exclusive
Reference Object: /axapi/v3/health/monitor
health-check-disable
Description Disable configured health check configuration
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: health-check-disable and health-check are mutually exclusive
inband-health-check
Description Use inband traffic to detect port’s health status
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
initial-slow-start
Description Initial slow start connection limit (default 128)
Type: number
Range: 1-4095
Default: 128
name
Description Port template name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Default: default
no-ssl
Description No SSL
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
rate-interval
Description ‘100ms’: Use 100 ms as sampling interval; ‘second’: Use 1 second as sampling interval;
Type: string
Supported Values: 100ms, second
Default: second
reassign
Description Maximum reassign times before declear the server/port down (default is 25) (The maximum reassign number)
Type: number
Range: 0-255
Default: 25
request-rate-interval
Description ‘100ms’: Use 100 ms as sampling interval; ‘second’: Use 1 second as sampling interval;
Type: string
Supported Values: 100ms, second
Default: second
request-rate-limit
Description Request rate limit
Type: number
Range: 1-1048575
request-rate-no-logging
Description Do not log connection over limit event
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
resel-on-reset
Description When receiving reset from server, do the server/port reselection (default is 0, don’t do reselection)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
reset
Description Send client reset when connection rate over limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
restore-svc-time
Description put the service back to the rotation after time in seconds
Type: number
Range: 1-4095
resume
Description Resume accepting new connection after connection number drops below threshold (Connection resume threshold)
Type: number
Range: 1-1048575
retry
Description Maximum retry times before reassign this connection to another server/port (default is 2) (The maximum retry number)
Type: number
Range: 0-7
Default: 2
shared-partition-pool
Description Reference a NAT pool or pool-group from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: shared-partition-pool and source-nat are mutually exclusive
slow-start
Description Slowly ramp up the connection number after port is up
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
source-nat
Description Source NAT (IP NAT Pool or pool group name)
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: source-nat and shared-partition-pool are mutually exclusive
Reference Object: /axapi/v3/ip/nat/pool
stats-data-action
Description ‘stats-data-enable’: Enable statistical data collection for real server port; ‘stats-data-disable’: Disable statistical data collection for real server port;
Type: string
Supported Values: stats-data-enable, stats-data-disable
Default: stats-data-enable
sub-group
Description Divide service group members into different sub groups (Sub group ID (default is 0))
Type: number
Range: 0-15
Default: 0
template-port-pool-shared
Description Source NAT (IP NAT Pool or pool group name)
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ip/nat/pool
till
Description Slow start ends when slow start connection limit reaches a number (default 4096) (Slow start ends when connection limit reaches this number)
Type: number
Range: 1-65535
Default: 4096
times
Description Slow start connection limit multiply by a number every interval (default 2) (Multiply by this number every interval)
Type: number
Range: 2-10
Default: 2
Mutual Exclusion: times and add are mutually exclusive
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
weight
Description Weight (port weight)
Type: number
Range: 1-1000
Default: 1
connection-reuse-list¶
Specification Value Type list Block object keys add-header
Description Insert HTTP Connection: keep-alive header
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
keep-alive-conn
Description Keep a number of server connections open
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
limit-per-server
Description Max Server Connections allowed (Connections per Server Port (default 1000))
Type: number
Range: 0-65535
Default: 1000
name
Description Connection Reuse Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
num-conn-per-port
Description Connections per Server Port (default 100)
Type: number
Range: 1-1024
Default: 100
preopen
Description Preopen server connection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
timeout
Description Timeout in seconds. Multiple of 60 (default 2400)
Type: number
Range: 60-3600
Default: 2400
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
link-cost-list¶
Specification Value Type list Block object keys bandwidth-interval
Description Interval duration in seconds
Type: number
Range: 1-60
Default: 5
name
Description Server Link-Cost Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
overage-bandwidth-cost
Description Configure overage bandwidth cost on real server (Overage bandwidth cost per Mbpi)
Type: number
Range: 0-4294967295
Default: 0
prepaid-bandwidth
Description Configure prepaid bandwidth on real server (Prepaid Bandwidth in Mbpi)
Type: number
Range: 0-4294967295
Default: 0
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
link-cost-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘link_total_fwd_bytes’: Total bytes fwd for link; ‘interval_fwd_bytes’: Link Cost bytes processed in forward direction per interval; ‘link_total_conn’: Link Cost total connection; ‘interval_avg_throughput’: Link Cost average throughput per interval; ‘interval_max_throughput’: Link Cost max throughput per interval;
Type: string
Supported Values: all, link_total_fwd_bytes, interval_fwd_bytes, link_total_conn, interval_avg_throughput, interval_max_throughput
reqmod-icap-list¶
Specification Value Type list Block object keys action
Description ‘continue’: Continue; ‘drop’: Drop; ‘reset’: Reset;
Type: string
Supported Values: continue, drop, reset
Default: continue
allowed-http-methods
Description List of allowed HTTP methods. Default is “Allow All”. (List of HTTP methods allowed (default “Allow All”))
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
bypass-ip-cfg
Type: Listdisable-http-server-reset
Description Don’t reset http server
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fail-close
Description When template sg is down mark vport down
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
failure-action
Description ‘continue’: Continue; ‘drop’: Drop; ‘reset’: Reset;
Type: string
Supported Values: continue, drop, reset
Default: continue
include-protocol-in-uri
Description Include protocol and port in HTTP URI
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-only-allowed-method
Description Only log allowed HTTP method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
logging
Description logging template (Logging template name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/logging
min-payload-size
Description min-payload-size value 0 - 65535, default is 0
Type: number
Range: 0-65535
Default: 0
name
Description Reqmod ICAP Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
preview
Description Preview value 1 - 32768, default is 32768
Type: number
Range: 1-32768
Default: 32768
server-ssl
Description Server SSL template (Server SSL template name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/server-ssl
service-group
Description Bind a Service Group to the template (Service Group Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
service-url
Description URL to send to ICAP server (Service URL Name)
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
shared-partition-persist-source-ip-template
Description Reference a persist source ip template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: shared-partition-persist-source-ip-template and source-ip are mutually exclusive
shared-partition-tcp-proxy-template
Description Reference a TCP Proxy template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: shared-partition-tcp-proxy-template and tcp-proxy are mutually exclusive
source-ip
Description Source IP persistence template (Source IP persistence template name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: source-ip and shared-partition-persist-source-ip-template are mutually exclusive
Reference Object: /axapi/v3/slb/template/persist/source-ip
tcp-proxy
Description TCP Proxy Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: tcp-proxy and shared-partition-tcp-proxy-template are mutually exclusive
Reference Object: /axapi/v3/slb/template/tcp-proxy
template-persist-source-ip-shared
Description Source IP Persistence Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/persist/source-ip
template-tcp-proxy-shared
Description TCP Proxy Template name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/tcp-proxy
timeout
Description Timeout value 1 - 200 in units of 200ms, default is 5 (default is 1000ms) (1 - 200 in units of 200ms, default is 5 (1000ms))
Type: number
Range: 1-200
Default: 5
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
x-auth-url
Description Use URL format for authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
reqmod-icap-list_bypass-ip-cfg¶
Specification Value Type list Block object keys bypass-ip
Description ip address to bypass reqmod-icap service
Type: string
Format: ipv4-address
mask
Description IP prefix mask
Type: string
Format: ipv4-netmask
smpp-list¶
Specification Value Type list Block object keys client-enquire-link
Description Respond client ENQUIRE_LINK packet directly instead of forwarding to server
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description SMPP Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
password
Description Configure the password used to bind
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
server-enquire-link
Description Send server ENQUIRE_LINK packet for every persist connection when enable conn-reuse
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-enquire-link-val
Description Set interval of keep-alive packet for each persistent connection (second, default is 30)
Type: number
Range: 5-300
Default: 30
server-selection-per-request
Description Force server selection on every SMPP request when enable conn-reuse
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user
Description Configure the user to bind (The name used to bind)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
smtp-list¶
Specification Value Type list Block object keys LF-to-CRLF
Description Change the LF to CRLF for smtp end of line
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-domain-switching
Type: Listclient-starttls-type
Description ‘optional’: STARTTLS is optional requirement; ‘enforced’: Must issue STARTTLS command before mail transaction;
Type: string
Supported Values: optional, enforced
command-disable
Type: Listerror-code-to-client
Description Would transfer error code(554) to client, when getting it from connection establishing with real-server
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description SMTP Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
server-domain
Description Config the domain of the email servers (Server’s domain, default is “mail-server-domain”)
Type: string
Format: host
Maximum Length: 254 characters
Maximum Length: 1 characters
Default: mail-server-domain
server-starttls-type
Description ‘optional’: STARTTLS is optional requirement; ‘enforced’: Must issue STARTTLS command before mail transaction;
Type: string
Supported Values: optional, enforced
service-ready-msg
Description Set SMTP service ready message (SMTP service ready message, default is “ESMTP mail service ready”)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Default: ESMTP mail service ready
template
Description: template is a JSON Block. Please see below for smtp-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
smtp-list_client-domain-switching¶
Specification Value Type list Block object keys match-string
Description Domain name string
Type: string
Format: string-rlx
Maximum Length: 31 characters
Maximum Length: 1 characters
service-group
Description Select service group (Service group name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
switching-type
Description ‘contains’: Specify domain name string if domain contains another string; ‘ends-with’: Specify domain name string if domain ends with another string; ‘starts-with’: Specify domain string if domain starts with another string;
Type: string
Supported Values: contains, ends-with, starts-with
smtp-list_template¶
Specification Value Type object logging
Description Logging template (Logging Config name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/logging
smtp-list_command-disable¶
Specification Value Type list Block object keys disable-type
Description ‘expn’: Disable SMTP EXPN commands; ‘turn’: Disable SMTP TURN commands; ‘vrfy’: Disable SMTP VRFY commands;
Type: string
Supported Values: expn, turn, vrfy
external-service-list¶
Specification Value Type list Block object keys action
Description ‘continue’: Continue; ‘drop’: Drop; ‘reset’: Reset;
Type: string
Supported Values: continue, drop, reset
Default: continue
bypass-ip-cfg
Type: Listfailure-action
Description ‘continue’: Continue; ‘drop’: Drop; ‘reset’: Reset;
Type: string
Supported Values: continue, drop, reset
Default: continue
name
Description External Service Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
request-header-forward-list
Type: Listservice-group
Description Bind a Service Group to the template (Service Group Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
shared-partition-persist-source-ip-template
Description Reference a persist source ip template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: shared-partition-persist-source-ip-template and source-ip are mutually exclusive
shared-partition-tcp-proxy-template
Description Reference a TCP Proxy template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: shared-partition-tcp-proxy-template and tcp-proxy are mutually exclusive
source-ip
Description Source IP persistence template (Source IP persistence template name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: source-ip and shared-partition-persist-source-ip-template are mutually exclusive
Reference Object: /axapi/v3/slb/template/persist/source-ip
tcp-proxy
Description TCP Proxy Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: tcp-proxy and shared-partition-tcp-proxy-template are mutually exclusive
template-persist-source-ip-shared
Description Source IP Persistence Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/persist/source-ip
template-tcp-proxy-shared
Description TCP Proxy Template name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/tcp-proxy
timeout
Description Timeout value 1 - 200 in units of 200ms, default is 5 (default is 1000ms) (1 - 200 in units of 200ms, default is 5 (1000ms))
Type: number
Range: 1-200
Default: 5
type
Description ‘skyfire-icap’: Skyfire ICAP service; ‘url-filter’: URL filtering service;
Type: string
Supported Values: skyfire-icap, url-filter
Default: url-filter
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
external-service-list_bypass-ip-cfg¶
Specification Value Type list Block object keys bypass-ip
Description ip address to bypass external service
Type: string
Format: ipv4-address
mask
Description IP prefix mask
Type: string
Format: ipv4-netmask
external-service-list_request-header-forward-list¶
Specification Value Type list Block object keys request-header-forward
Description Request header to be forwarded to external service (Header Name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp-list¶
Specification Value Type list Block object keys alive-if-active
Description keep connection alive if active traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
del-session-on-server-down
Description Delete session if the server/port goes down (either disabled/hm down)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable
Description send reset to client when server is disabled
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: disable and down are mutually exclusive
down
Description send reset to client when server is down
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: down and disable are mutually exclusive
force-delete-timeout
Description The maximum time that a session can stay in the system before being delete (number (second))
Type: number
Range: 1-31
Mutual Exclusion: force-delete-timeout and force-delete-timeout-100ms are mutually exclusive
force-delete-timeout-100ms
Description The maximum time that a session can stay in the system before being delete (number in 100ms)
Type: number
Range: 1-31
Mutual Exclusion: force-delete-timeout-100ms and force-delete-timeout are mutually exclusive
half-close-idle-timeout
Description TCP Half Close Idle Timeout (sec), default off (half close idle timeout in second, default off)
Type: number
Range: 60-120
half-open-idle-timeout
Description TCP Half Open Idle Timeout (sec), default off (half open idle timeout in second, default off)
Type: number
Range: 1-60
idle-timeout
Description Idle Timeout value (Interval of 60 seconds), default 120 seconds (idle timeout in second, default 120)
Type: number
Range: 1-2097151
Default: 120
initial-window-size
Description Set the initial window size (number)
Type: number
Range: 1-65535
insert-client-ip
Description Insert client ip into TCP option
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
lan-fast-ack
Description Enable fast TCP ack on LAN
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
logging
Description ‘init’: init only log; ‘term’: termination only log; ‘both’: both initial and termination log;
Type: string
Supported Values: init, term, both
name
Description Fast TCP Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Default: default
proxy-header
Description: proxy-header is a JSON Block. Please see below for tcp-list_proxy-header
Type: Object
qos
Description QOS level (number)
Type: number
Range: 1-63
re-select-if-server-down
Description re-select another server if service port is down
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
reset-follow-fin
Description send reset to client or server upon receiving first fin
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
reset-fwd
Description send reset to server if error happens
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
reset-rev
Description send reset to client if error happens
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
tcp-list_proxy-header¶
Specification Value Type object proxy-header-action
Description ‘insert’: Insert proxy header;
Type: string
Supported Values: insert
proxy-header-version
Description ‘v1’: version 1; ‘v2’: version 2;
Type: string
Supported Values: v1, v2
diameter-list¶
Specification Value Type list Block object keys avp-code
Description avp code
Type: number
Range: 1-2147483647
avp-list
Type: Listavp-string
Description pattern to be matched in the avp string name, max length 127 bytes
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
customize-cea
Description customizing cea response
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dwr-time
Description dwr health-check timer interval (in 100 milli second unit, default is 100, 0 means unset this option)
Type: number
Range: 0-2147483647
Default: 100
dwr-up-retry
Description number of successful dwr health-check before declaring target up
Type: number
Range: 1-7
Default: 3
forward-to-latest-server
Description Forward client message to the latest server that sends message with the same session id
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-unknown-session-id
Description Forward server message even it has unknown session id
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
idle-timeout
Description user sesison idle timeout (in minutes, default is 5)
Type: number
Range: 1-65535
Default: 5
load-balance-on-session-id
Description Load balance based on the session id
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
message-code-list
Type: Listmultiple-origin-host
Description allowing multiple origin-host to a single server
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description diameter template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
origin-host
Description: origin-host is a JSON Block. Please see below for diameter-list_origin-host
Type: Object
Reference Object: /axapi/v3/slb/template/diameter/{name}/origin-host
origin-realm
Description origin-realm name avp
Type: string
Format: string-rlx
Maximum Length: 31 characters
Maximum Length: 1 characters
product-name
Description product name avp
Type: string
Format: string-rlx
Maximum Length: 31 characters
Maximum Length: 1 characters
relaxed-origin-host
Description Relaxed Origin-Host Format
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
service-group-name
Description service group name, this is the service group that the message needs to be copied to
Type: string
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
session-age
Description user session age allowed (default 10), this is not idle-time (in minutes)
Type: number
Range: 1-65535
Default: 10
terminate-on-cca-t
Description remove diameter session when receiving CCA-T message
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
vendor-id
Description vendor-id avp (Vendor Id)
Type: number
Range: 0-2147483647
Default: 0
diameter-list_message-code-list¶
Specification Value Type list Block object keys message-code
Description
Type: number
Range: 1-2147483647
diameter-list_avp-list¶
Specification Value Type list Block object keys avp
Description customize avps for cer to the server (avp number)
Type: number
Range: 0-2147483647
int32
Description 32 bits integer
Type: number
Range: 0-2147483647
Mutual Exclusion: int32, int64, and string are mutually exclusive
int64
Description 64 bits integer
Type: number
Range: 0-2147483647
Mutual Exclusion: int64, int32, and string are mutually exclusive
mandatory
Description mandatory avp
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
string
Description String (string name, max length 127 bytes)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: string, int32, and int64 are mutually exclusive
diameter-list_origin-host¶
Specification Value Type object origin-host-name
Description origin-host name avp
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
udp-list¶
Specification Value Type list Block object keys age
Description short age (in sec), default is 31
Type: number
Range: 1-31
avp
Description ‘4’: NAS-IP-address; ‘8’: Framed-IP-Address;
Type: string
Supported Values: 4, 8
disable-clear-session
Description Disable immediate clearing of session
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
idle-timeout
Description Idle Timeout value (Interval of 60 seconds), default 120 seconds (idle timeout in second, default 120)
Type: number
Range: 1-2097151
Default: 120
immediate
Description Immediate Removal after Transaction
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: immediate and short are mutually exclusive
name
Description Fast UDP Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Default: default
qos
Description QOS level (number)
Type: number
Range: 1-63
radius-lb-method-hash-type
Description ‘ip’: IP-Hash;
Type: string
Supported Values: ip, ipv6
re-select-if-server-down
Description re-select another server if service port is down
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
short
Description Short lived session
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: short and immediate are mutually exclusive
stateless-conn-timeout
Description Stateless Current Connection Timeout value (5 - 120 seconds) (idle timeout in second, default 120)
Type: number
Range: 5-120
Default: 120
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
v6avp
Description ‘168’: Framed-IPv6-Address; ‘97’: Framed-IPv6-PrefixFramed-IPv6-Prefix;
Type: string
Supported Values: 168, 97
link-down-on-restart¶
Specification Value Type object enable
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
http-policy-list¶
Specification Value Type list Block object keys cookie-name
Description name of cookie to match (Cookie Name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
geo-location-match
Type: Listhttp-policy-match
Type: Listmulti-match-rule-list
Type: List
Reference Object: /axapi/v3/slb/template/http-policy/{name}/multi-match-rule/{multi-match}
name
Description http-policy template name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
http-policy-list_http-policy-match¶
Specification Value Type list Block object keys match-string
Description URL String, use “[no-name]” for empty query-param-name match, use “[no-value]” for empty query-param-value match
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
match-type
Description ‘contains’: Select service group if URL string contains another string; ‘ends-with’: Select service group if URL string ends with another string; ‘equals’: Select service group if URL string equals another string; ‘starts-with’: Select service group if URL string starts with another string;
Type: string
Supported Values: contains, ends-with, equals, starts-with
service-group
Description Service Group to be used (Service Group Name)
Type: string
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
type
Description ‘cookie’: cookie value match; ‘host’: hostname match; ‘url’: URL match; ‘header-name’: header name match; ‘header-value’: header value match; ‘query-param-name’: query parameter name; ‘query-param-value’: query parameter value;
Type: string
Supported Values: cookie, host, url, header-name, header-value, query-param-name, query-param-value
http-policy-list_multi-match-rule-list¶
Specification Value Type list Block object keys cookie-name-contains-string
Description Cookie value string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
cookie-name-contains-type
Description ‘contains’: Cookie name contains string;
Type: string
Supported Values: contains
Mutual Exclusion: cookie-name-contains-type,cookie-name-equals-type, cookie-name-starts-with-type, and cookie-name-ends-with-type are mutually exclusive
cookie-name-ends-with-string
Description Cookie name string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
cookie-name-ends-with-type
Description ‘ends-with’: Cookie name ends-with string;
Type: string
Supported Values: ends-with
Mutual Exclusion: cookie-name-ends-with-type,cookie-name-equals-type, cookie-name-contains-type, and cookie-name-starts-with-type are mutually exclusive
cookie-name-equals-string
Description Cookie name string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
cookie-name-equals-type
Description ‘equals’: Cookie name equals to string;
Type: string
Supported Values: equals
Mutual Exclusion: cookie-name-equals-type,cookie-name-contains-type, cookie-name-starts-with-type, and cookie-name-ends-with-type are mutually exclusive
cookie-name-starts-with-string
Description Cookie name string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
cookie-name-starts-with-type
Description ‘starts-with’: Cookie name starts-with string;
Type: string
Supported Values: starts-with
Mutual Exclusion: cookie-name-starts-with-type,cookie-name-equals-type, cookie-name-contains-type, and cookie-name-ends-with-type are mutually exclusive
cookie-value-contains-string
Description Cookie value string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
cookie-value-contains-type
Description ‘contains’: Cookie value contains string;
Type: string
Supported Values: contains
Mutual Exclusion: cookie-value-contains-type,cookie-value-equals-type, cookie-value-starts-with-type, and cookie-value-ends-with-type are mutually exclusive
cookie-value-ends-with-string
Description Cookie value string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
cookie-value-ends-with-type
Description ‘ends-with’: Cookie value ends-with string;
Type: string
Supported Values: ends-with
Mutual Exclusion: cookie-value-ends-with-type,cookie-value-equals-type, cookie-value-contains-type, and cookie-value-starts-with-type are mutually exclusive
cookie-value-equals-string
Description Cookie value string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
cookie-value-equals-type
Description ‘equals’: Cookie value equals to string;
Type: string
Supported Values: equals
Mutual Exclusion: cookie-value-equals-type,cookie-value-contains-type, cookie-value-starts-with-type, and cookie-value-ends-with-type are mutually exclusive
cookie-value-starts-with-string
Description Cookie value string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
cookie-value-starts-with-type
Description ‘starts-with’: Cookie value starts-with string;
Type: string
Supported Values: starts-with
Mutual Exclusion: cookie-value-starts-with-type,cookie-value-equals-type, cookie-value-contains-type, and cookie-value-ends-with-type are mutually exclusive
header-name-contains-string
Description Header name string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
header-name-contains-type
Description ‘contains’: Header name contains string;
Type: string
Supported Values: contains
Mutual Exclusion: header-name-contains-type,header-name-equals-type, header-name-starts-with-type, and header-name-ends-with-type are mutually exclusive
header-name-ends-with-string
Description Header name string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
header-name-ends-with-type
Description ‘ends-with’: Header name ends-with string;
Type: string
Supported Values: ends-with
Mutual Exclusion: header-name-ends-with-type,header-name-equals-type, header-name-contains-type, and header-name-starts-with-type are mutually exclusive
header-name-equals-string
Description Header name string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
header-name-equals-type
Description ‘equals’: Header name equals to string;
Type: string
Supported Values: equals
Mutual Exclusion: header-name-equals-type,header-name-contains-type, header-name-starts-with-type, and header-name-ends-with-type are mutually exclusive
header-name-starts-with-string
Description Header name string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
header-name-starts-with-type
Description ‘starts-with’: Header name starts-with string;
Type: string
Supported Values: starts-with
Mutual Exclusion: header-name-starts-with-type,header-name-equals-type, header-name-contains-type, and header-name-ends-with-type are mutually exclusive
header-value-contains-string
Description Header value string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
header-value-contains-type
Description ‘contains’: Header value contains string;
Type: string
Supported Values: contains
Mutual Exclusion: header-value-contains-type,header-value-equals-type, header-value-starts-with-type, and header-value-ends-with-type are mutually exclusive
header-value-ends-with-string
Description Header value string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
header-value-ends-with-type
Description ‘ends-with’: Header value ends-with string;
Type: string
Supported Values: ends-with
Mutual Exclusion: header-value-ends-with-type,header-value-equals-type, header-value-contains-type, and header-value-starts-with-type are mutually exclusive
header-value-equals-string
Description Header value string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
header-value-equals-type
Description ‘equals’: Header value equals to string;
Type: string
Supported Values: equals
Mutual Exclusion: header-value-equals-type,header-value-contains-type, header-value-starts-with-type, and header-value-ends-with-type are mutually exclusive
header-value-starts-with-string
Description Header value string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
header-value-starts-with-type
Description ‘starts-with’: Header value starts-with string;
Type: string
Supported Values: starts-with
Mutual Exclusion: header-value-starts-with-type,header-value-equals-type, header-value-contains-type, and header-value-ends-with-type are mutually exclusive
host-contains-string
Description Host string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
host-contains-type
Description ‘contains’: Host contains string;
Type: string
Supported Values: contains
Mutual Exclusion: host-contains-type,host-equals-type, host-starts-with-type, and host-ends-with-type are mutually exclusive
host-ends-with-string
Description Host string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
host-ends-with-type
Description ‘ends-with’: Host ends-with string;
Type: string
Supported Values: ends-with
Mutual Exclusion: host-ends-with-type,host-equals-type, host-contains-type, and host-starts-with-type are mutually exclusive
host-equals-string
Description Host string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
host-equals-type
Description ‘equals’: Host equals to string;
Type: string
Supported Values: equals
Mutual Exclusion: host-equals-type,host-contains-type, host-starts-with-type, and host-ends-with-type are mutually exclusive
host-starts-with-string
Description Host string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
host-starts-with-type
Description ‘starts-with’: Host starts-with string;
Type: string
Supported Values: starts-with
Mutual Exclusion: host-starts-with-type,host-equals-type, host-contains-type, and host-ends-with-type are mutually exclusive
multi-match
Description Specify a multi-match-rule name
Type: string
Format: string-rlx
Maximum Length: 64 characters
Maximum Length: 1 characters
query-param-name-contains-string
Description query parameter name string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
query-param-name-contains-type
Description ‘contains’: query parameter name contains string;
Type: string
Supported Values: contains
Mutual Exclusion: query-param-name-contains-type,query-param-name-equals-type, query-param-name-starts-with-type, and query-param-name-ends-with-type are mutually exclusive
query-param-name-ends-with-string
Description query parameter name string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
query-param-name-ends-with-type
Description ‘ends-with’: query parameter name ends-with string;
Type: string
Supported Values: ends-with
Mutual Exclusion: query-param-name-ends-with-type,query-param-name-equals-type, query-param-name-contains-type, and query-param-name-starts-with-type are mutually exclusive
query-param-name-equals-string
Description query parameter name string, use “[no-name]” for empty query-param-name match
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
query-param-name-equals-type
Description ‘equals’: query parameter name equals to string;
Type: string
Supported Values: equals
Mutual Exclusion: query-param-name-equals-type,query-param-name-contains-type, query-param-name-starts-with-type, and query-param-name-ends-with-type are mutually exclusive
query-param-name-starts-with-string
Description query parameter name string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
query-param-name-starts-with-type
Description ‘starts-with’: query parameter name starts-with string;
Type: string
Supported Values: starts-with
Mutual Exclusion: query-param-name-starts-with-type,query-param-name-equals-type, query-param-name-contains-type, and query-param-name-ends-with-type are mutually exclusive
query-param-value-contains-string
Description query parameter value string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
query-param-value-contains-type
Description ‘contains’: query parameter value contains string;
Type: string
Supported Values: contains
Mutual Exclusion: query-param-value-contains-type,query-param-value-equals-type, query-param-value-starts-with-type, and query-param-value-ends-with-type are mutually exclusive
query-param-value-ends-with-string
Description query parameter value string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
query-param-value-ends-with-type
Description ‘ends-with’: query parameter value ends-with string;
Type: string
Supported Values: ends-with
Mutual Exclusion: query-param-value-ends-with-type,query-param-value-equals-type, query-param-value-contains-type, and query-param-value-starts-with-type are mutually exclusive
query-param-value-equals-string
Description query parameter value string, use “[no-value]” for empty query-param-value match
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
query-param-value-equals-type
Description ‘equals’: query parameter value equals to string;
Type: string
Supported Values: equals
Mutual Exclusion: query-param-value-equals-type,query-param-value-contains-type, query-param-value-starts-with-type, and query-param-value-ends-with-type are mutually exclusive
query-param-value-starts-with-string
Description query parameter value string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
query-param-value-starts-with-type
Description ‘starts-with’: query parameter value starts-with string;
Type: string
Supported Values: starts-with
Mutual Exclusion: query-param-value-starts-with-type,query-param-value-equals-type, query-param-value-contains-type, and query-param-value-ends-with-type are mutually exclusive
seq-num
Description Specify a sequence number
Type: number
Range: 1-8192
service-group
Description Service Group to be used (Service Group Name)
Type: string
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
url-contains-string
Description URL string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
url-contains-type
Description ‘contains’: URL contains string;
Type: string
Supported Values: contains
Mutual Exclusion: url-contains-type,url-equals-type, url-starts-with-type, and url-ends-with-type are mutually exclusive
url-ends-with-string
Description URL string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
url-ends-with-type
Description ‘ends-with’: URL ends-with string;
Type: string
Supported Values: ends-with
Mutual Exclusion: url-ends-with-type,url-equals-type, url-contains-type, and url-starts-with-type are mutually exclusive
url-equals-string
Description URL string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
url-equals-type
Description ‘equals’: URL equals to string;
Type: string
Supported Values: equals
Mutual Exclusion: url-equals-type,url-contains-type, url-starts-with-type, and url-ends-with-type are mutually exclusive
url-starts-with-string
Description URL string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
url-starts-with-type
Description ‘starts-with’: URL starts-with string;
Type: string
Supported Values: starts-with
Mutual Exclusion: url-starts-with-type,url-equals-type, url-contains-type, and url-ends-with-type are mutually exclusive
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
http-policy-list_geo-location-match¶
Specification Value Type list Block object keys geo-location
Description Geolocation name
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
geo-location-service-group
Description Service Group to be used (Service Group Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
link-probe-list¶
Specification Value Type list Block object keys destination
Description: destination is a JSON Block. Please see below for link-probe-list_destination
Type: Object
Reference Object: /axapi/v3/slb/template/link-probe/{name}/destination
disable
Description Disable Probe template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
expected-status-code
Description Specify response code range (e.g. 200,400-430), default is 200 (Format is xx,xx-xx (xx between [100, 899]), default is 200)
Type: string
Format: string-rlx
Maximum Length: 31 characters
Maximum Length: 1 characters
Default: 200
name
Description probe template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
probe-interval
Description Time between each probe that needs to be sent out (in seconds, default is 5)
Type: number
Range: 1-7200
Default: 5
probes-per-test
Description Total number of probes to be sent out for each test
Type: number
Range: 1-10
Default: 5
rtt-method
Description ‘http-rtt’: Calculate Round Trip Time between HTTP request and response; ‘tcp-srtt’: Use TCP Smoothed round trip time in the HTTP connection;
Type: string
Supported Values: http-rtt, tcp-srtt
Default: http-rtt
selection-rule
Description ‘threshold’: Use all links below a threshold before selecting the fastest link; ‘fastest-link-always’: Always use the link with the lowest average latency;
Type: string
Supported Values: threshold, fastest-link-always
Default: fastest-link-always
test-interval
Description time interval between subsequent tests (in seconds, default is 60)
Type: number
Range: 1-7200
Default: 60
threshold-value
Description Use all links below a threshold before selecting the fastest link (RTT in milliseconds)
Type: number
Range: 0-65534
Default: 0
url
Description Specify URL to which probes should be sent out. Default is /
Type: string
Format: string-rlx
Maximum Length: 1023 characters
Maximum Length: 1 characters
Default: /
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
link-probe-list_destination¶
Specification Value Type object hostname
Description Target Hostname
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
resolve-as
Description ‘resolve-to-ipv4’: Use A Query only to resolve the configured hostname; ‘resolve-to-ipv6’: Use AAAA Query only to resolve the configured hostname;
Type: string
Supported Values: resolve-to-ipv4, resolve-to-ipv6
Mutual Exclusion: resolve-as, static-ipv4-addr, and static-ipv6-addr are mutually exclusive
static-ipv4-addr
Description Target IPv4 Address
Type: string
Format: ipv4-address
Mutual Exclusion: static-ipv4-addr, resolve-as, and static-ipv6-addr are mutually exclusive
static-ipv6-addr
Description Target IPv6 Address
Type: string
Format: ipv6-address
Mutual Exclusion: static-ipv6-addr, resolve-as, and static-ipv4-addr are mutually exclusive
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
client-ssl-list¶
Specification Value Type list Block object keys ad-group-list
Description Forward proxy bypass if ad-group matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
alert-type
Description ‘fatal’: Log fatal alerts;
Type: string
Supported Values: fatal
auth-sg
Description Specify authorization LDAP service group
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: auth-sg and authen-name are mutually exclusive
Reference Object: /axapi/v3/aam/authentication/service-group
auth-sg-dn
Description Use Subject DN as LDAP search base DN
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
auth-sg-filter
Description Specify LDAP search filter
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
auth-username
Description Specify the Username Field in the Client Certificate(If multi-fields are specificed, prior one has higher priority)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
auth-username-attribute
Description Specify attribute name of username for client SSL authorization
Type: string
Format: string-rlx
Maximum Length: 31 characters
Maximum Length: 1 characters
authen-name
Description Specify authorization LDAP server name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: authen-name and auth-sg are mutually exclusive
Reference Object: /axapi/v3/aam/authentication/server/ldap
authorization
Description Specify LDAP server for client SSL authorizaiton
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
bypass-cert-issuer-class-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: bypass-cert-issuer-class-list-name and bypass-cert-issuer-multi-class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
bypass-cert-issuer-multi-class-list
Type: Listbypass-cert-san-class-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: bypass-cert-san-class-list-name and bypass-cert-san-multi-class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
bypass-cert-san-multi-class-list
Type: Listbypass-cert-subject-class-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: bypass-cert-subject-class-list-name and bypass-cert-subject-multi-class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
bypass-cert-subject-multi-class-list
Type: Listca-certs
Type: Listcache-persistence-list-name
Description Class List Name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
case-insensitive
Description Case insensitive forward proxy bypass
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
central-cert-pin-list
Description Forward proxy bypass if SNI string is contained in central updated cert-pinning-candidate list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cert-revoke-action
Description ‘bypass’: bypass SSLi processing; ‘continue’: continue the connection; ‘drop’: close the connection; ‘block’: block the connection with a warning page;
Type: string
Supported Values: bypass, continue, drop, block
Default: bypass
cert-unknown-action
Description ‘bypass’: bypass SSLi processing; ‘continue’: continue the connection; ‘drop’: close the connection; ‘block’: block the connection with a warning page;
Type: string
Supported Values: bypass, continue, drop, block
Default: bypass
certificate-issuer-contains-list
Type: Listcertificate-issuer-ends-with-list
Type: Listcertificate-issuer-equals-list
Type: Listcertificate-issuer-starts-with-list
Type: Listcertificate-list
Type: List
Reference Object: /axapi/v3/slb/template/client-ssl/{name}/certificate/{cert}
certificate-san-contains-list
Type: Listcertificate-san-ends-with-list
Type: Listcertificate-san-equals-list
Type: Listcertificate-san-starts-with-list
Type: Listcertificate-subject-contains-list
Type: Listcertificate-subject-ends-with-list
Type: Listcertificate-subject-equals-list
Type: Listcertificate-subject-starts-with-list
Type: Listchain-cert
Description Chain Certificate Name
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: chain-cert and chain-cert-shared-str are mutually exclusive
chain-cert-shared-str
Description Chain Certificate Name
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: chain-cert-shared-str and chain-cert are mutually exclusive
cipher-without-prio-list
Type: Listclass-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: class-list-name and multi-clist-name are mutually exclusive
Reference Object: /axapi/v3/class-list
client-auth-case-insensitive
Description Case insensitive forward proxy client auth bypass
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-auth-class-list
Description Forward proxy client auth bypass if SNI string matches class-list (Class List Name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-auth-contains-list
Type: Listclient-auth-ends-with-list
Type: Listclient-auth-equals-list
Type: Listclient-auth-starts-with-list
Type: Listclient-certificate
Description ‘Ignore’: Don’t request client certificate; ‘Require’: Require client certificate; ‘Request’: Request client certificate;
Type: string
Supported Values: Ignore, Require, Request
Default: Ignore
client-ipv4-list
Type: Listclient-ipv6-list
Type: Listclose-notify
Description Send close notification when terminate connection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
contains-list
Type: Listcrl-certs
Type: Listdgversion
Description Lower TLS/SSL version can be downgraded
Type: number
Range: 30-34
Default: 31
dh-type
Description ‘1024’: 1024; ‘1024-dsa’: 1024-dsa; ‘2048’: 2048;
Type: string
Supported Values: 1024, 1024-dsa, 2048
direct-client-server-auth
Description Let backend server does SSL client authentication directly
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-sslv3
Description Reject Client requests for SSL version 3
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
early-data
Description Enable TLS 1.3 early data (0-RTT)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ec-list
Type: Listenable-ssli-ftp-alg
Description Enable SSLi FTP over TLS support at which port
Type: number
Range: 1-65535
enable-tls-alert-logging
Description Enable TLS alert logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ends-with-list
Type: Listequals-list
Type: Listexception-ad-group-list
Description Exceptions to forward proxy bypass if ad-group matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
exception-certificate-issuer-cl-name
Description Exceptions to forward-proxy-bypass
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
exception-certificate-san-cl-name
Description Exceptions to forward-proxy-bypass
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
exception-certificate-subject-cl-name
Description Exceptions to forward-proxy-bypass
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
exception-client-ipv4-list
Type: Listexception-client-ipv6-list
Type: Listexception-server-ipv4-list
Type: Listexception-server-ipv6-list
Type: Listexception-sni-cl-name
Description Exceptions to forward-proxy-bypass
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
exception-user-name-list
Description Exceptions to forward proxy bypass if user-name matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
exception-web-category
Description: exception-web-category is a JSON Block. Please see below for client-ssl-list_exception-web-category
Type: Object
exception-web-reputation
Description: exception-web-reputation is a JSON Block. Please see below for client-ssl-list_exception-web-reputation
Type: Object
expire-hours
Description Certificate lifetime in hours
Type: number
Range: 1-168
forward-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)
Mutual Exclusion: forward-encrypted and fp-ca-certificate are mutually exclusive
forward-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: forward-passphrase and fp-ca-certificate are mutually exclusive
forward-proxy-alt-sign
Description Forward proxy alternate signing cert and key
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-block-message
Description Message to be included on the block page (Message, enclose in quotes if spaces are present)
Type: string
Format: string-rlx
Maximum Length: 1023 characters
Maximum Length: 1 characters
forward-proxy-ca-cert
Description CA Certificate for forward proxy (SSL forward proxy CA Certificate Name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: forward-proxy-ca-cert,fp-ca-certificate, fp-ca-key, fp-ca-key-pass-phrase, fp-ca-key-passphrase, fp-ca-key-encrypted, fp-ca-chain-cert, and fp-ca-certificate-shared are mutually exclusive
forward-proxy-ca-key
Description CA Private Key for forward proxy (SSL forward proxy CA Key Name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: forward-proxy-ca-key,fp-ca-certificate, fp-ca-key, fp-ca-key-pass-phrase, fp-ca-key-passphrase, fp-ca-key-encrypted, fp-ca-chain-cert, and fp-ca-certificate-shared are mutually exclusive
forward-proxy-cert-cache-limit
Description Certificate cache size limit, default is 524288 (set to 0 for unlimited size)
Type: number
Range: 0-2147483647
Default: 524288
forward-proxy-cert-cache-timeout
Description Certificate cache timeout, default is 1 hour (seconds, set to 0 for never timeout)
Type: number
Range: 0-2147483647
Default: 3600
forward-proxy-cert-expiry
Description Adjust certificate expiry relative to the time when it is created on the device
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-cert-not-ready-action
Description ‘bypass’: bypass the connection; ‘reset’: reset the connection; ‘intercept’: wait for cert and then inspect the connection;
Type: string
Supported Values: bypass, reset, intercept
Default: bypass
forward-proxy-cert-revoke-action
Description Action taken if a certificate is irreversibly revoked, bypass SSLi processing by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
forward-proxy-cert-unknown-action
Description Action taken if a certificate revocation status is unknown, bypass SSLi processing by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
forward-proxy-crl-disable
Description Disable Certificate Revocation List checking for forward proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-decrypted-dscp
Description Apply a DSCP to decrypted and bypassed traffic (DSCP to apply to decrypted traffic)
Type: number
Range: 1-63
forward-proxy-decrypted-dscp-bypass
Description DSCP to apply to bypassed traffic
Type: number
Range: 1-63
forward-proxy-enable
Description Enable SSL forward proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: forward-proxy-enable and ssli-inbound-enable are mutually exclusive
forward-proxy-esni-action
Description Action taken if receiving encrypted server name indication extension in client hello MSG, bypass the connection by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-failsafe-disable
Description Disable Failsafe for SSL forward proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-hash-persistence-interval
Description Set the time interval to save the hash persistence certs (Interval value, in minutes)
Type: number
Range: 1-720
Default: 30
forward-proxy-log-disable
Description Disable SSL forward proxy logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-no-shared-cipher-action
Description Action taken if handshake fails due to no shared ciper, close the connection by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
forward-proxy-no-sni-action
Description ‘intercept’: intercept in no SNI case; ‘bypass’: bypass in no SNI case; ‘reset’: reset in no SNI case;
Type: string
Supported Values: intercept, bypass, reset
Default: intercept
forward-proxy-ocsp-disable
Description Disable ocsp-stapling for forward proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-require-sni-cert-matched
Description ‘no-match-action-inspect’: Inspected if not matched; ‘no-match-action-drop’: Dropped if not matched;
Type: string
Supported Values: no-match-action-inspect, no-match-action-drop
forward-proxy-selfsign-redir
Description Redirect connections to pages with self signed certs to a warning page
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-ssl-version
Description TLS/SSL version, default is TLS1.2 (TLS/SSL version: 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3)
Type: number
Range: 31-34
Default: 33
forward-proxy-trusted-ca-lists
Type: Listforward-proxy-verify-cert-fail-action
Description Action taken if certificate verification fails, close the connection by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
fp-alt-cert
Description CA Certificate for forward proxy alternate signing (Certificate name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
fp-alt-chain-cert
Description Chain Certificate (Chain Certificate Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
fp-alt-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)fp-alt-key
Description CA Private Key for forward proxy alternate signing (Key name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
fp-alt-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
fp-alt-shared
Description Alternate CA Certificate and Private Key Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fp-ca-certificate
Description CA Certificate for forward proxy (SSL forward proxy CA Certificate Name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-ca-certificate,forward-proxy-ca-cert, fp-ca-shared, forward-proxy-ca-key, forward-passphrase, forward-encrypted, and fp-ca-key-shared are mutually exclusive
fp-ca-certificate-shared
Description CA Private Key Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: fp-ca-certificate-shared, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive
fp-ca-chain-cert
Description Chain Certificate (Chain Certificate Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-ca-chain-cert, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive
fp-ca-key
Description CA Private Key for forward proxy (SSL forward proxy CA Key Name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-ca-key, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive
fp-ca-key-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)
Mutual Exclusion: fp-ca-key-encrypted, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive
fp-ca-key-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-ca-key-passphrase, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive
fp-ca-key-shared
Description CA Private Key Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: fp-ca-key-shared and fp-ca-certificate are mutually exclusive
fp-ca-shared
Description CA Certificate Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: fp-ca-shared and fp-ca-certificate are mutually exclusive
fp-cert-ext-aia-ca-issuers
Description CA Issuers (Authority Information Access URI)
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-cert-ext-aia-ca-issuers and fp-cert-ext-aia-ocsp are mutually exclusive
fp-cert-ext-aia-ocsp
Description OCSP (Authority Information Access URI)
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-cert-ext-aia-ocsp and fp-cert-ext-aia-ca-issuers are mutually exclusive
fp-cert-ext-crldp
Description CRL Distribution Point (CRL Distribution Point URI)
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
fp-cert-fetch-autonat
Description ‘auto’: Configure auto NAT for server certificate fetching;
Type: string
Supported Values: auto
Mutual Exclusion: fp-cert-fetch-autonat and fp-cert-fetch-natpool-name are mutually exclusive
fp-cert-fetch-autonat-precedence
Description Set this NAT pool as higher precedence than other source NAT like configued under template policy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fp-cert-fetch-natpool-name
Description Specify NAT pool or pool group
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-cert-fetch-natpool-name, shared-partition-pool, and fp-cert-fetch-autonat are mutually exclusive
Reference Object: /axapi/v3/ip/nat/pool
fp-cert-fetch-natpool-name-shared
Description Specify NAT pool or pool group
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ip/nat/pool
fp-cert-fetch-natpool-precedence
Description Set this NAT pool as higher precedence than other source NAT like configued under template policy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fp-esni-action
Description ‘bypass’: bypass SSLi processing; ‘drop’: close the connection;
Type: string
Supported Values: bypass, drop
Default: bypass
handshake-logging-enable
Description Enable SSL handshake logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hsm-type
Description ‘thales-embed’: Thales embed key; ‘thales-hwcrhk’: Thales hwcrhk Key;
Type: string
Supported Values: thales-embed, thales-hwcrhk
inspect-certificate-issuer-cl-name
Description Forward proxy Inspect if Certificate issuer matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
inspect-certificate-san-cl-name
Description Forward proxy Inspect if Certificate Subject Alternative Name matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
inspect-certificate-subject-cl-name
Description Forward proxy Inspect if Certificate Subject matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
inspect-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
ja3-enable
Description Enable JA3 features
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ja3-insert-http-header
Description Insert the JA3 hash into this request as a HTTP header (HTTP Header Name)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
ja3-reject-class-list
Description Drop request if the JA3 hash matches this class-list (type string-case-insensitive) (Class-List Name)
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
ja3-reject-max-number-per-host
Description Drop request if numbers of JA3 of this client address exceeded
Type: number
Range: 1-256
ja3-ttl
Description seconds to keep each JA3 record
Type: number
Range: 1-86400
Default: 600
ldap-base-dn-from-cert
Description Use Subject DN as LDAP search base DN
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ldap-search-filter
Description Specify LDAP search filter
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
local-cert-pin-list
Description: local-cert-pin-list is a JSON Block. Please see below for client-ssl-list_local-cert-pin-list
Type: Object
local-logging
Description Enable local logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
multi-class-list
Type: Listname
Description Client SSL Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
no-anti-replay
Description Disable anti-replay protection for TLS 1.3 early data (0-RTT data)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
no-shared-cipher-action
Description ‘bypass’: bypass SSLi processing; ‘drop’: close the connection;
Type: string
Supported Values: bypass, drop
Default: drop
non-ssl-bypass-l4session
Description Handle the non-ssl session as L4 for performance optimization
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
non-ssl-bypass-service-group
Description Service Group for Bypass non-ssl traffic (Service Group Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
notafter
Description notAfter date
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
notafterday
Description Day
Type: number
Range: 1-31
notaftermonth
Description Month
Type: number
Range: 1-12
notafteryear
Description Year
Type: number
Range: 2005-2035
notbefore
Description notBefore date
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
notbeforeday
Description Day
Type: number
Range: 1-31
notbeforemonth
Description Month
Type: number
Range: 1-12
notbeforeyear
Description Year
Type: number
Range: 2005-2035
ocsp-stapling
Description Config OCSP stapling support
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ocspst-ca-cert
Description CA certificate
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
ocspst-ocsp
Description Specify OCSP Authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ocspst-sg
Description Specify authentication service group
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: ocspst-sg and ocspst-srvr are mutually exclusive
Reference Object: /axapi/v3/aam/authentication/service-group
ocspst-sg-days
Description Specify update period, in days
Type: number
Range: 1-31
Mutual Exclusion: ocspst-sg-days, ocspst-sg-hours, and ocspst-sg-minutes are mutually exclusive
ocspst-sg-hours
Description Specify update period, in hours
Type: number
Range: 1-23
Default: 1
Mutual Exclusion: ocspst-sg-hours, ocspst-sg-days, and ocspst-sg-minutes are mutually exclusive
ocspst-sg-minutes
Description Specify update period, in minutes
Type: number
Range: 1-59
Mutual Exclusion: ocspst-sg-minutes, ocspst-sg-days, and ocspst-sg-hours are mutually exclusive
ocspst-sg-timeout
Description Specify retry timeout (Default is 30 mins)
Type: number
Range: 1-44640
Default: 30
ocspst-srvr
Description Specify OCSP authentication server
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: ocspst-srvr and ocspst-sg are mutually exclusive
Reference Object: /axapi/v3/aam/authentication/server/ocsp
ocspst-srvr-days
Description Specify update period, in days
Type: number
Range: 1-31
Mutual Exclusion: ocspst-srvr-days, ocspst-srvr-hours, and ocspst-srvr-minutes are mutually exclusive
ocspst-srvr-hours
Description Specify update period, in hours
Type: number
Range: 1-23
Default: 1
Mutual Exclusion: ocspst-srvr-hours, ocspst-srvr-days, and ocspst-srvr-minutes are mutually exclusive
ocspst-srvr-minutes
Description Specify update period, in minutes
Type: number
Range: 1-59
Mutual Exclusion: ocspst-srvr-minutes, ocspst-srvr-days, and ocspst-srvr-hours are mutually exclusive
ocspst-srvr-timeout
Description Specify retry timeout (Default is 30 mins)
Type: number
Range: 1-44640
Default: 30
renegotiation-disable
Description Disable SSL renegotiation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
req-ca-lists
Type: Listrequire-web-category
Description Wait for web category to be resolved before taking bypass decision
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-ipv4-list
Type: Listserver-ipv6-list
Type: Listserver-name-auto-map
Description Enable automatic mapping of server name indication in Client hello extension
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-name-list
Type: Listsession-cache-size
Description Session Cache Size (Maximum cache size. Default value 0 (Session ID reuse disabled))
Type: number
session-cache-timeout
Description Session Cache Timeout (Timeout value, in seconds. Default value 0 (Session cache timeout disabled))
Type: number
Range: 0-604800
Default: 0
session-ticket-disable
Description Disable client side session ticket support
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
session-ticket-lifetime
Description Session ticket lifetime in seconds from stateless session resumption (Lifetime value in seconds. Default value 0 (Session ticket lifetime is 7200 seconds))
Type: number
Range: 0-2147483647
Default: 0
shared-partition-cipher-template
Description Reference a cipher template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: shared-partition-cipher-template, template-cipher, and cipher-wo-prio are mutually exclusive
shared-partition-pool
Description Reference a NAT pool or pool group from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: shared-partition-pool and fp-cert-fetch-natpool-name are mutually exclusive
sni-bypass-enable-log
Description Enable logging when bypass event happens, disabled by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-bypass-expired-cert
Description Bypass when certificate expired
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-bypass-explicit-list
Description Bypass when matched explicit bypass list (Specify class list name)
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
sni-bypass-missing-cert
Description Bypass when missing cert/key
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-enable-log
Description Enable logging of sni-auto-map failures. Disable by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ssl-false-start-disable
Description disable SSL False Start
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ssli-inbound-enable
Description Enable inbound SSLi
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: ssli-inbound-enable and forward-proxy-enable are mutually exclusive
ssli-logging
Description SSLi logging level, default is error logging only
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sslilogging
Description ‘disable’: Disable all logging; ‘all’: enable all logging(error, info);
Type: string
Supported Values: disable, all
sslv2-bypass-service-group
Description Service Group for Bypass SSLV2 (Service Group Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
starts-with-list
Type: Listtemplate-cipher
Description Cipher Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: template-cipher, shared-partition-cipher-template, and cipher-wo-prio are mutually exclusive
Reference Object: /axapi/v3/slb/template/cipher
template-cipher-shared
Description Cipher Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/cipher
template-hsm
Description HSM Template (HSM Template Name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/hsm/template
user-name-list
Description Forward proxy bypass if user-name matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
verify-cert-fail-action
Description ‘bypass’: bypass SSLi processing; ‘continue’: continue the connection; ‘drop’: close the connection; ‘block’: block the connection with a warning page;
Type: string
Supported Values: bypass, continue, drop, block
Default: drop
version
Description TLS/SSL version, default is the highest number supported (TLS/SSL version: 30-SSLv3.0, 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3)
Type: number
Range: 1-34
web-category
Description: web-category is a JSON Block. Please see below for client-ssl-list_web-category
Type: Object
web-reputation
Description: web-reputation is a JSON Block. Please see below for client-ssl-list_web-reputation
Type: Object
client-ssl-list_bypass-cert-subject-multi-class-list¶
Specification Value Type list Block object keys bypass-cert-subject-multi-class-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: bypass-cert-subject-multi-class-list-name and bypass-cert-subject-class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
client-ssl-list_certificate-san-contains-list¶
Specification Value Type list Block object keys certificate-san-contains
Description Forward proxy bypass if Certificate SAN contains another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-ssl-list_equals-list¶
Specification Value Type list Block object keys equals
Description Forward proxy bypass if SNI string equals another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-ssl-list_client-ipv6-list¶
Specification Value Type list Block object keys client-ipv6-list-name
Description IPV6 client class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
client-ssl-list_forward-proxy-trusted-ca-lists¶
Specification Value Type list Block object keys forward-proxy-trusted-ca
Description Forward proxy trusted CA file (CA file name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
fp-trusted-ca-shared
Description Trusted CA Certificate Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-ssl-list_ec-list¶
Specification Value Type list Block object keys ec
Description ‘secp256r1’: X9_62_prime256v1; ‘secp384r1’: secp384r1;
Type: string
Supported Values: secp256r1, secp384r1
client-ssl-list_contains-list¶
Specification Value Type list Block object keys contains
Description Forward proxy bypass if SNI string contains another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-ssl-list_ends-with-list¶
Specification Value Type list Block object keys ends-with
Description Forward proxy bypass if SNI string ends with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-ssl-list_ca-certs¶
Specification Value Type list Block object keys ca-cert
Description CA Certificate (CA Certificate Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
ca-shared
Description CA Certificate Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-ocsp
Description Specify ocsp authentication server(s) for client certificate verification
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-ocsp-sg
Description Specify service-group (Service group name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/aam/authentication/service-group
client-ocsp-srvr
Description Specify authentication server
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/aam/authentication/server/ocsp/instance
client-ssl-list_client-auth-contains-list¶
Specification Value Type list Block object keys client-auth-contains
Description Forward proxy bypass if SNI string contains another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-ssl-list_certificate-subject-contains-list¶
Specification Value Type list Block object keys certificate-subject-contains
Description Forward proxy bypass if Certificate Subject contains another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-ssl-list_req-ca-lists¶
Specification Value Type list Block object keys client-cert-req-ca-shared
Description CA Certificate Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-certificate-Request-CA
Description Send CA lists in certificate request (CA Certificate Name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
client-ssl-list_certificate-subject-starts-with-list¶
Specification Value Type list Block object keys certificate-subject-starts
Description Forward proxy bypass if Certificate Subject starts with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-ssl-list_web-reputation¶
Specification Value Type object bypass-low-risk
Description Bypass when reputation score is greater than or equal to 61
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: bypass-low-risk,bypass-trustworthy, bypass-moderate-risk, bypass-suspicious, bypass-malicious, and bypass-threshold are mutually exclusive
bypass-malicious
Description Bypass when reputation score is greater than or equal to 1
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: bypass-malicious,bypass-trustworthy, bypass-low-risk, bypass-moderate-risk, bypass-suspicious, and bypass-threshold are mutually exclusive
bypass-moderate-risk
Description Bypass when reputation score is greater than or equal to 41
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: bypass-moderate-risk,bypass-trustworthy, bypass-low-risk, bypass-suspicious, bypass-malicious, and bypass-threshold are mutually exclusive
bypass-suspicious
Description Bypass when reputation score is greater than or equal to 21
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: bypass-suspicious,bypass-trustworthy, bypass-low-risk, bypass-moderate-risk, bypass-malicious, and bypass-threshold are mutually exclusive
bypass-threshold
Description Bypass when reputation score is greater than or equal to the customized score (1-100)
Type: number
Range: 1-100
Mutual Exclusion: bypass-threshold,bypass-trustworthy, bypass-low-risk, bypass-moderate-risk, bypass-suspicious, and bypass-malicious are mutually exclusive
bypass-trustworthy
Description Bypass when reputation score is greater than or equal to 81
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: bypass-trustworthy,bypass-low-risk, bypass-moderate-risk, bypass-suspicious, bypass-malicious, and bypass-threshold are mutually exclusive
client-ssl-list_bypass-cert-issuer-multi-class-list¶
Specification Value Type list Block object keys bypass-cert-issuer-multi-class-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: bypass-cert-issuer-multi-class-list-name and bypass-cert-issuer-class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
client-ssl-list_client-auth-equals-list¶
Specification Value Type list Block object keys client-auth-equals
Description Forward proxy bypass if SNI string equals another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-ssl-list_certificate-issuer-equals-list¶
Specification Value Type list Block object keys certificate-issuer-equals
Description Forward proxy bypass if Certificate issuer equals another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-ssl-list_certificate-san-ends-with-list¶
Specification Value Type list Block object keys certificate-san-ends-with
Description Forward proxy bypass if Certificate SAN ends with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-ssl-list_crl-certs¶
Specification Value Type list Block object keys crl
Description Certificate Revocation Lists (Certificate Revocation Lists file name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
crl-shared
Description Certificate Revocation Lists Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-ssl-list_certificate-list¶
Specification Value Type list Block object keys cert
Description Certificate Name
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
chain-cert
Description Chain Certificate (Chain Certificate Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
key
Description Server Private Key (Key Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
key-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
shared
Description Server Certificate and Key Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
client-ssl-list_client-ipv4-list¶
Specification Value Type list Block object keys client-ipv4-list-name
Description IPV4 client class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
client-ssl-list_multi-class-list¶
Specification Value Type list Block object keys multi-clist-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: multi-clist-name and class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
client-ssl-list_certificate-issuer-ends-with-list¶
Specification Value Type list Block object keys certificate-issuer-ends-with
Description Forward proxy bypass if Certificate issuer ends with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-ssl-list_exception-server-ipv4-list¶
Specification Value Type list Block object keys exception-server-ipv4-list-name
Description IPV4 exception server class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
client-ssl-list_web-category¶
Specification Value Type object abortion
Description Category Abortion
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
adult-and-pornography
Description Category Adult and Pornography
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
alcohol-and-tobacco
Description Category Alcohol and Tobacco
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
auctions
Description Category Auctions
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
bot-nets
Description Category Bot Nets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
business-and-economy
Description Category Business and Economy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cdns
Description Category CDNs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cheating
Description Category Cheating
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
computer-and-internet-info
Description Category Computer and Internet Info
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
computer-and-internet-security
Description Category Computer and Internet Security
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cult-and-occult
Description Category Cult and Occult
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dating
Description Category Dating
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dead-sites
Description Category Dead Sites (db Ops only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drugs
Description Category Abused Drugs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamically-generated-content
Description Dynamically Generated Content
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
educational-institutions
Description Category Educational Institutions
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
entertainment-and-arts
Description Category Entertainment and Arts
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fashion-and-beauty
Description Category Fashion and Beauty
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
financial-services
Description Category Financial Services
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
gambling
Description Category Gambling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
games
Description Category Games
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
government
Description Category Government
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
gross
Description Category Gross
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hacking
Description Category Hacking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hate-and-racism
Description Category Hate and Racism
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
health-and-medicine
Description Category Health and Medicine
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
home-and-garden
Description Category Home and Garden
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hunting-and-fishing
Description Category Hunting and Fishing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
illegal
Description Category Illegal
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
illegal-pornography
Description Category Illegal join Adult and Pornography
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
image-and-video-search
Description Category Image and Video Search
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
internet-communications
Description Category Internet Communications
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
internet-portals
Description Category Internet Portals
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
job-search
Description Category Job Search
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
keyloggers-and-monitoring
Description Category Keyloggers and Monitoring
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
kids
Description Category Kids
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
legal
Description Category Legal
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
local-information
Description Category Local Information
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malware-sites
Description Category Malware Sites
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
marijuana
Description Category Marijuana
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
military
Description Category Military
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
motor-vehicles
Description Category Motor Vehicles
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
music
Description Category Music
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
news-and-media
Description Category News and Media
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
nudity
Description Category Nudity
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
nudity-artistic
Description Category Nudity join Entertainment and Arts
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
online-greeting-cards
Description Category Online Greeting cards
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
parked-domains
Description Category Parked Domains
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
pay-to-surf
Description Category Pay to Surf
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
peer-to-peer
Description Category Peer to Peer
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
personal-sites-and-blogs
Description Category Personal sites and Blogs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
personal-storage
Description Category Personal Storage
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
philosophy-and-politics
Description Category Philosophy and Political Advocacy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
phishing-and-other-fraud
Description Category Phishing and Other Frauds
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
proxy-avoid-and-anonymizers
Description Category Proxy Avoid and Anonymizers
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
questionable
Description Category Questionable
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
real-estate
Description Category Real Estate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
recreation-and-hobbies
Description Category Recreation and Hobbies
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
reference-and-research
Description Category Reference and Research
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
religion
Description Category Religion
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
search-engines
Description Category Search Engines
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sex-education
Description Category Sex Education
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
shareware-and-freeware
Description Category Shareware and Freeware
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
shopping
Description Category Shopping
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
social-network
Description Category Social Network
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
society
Description Category Society
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
spam-urls
Description Category SPAM URLs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sports
Description Category Sports
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
spyware-and-adware
Description Category Spyware and Adware
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
stock-advice-and-tools
Description Category Stock Advice and Tools
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
streaming-media
Description Category Streaming Media
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
swimsuits-and-intimate-apparel
Description Category Swimsuits and Intimate Apparel
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
training-and-tools
Description Category Training and Tools
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
translation
Description Category Translation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
travel
Description Category Travel
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uncategorized
Description Uncategorized URLs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
violence
Description Category Violence
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
weapons
Description Category Weapons
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
web-advertisements
Description Category Web Advertisements
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
web-based-email
Description Category Web based email
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
web-hosting-sites
Description Category Web Hosting Sites
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-ssl-list_certificate-san-equals-list¶
Specification Value Type list Block object keys certificate-san-equals
Description Forward proxy bypass if Certificate SAN equals another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-ssl-list_exception-client-ipv4-list¶
Specification Value Type list Block object keys exception-client-ipv4-list-name
Description IPV4 exception client class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
client-ssl-list_certificate-issuer-contains-list¶
Specification Value Type list Block object keys certificate-issuer-contains
Description Forward proxy bypass if Certificate issuer contains another string (Certificate issuer)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-ssl-list_client-auth-starts-with-list¶
Specification Value Type list Block object keys client-auth-starts-with
Description Forward proxy bypass if SNI string starts with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-ssl-list_certificate-subject-ends-with-list¶
Specification Value Type list Block object keys certificate-subject-ends-with
Description Forward proxy bypass if Certificate Subject ends with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-ssl-list_bypass-cert-san-multi-class-list¶
Specification Value Type list Block object keys bypass-cert-san-multi-class-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: bypass-cert-san-multi-class-list-name and bypass-cert-san-class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
client-ssl-list_server-name-list¶
Specification Value Type list Block object keys server-cert
Description Server Certificate associated to SNI (Server Certificate Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
server-cert-regex
Description Server Certificate associated to SNI regex (Server Certificate Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
server-chain
Description Server Certificate Chain associated to SNI (Server Certificate Chain Name)
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
server-chain-regex
Description Server Certificate Chain associated to SNI regex (Server Certificate Chain Name)
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
server-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)server-encrypted-regex
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)server-key
Description Server Private Key associated to SNI (Server Private Key Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
server-key-regex
Description Server Private Key associated to SNI regex (Server Private Key Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
server-name
Description Server name indication in Client hello extension (Server name String)
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
server-name-alternate
Description Specific the second certifcate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-name-regex
Description Server name indication in Client hello extension with regular expression (Server name String with regex)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
server-name-regex-alternate
Description Specific the second certifcate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-passphrase
Description help Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
server-passphrase-regex
Description help Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
server-shared
Description Server Name Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-shared-regex
Description Server Name Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-regex-shared-partition-client-ssl-template
Description Reference a Client SSL template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-regex-template
Description Template associated to SNI regex
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-regex-template-client-ssl
Description Client SSL Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/client-ssl
sni-regex-template-client-ssl-shared-name
Description Client SSL Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/client-ssl
sni-shared-partition-client-ssl-template
Description Reference a Client SSL template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-template
Description Template associated to SNI
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-template-client-ssl
Description Client SSL Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/client-ssl
sni-template-client-ssl-shared-name
Description Client SSL Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/client-ssl
client-ssl-list_exception-web-category¶
Specification Value Type object exception-abortion
Description Category Abortion
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-adult-and-pornography
Description Category Adult and Pornography
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-alcohol-and-tobacco
Description Category Alcohol and Tobacco
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-auctions
Description Category Auctions
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-bot-nets
Description Category Bot Nets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-business-and-economy
Description Category Business and Economy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-cdns
Description Category CDNs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-cheating
Description Category Cheating
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-computer-and-internet-info
Description Category Computer and Internet Info
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-computer-and-internet-security
Description Category Computer and Internet Security
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-cult-and-occult
Description Category Cult and Occult
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-dating
Description Category Dating
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-dead-sites
Description Category Dead Sites (db Ops only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-drugs
Description Category Abused Drugs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-dynamically-generated-content
Description Dynamically Generated Content
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-educational-institutions
Description Category Educational Institutions
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-entertainment-and-arts
Description Category Entertainment and Arts
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-fashion-and-beauty
Description Category Fashion and Beauty
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-financial-services
Description Category Financial Services
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-gambling
Description Category Gambling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-games
Description Category Games
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-government
Description Category Government
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-gross
Description Category Gross
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-hacking
Description Category Hacking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-hate-and-racism
Description Category Hate and Racism
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-health-and-medicine
Description Category Health and Medicine
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-home-and-garden
Description Category Home and Garden
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-hunting-and-fishing
Description Category Hunting and Fishing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-illegal
Description Category Illegal
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-illegal-pornography
Description Category Illegal join Adult and Pornography
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-image-and-video-search
Description Category Image and Video Search
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-internet-communications
Description Category Internet Communications
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-internet-portals
Description Category Internet Portals
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-job-search
Description Category Job Search
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-keyloggers-and-monitoring
Description Category Keyloggers and Monitoring
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-kids
Description Category Kids
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-legal
Description Category Legal
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-local-information
Description Category Local Information
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-malware-sites
Description Category Malware Sites
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-marijuana
Description Category Marijuana
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-military
Description Category Military
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-motor-vehicles
Description Category Motor Vehicles
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-music
Description Category Music
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-news-and-media
Description Category News and Media
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-nudity
Description Category Nudity
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-nudity-artistic
Description Category Nudity join Entertainment and Arts
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-online-greeting-cards
Description Category Online Greeting cards
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-parked-domains
Description Category Parked Domains
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-pay-to-surf
Description Category Pay to Surf
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-peer-to-peer
Description Category Peer to Peer
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-personal-sites-and-blogs
Description Category Personal sites and Blogs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-personal-storage
Description Category Personal Storage
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-philosophy-and-politics
Description Category Philosophy and Political Advocacy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-phishing-and-other-fraud
Description Category Phishing and Other Frauds
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-proxy-avoid-and-anonymizers
Description Category Proxy Avoid and Anonymizers
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-questionable
Description Category Questionable
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-real-estate
Description Category Real Estate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-recreation-and-hobbies
Description Category Recreation and Hobbies
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-reference-and-research
Description Category Reference and Research
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-religion
Description Category Religion
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-search-engines
Description Category Search Engines
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-sex-education
Description Category Sex Education
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-shareware-and-freeware
Description Category Shareware and Freeware
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-shopping
Description Category Shopping
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-social-network
Description Category Social Network
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-society
Description Category Society
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-spam-urls
Description Category SPAM URLs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-sports
Description Category Sports
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-spyware-and-adware
Description Category Spyware and Adware
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-stock-advice-and-tools
Description Category Stock Advice and Tools
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-streaming-media
Description Category Streaming Media
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-swimsuits-and-intimate-apparel
Description Category Swimsuits and Intimate Apparel
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-training-and-tools
Description Category Training and Tools
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-translation
Description Category Translation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-travel
Description Category Travel
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-uncategorized
Description Uncategorized URLs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-violence
Description Category Violence
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-weapons
Description Category Weapons
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-web-advertisements
Description Category Web Advertisements
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-web-based-email
Description Category Web based email
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-web-hosting-sites
Description Category Web Hosting Sites
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-ssl-list_exception-server-ipv6-list¶
Specification Value Type list Block object keys exception-server-ipv6-list-name
Description IPV6 exception server class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
client-ssl-list_certificate-issuer-starts-with-list¶
Specification Value Type list Block object keys certificate-issuer-starts
Description Forward proxy bypass if Certificate issuer starts with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-ssl-list_certificate-san-starts-with-list¶
Specification Value Type list Block object keys certificate-san-starts
Description Forward proxy bypass if Certificate SAN starts with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-ssl-list_server-ipv4-list¶
Specification Value Type list Block object keys server-ipv4-list-name
Description IPV4 server class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
client-ssl-list_client-auth-ends-with-list¶
Specification Value Type list Block object keys client-auth-ends-with
Description Forward proxy bypass if SNI string ends with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-ssl-list_exception-client-ipv6-list¶
Specification Value Type list Block object keys exception-client-ipv6-list-name
Description IPV6 exception client class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
client-ssl-list_exception-web-reputation¶
Specification Value Type object exception-low-risk
Description Intercept when reputation score is less than or equal to 80
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: exception-low-risk,exception-trustworthy, exception-moderate-risk, exception-suspicious, exception-malicious, and exception-threshold are mutually exclusive
exception-malicious
Description Intercept when reputation score is less than or equal to 20
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: exception-malicious,exception-trustworthy, exception-low-risk, exception-moderate-risk, exception-suspicious, and exception-threshold are mutually exclusive
exception-moderate-risk
Description Intercept when reputation score is less than or equal to 60
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: exception-moderate-risk,exception-trustworthy, exception-low-risk, exception-suspicious, exception-malicious, and exception-threshold are mutually exclusive
exception-suspicious
Description Intercept when reputation score is less than or equal to 40
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: exception-suspicious,exception-trustworthy, exception-low-risk, exception-moderate-risk, exception-malicious, and exception-threshold are mutually exclusive
exception-threshold
Description Intercept when reputation score is less than or equal to a customized value (1-100)
Type: number
Range: 1-100
Mutual Exclusion: exception-threshold,exception-trustworthy, exception-low-risk, exception-moderate-risk, exception-suspicious, and exception-malicious are mutually exclusive
exception-trustworthy
Description Intercept when reputation score is less than or equal to 100
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: exception-trustworthy,exception-low-risk, exception-moderate-risk, exception-suspicious, exception-malicious, and exception-threshold are mutually exclusive
client-ssl-list_local-cert-pin-list¶
Specification Value Type object local-cert-pin-list-bypass-fail-count
Description Set the connection fail count as bypass criteria (Bypass when connection failure count is greater than the criteria (1-65536))
Type: number
Range: 1-65536
client-ssl-list_server-ipv6-list¶
Specification Value Type list Block object keys server-ipv6-list-name
Description IPV6 server class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
client-ssl-list_certificate-subject-equals-list¶
Specification Value Type list Block object keys certificate-subject-equals
Description Forward proxy bypass if Certificate Subject equals another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-ssl-list_cipher-without-prio-list¶
Specification Value Type list Block object keys cipher-wo-prio
Description ‘SSL3_RSA_DES_192_CBC3_SHA’: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A); ‘SSL3_RSA_RC4_128_MD5’: TLS_RSA_WITH_RC4_128_MD5 (0x0004); ‘SSL3_RSA_RC4_128_SHA’: TLS_RSA_WITH_RC4_128_SHA (0x0005); ‘TLS1_RSA_AES_128_SHA’: TLS_RSA_WITH_AES_128_CBC_SHA (0x002F); ‘TLS1_RSA_AES_256_SHA’: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035); ‘TLS1_RSA_AES_128_SHA256’: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003C); ‘TLS1_RSA_AES_256_SHA256’: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003D); ‘TLS1_DHE_RSA_AES_128_GCM_SHA256’: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009E); ‘TLS1_DHE_RSA_AES_128_SHA’: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033); ‘TLS1_DHE_RSA_AES_128_SHA256’: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067); ‘TLS1_DHE_RSA_AES_256_GCM_SHA384’: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009F); ‘TLS1_DHE_RSA_AES_256_SHA’: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039); ‘TLS1_DHE_RSA_AES_256_SHA256’: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006B); ‘TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256’: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xC02B); ‘TLS1_ECDHE_ECDSA_AES_128_SHA’: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xC009); ‘TLS1_ECDHE_ECDSA_AES_128_SHA256’: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xC023); ‘TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384’: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xC02C); ‘TLS1_ECDHE_ECDSA_AES_256_SHA’: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xC00A); ‘TLS1_ECDHE_RSA_AES_128_GCM_SHA256’: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC02F); ‘TLS1_ECDHE_RSA_AES_128_SHA’: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013); ‘TLS1_ECDHE_RSA_AES_128_SHA256’: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027); ‘TLS1_ECDHE_RSA_AES_256_GCM_SHA384’: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030); ‘TLS1_ECDHE_RSA_AES_256_SHA’: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014); ‘TLS1_RSA_AES_128_GCM_SHA256’: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009C); ‘TLS1_RSA_AES_256_GCM_SHA384’: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009D); ‘TLS1_ECDHE_RSA_AES_256_SHA384’: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028); ‘TLS1_ECDHE_ECDSA_AES_256_SHA384’: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xC024); ‘TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256’: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA8); ‘TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256’: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA9); ‘TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256’: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCAA);
Type: string
Supported Values: SSL3_RSA_DES_192_CBC3_SHA, SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, TLS1_RSA_AES_128_SHA, TLS1_RSA_AES_256_SHA, TLS1_RSA_AES_128_SHA256, TLS1_RSA_AES_256_SHA256, TLS1_DHE_RSA_AES_128_GCM_SHA256, TLS1_DHE_RSA_AES_128_SHA, TLS1_DHE_RSA_AES_128_SHA256, TLS1_DHE_RSA_AES_256_GCM_SHA384, TLS1_DHE_RSA_AES_256_SHA, TLS1_DHE_RSA_AES_256_SHA256, TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256, TLS1_ECDHE_ECDSA_AES_128_SHA, TLS1_ECDHE_ECDSA_AES_128_SHA256, TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA, TLS1_ECDHE_RSA_AES_128_GCM_SHA256, TLS1_ECDHE_RSA_AES_128_SHA, TLS1_ECDHE_RSA_AES_128_SHA256, TLS1_ECDHE_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA, TLS1_RSA_AES_128_GCM_SHA256, TLS1_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA384, TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256, TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256, TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256
Mutual Exclusion: cipher-wo-prio, template-cipher, and shared-partition-cipher-template are mutually exclusive
client-ssl-list_starts-with-list¶
Specification Value Type list Block object keys starts-with
Description Forward proxy bypass if SNI string starts with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic-list¶
Specification Value Type list Block object keys burst-len
Description Number of burst packet, default 16
Type: number
Range: 16-360
connection-id-length
Description Connection id length in byte, default 8 bytes
Type: number
Range: 1-20
idle-timeout
Description Idle Timeout (interval of 60 seconds), default 120 seconds (idle timeout in second, default 120)
Type: number
Range: 1-3600
initial-wnd
Description Initial window size in byte, default 10000 (Initial window size, default 10000)
Type: number
Range: 10000-100000
key-update-to-client
Description Initiate key update on the client-side
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
key-update-to-server
Description Initiate key update on the server-side
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description QUIC Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
receive-buffer
Description Receive buffer size in byte, default 200000 (Receive buffer size, default 200000)
Type: number
Range: 30000-400000
server-retry
Description Enable server retry
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
link-block-as-down¶
Specification Value Type object enable
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dynamic-service-list¶
Specification Value Type list Block object keys class-list-list
Type: List
Reference Object: /axapi/v3/slb/template/dynamic-service/{name}/class-list/{dns-class-list}
dns-server
Type: Listname
Description Dynamic Service Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dynamic-service-list_dns-server¶
Specification Value Type list Block object keys ipv4-dns-server
Description DNS Server IPv4 Address
Type: string
Format: ipv4-address
ipv6-dns-server
Description DNS Server IPv6 Address
Type: string
Format: ipv6-address
dynamic-service-list_class-list-list¶
Specification Value Type list Block object keys dns-class-list
Description Name of Aho-Corasick class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dns-server
Type: Listpriority
Description Priority of the class-list(the larger number, the higher priority)
Type: number
Range: 1-64
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dynamic-service-list_class-list-list_dns-server¶
Specification Value Type list Block object keys ipv4-dns-server
Description DNS Server IPv4 Address
Type: string
Format: ipv4-address
ipv6-dns-server
Description DNS Server IPv6 Address
Type: string
Format: ipv6-address
dblb-list¶
Specification Value Type list Block object keys calc-sha1
Description: calc-sha1 is a JSON Block. Please see below for dblb-list_calc-sha1
Type: Object
Reference Object: /axapi/v3/slb/template/dblb/{name}/calc-sha1
class-list
Description Specify user/password string class list (Class list name)
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
name
Description DBLB template name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
server-version
Description ‘MSSQL2008’: MSSQL server 2008 or 2008 R2; ‘MSSQL2012’: MSSQL server 2012; ‘MySQL’: MySQL server (any version);
Type: string
Supported Values: MSSQL2008, MSSQL2012, MySQL
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dblb-list_calc-sha1¶
Specification Value Type object sha1-value
Description Cleartext password
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
fix-list¶
Specification Value Type list Block object keys insert-client-ip
Description Insert client ip to tag 11447
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
logging
Description ‘init’: init only log; ‘term’: termination only log; ‘both’: both initial and termination log;
Type: string
Supported Values: init, term, both
name
Description FIX Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
tag-switching
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
fix-list_tag-switching¶
Specification Value Type list Block object keys equals
Description Equals (Tag String)
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
service-group
Description Create a Service Group comprising Servers (Service Group Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
switching-type
Description ‘sender-comp-id’: Select service group based on SenderCompID; ‘target-comp-id’: Select service group based on TargetCompID;
Type: string
Supported Values: sender-comp-id, target-comp-id
persist¶
Specification Value Type object cookie-list
Type: List
Reference Object: /axapi/v3/slb/template/persist/cookie/{name}
destination-ip-list
Type: List
Reference Object: /axapi/v3/slb/template/persist/destination-ip/{name}
source-ip-list
Type: List
Reference Object: /axapi/v3/slb/template/persist/source-ip/{name}
ssl-sid-list
Type: List
Reference Object: /axapi/v3/slb/template/persist/ssl-sid/{name}
persist_destination-ip-list¶
Specification Value Type list Block object keys dont-honor-conn-rules
Description Do not observe connection rate rules
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hash-persist
Description Use hash value of destination IP address
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-type
Description Persistence type
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description Destination IP persistence template name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
netmask
Description IP subnet mask
Type: string
Format: ipv4-netmask
Default: 255.255.255.255
netmask6
Description IPV6 subnet mask
Type: number
Range: 1-128
Default: 128
scan-all-members
Description Persist with SCAN of all members
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server
Description Persist to the same server, default is port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: server and service-group are mutually exclusive
service-group
Description Persist within the same service group
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: service-group and server are mutually exclusive
timeout
Description Persistence timeout (in minutes)
Type: number
Range: 1-2000
Default: 5
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
persist_source-ip-list¶
Specification Value Type list Block object keys dont-honor-conn-rules
Description Do not observe connection rate rules
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enforce-higher-priority
Description Enforce to use high priority node if available
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hash-persist
Description Use hash value of source IP address
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
incl-dst-ip
Description Include destination IP on the persist
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
incl-sport
Description Include source port on the persist
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-type
Description Persistence type
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description Source IP persistence template name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
netmask
Description IP subnet mask
Type: string
Format: ipv4-netmask
Default: 255.255.255.255
netmask6
Description IPV6 subnet mask
Type: number
Range: 1-128
Default: 128
primary-port
Description Primary port to create the persist session
Type: number
Range: 1-65534
scan-all-members
Description Persist with SCAN of all members
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server
Description Persist to the same server, default is port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: server and service-group are mutually exclusive
service-group
Description Persist within the same service group
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: service-group and server are mutually exclusive
timeout
Description Persistence timeout (in minutes)
Type: number
Range: 1-4321
Default: 5
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
persist_cookie-list¶
Specification Value Type list Block object keys cookie-name
Description Set cookie name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Default: sto-id
domain
Description Set cookie domain
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dont-honor-conn-rules
Description Do not observe connection rate rules
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
encrypt-level
Description Encryption level for cookie name / value
Type: number
Range: 0-1
Default: 1
encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)expire
Description Set cookie expiration time (Expiration in seconds)
Type: number
Range: 0-31536000
Default: 31536000
httponly
Description Enable HttpOnly attribute
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
insert-always
Description Insert persist cookie to every reponse
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-type
Description Persist for server, default is port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description Cookie persistence (Cookie persistence template name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
pass-phrase
Description Set passphrase for encryption
Type: string
Format: password
Maximum Length: 8 characters
Maximum Length: 8 characters
Default: ACOS4KEY
pass-thru
Description Pass thru mode - Server sends the persist cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
path
Description Set cookie path (Cookie path, default is “/”)
Type: string
Format: string-rlx
Maximum Length: 31 characters
Maximum Length: 1 characters
Default: /
prefix
Description ‘host’: the cookie will have been set with a Secure attribute, a Path attribute with a value of /, and no Domain attribute; ‘secure’: the cookie will have been set with a Secure attribute;
Type: string
Supported Values: host, secure
samesite
Description ‘none’: none; ‘lax’: lax; ‘strict’: strict;
Type: string
Supported Values: none, lax, strict
scan-all-members
Description Persist within the same server SCAN
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
secure
Description Enable secure attribute
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server
Description Persist to the same server, default is port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: server and service-group are mutually exclusive
server-service-group
Description Persist to the same server and within the same service group
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
service-group
Description Persist within the same service group
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: service-group and server are mutually exclusive
use-attribute
Description ‘max-age’: Use the Max-Age attribute; ‘expires’: Use the Expires attribute; ‘all’: Use all attributes;
Type: string
Supported Values: max-age, expires, all
Default: expires
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
persist_ssl-sid-list¶
Specification Value Type list Block object keys dont-honor-conn-rules
Description Do not observe connection rate rules
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description SSL session ID persistence template name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
timeout
Description Persistence timeout (in minutes)
Type: number
Range: 1-2000
Default: 5
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
doh-list¶
Specification Value Type list Block object keys conn-reuse
Description ‘enable’: Enable Connection Reuse; ‘disable’: Disable Connection-Reuse (Default);
Type: string
Supported Values: enable, disable
Default: disable
dns
Description DNS Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Default: default
Mutual Exclusion: dns and shared-partition-dns-template are mutually exclusive
Reference Object: /axapi/v3/slb/template/dns
dns-retry
Description: dns-retry is a JSON Block. Please see below for doh-list_dns-retry
Type: Object
Reference Object: /axapi/v3/slb/template/doh/{name}/dns-retry
forwarder
Description: forwarder is a JSON Block. Please see below for doh-list_forwarder
Type: Object
Reference Object: /axapi/v3/slb/template/doh/{name}/forwarder
name
Description DNS over HTTP(s) Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
non-dns-request
Description ‘allow’: Forward Non-DoH request to http server bound to vport; ‘reject’: Reject Non-DoH requests with HTTP 400 Bad Request (Default);
Type: string
Supported Values: allow, reject
Default: reject
reject-status-code
Description ‘400’: Status Code 400 BAD Request (Default); ‘500’: Status Code 500 Internal Server Error; ‘501’: Status Code 501 Not Implemented;
Type: string
Supported Values: 400, 500, 501
Default: 400
shared-partition-dns-template
Description Reference a DNS template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: shared-partition-dns-template and dns are mutually exclusive
shared-partition-tcp-proxy-template
Description Reference a TCP Proxy template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: shared-partition-tcp-proxy-template and tcp-proxy are mutually exclusive
snat-pool
Description Source NAT pool or pool group
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ip/nat/pool
source-nat
Description ‘auto’: Perform Source NAT Auto for service-group(Default) (Not supported with forwarding-ip); ‘disable’: Don’t perform source-nat for server side DNS queries; ‘pool’: Perform Source NAT with specific pool;
Type: string
Supported Values: auto, disable, pool
Default: auto
tcp-proxy
Description TCP Proxy Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Default: default
Mutual Exclusion: tcp-proxy and shared-partition-tcp-proxy-template are mutually exclusive
Reference Object: /axapi/v3/slb/template/tcp-proxy
template-dns-shared
Description DNS Template name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/dns
template-tcp-proxy-shared
Description TCP Proxy Template name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/tcp-proxy
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
doh-list_forwarder¶
Specification Value Type object bypass-doh
Description Forward valid DoH HTTP request as is, no DNS packet extraction (Bypass DoH)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: bypass-doh,forwarding-ipv4, forwarding-ipv6, tcp-service-group, and udp-service-group are mutually exclusive
forwarding-ipv4
Description SLB VIP IPv4 address to forward DOH query (IP address)
Type: string
Format: ipv4-address
Mutual Exclusion: forwarding-ipv4,forwarding-ipv6, tcp-service-group, udp-service-group, and bypass-doh are mutually exclusive
forwarding-ipv6
Description SLB VIP IPv6 address to forward DOH query (IP address)
Type: string
Format: ipv6-address
Mutual Exclusion: forwarding-ipv6,forwarding-ipv4, tcp-service-group, udp-service-group, and bypass-doh are mutually exclusive
tcp-service-group
Description Bind a TCP Service Group to the template (Service Group Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: tcp-service-group,forwarding-ipv4, forwarding-ipv6, and bypass-doh are mutually exclusive
Reference Object: /axapi/v3/slb/service-group
udp-service-group
Description Bind a UDP Service Group to the template (Service Group Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: udp-service-group,forwarding-ipv4, forwarding-ipv6, and bypass-doh are mutually exclusive
Reference Object: /axapi/v3/slb/service-group
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
v4-internal
Description Try to find this IP as a VIP in this L3v Partition and forward it internally to the VIP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
v4-l4-proto
Description ‘tcp’: Use TCP only when forwarding DNS traffic; ‘udp’: Use UDP only when forwarding DNS traffic; ‘both’: Use UDP 1st and if unreachable, retry with TCP when forwarding DNS traffic;
Type: string
Supported Values: tcp, udp, both
Default: both
v4-port
Description Forwarding port number, Default is 53
Type: number
Range: 1-65534
Default: 53
v6-internal
Description Try to find this IP as a VIP in this L3v Partition and forward it internally to the VIP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
v6-l4-proto
Description ‘tcp’: Use TCP only when forwarding DNS traffic; ‘udp’: Use UDP only when forwarding DNS traffic; ‘both’: Use UDP 1st and if unreachable, retry with TCP when forwarding DNS traffic;
Type: string
Supported Values: tcp, udp, both
Default: both
v6-port
Description Forwarding port number, Default is 53
Type: number
Range: 1-65534
Default: 53
doh-list_dns-retry¶
Specification Value Type object after-timeout
Description ‘close’: Close client side connection; ‘retry-with-tcp’: Retry DNS query to server using TCP (If UDP was tried initially. Close after.);
Type: string
Supported Values: close, retry-with-tcp
Default: close
max-trials
Description Total number of times to try DNS query to server before closing client connection, default 3
Type: number
Range: 1-5
Default: 3
retry-interval
Description DNS Retry Interval value 1 - 400 in units of 100ms, default is 10 (default is 1000ms) (1 - 400 in units of 100ms, default is 10 (1000ms/1sec))
Type: number
Range: 1-400
Default: 10
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
sip-list¶
Specification Value Type list Block object keys acl-id
Description ACL id
Type: number
Range: 100-199
Mutual Exclusion: acl-id and acl-name-value are mutually exclusive
Reference Object: /axapi/v3/access-list/standard
acl-name-value
Description IPv4 Access List Name
Type: string
Maximum Length: 16 characters
Maximum Length: 1 characters
Mutual Exclusion: acl-name-value and acl-id are mutually exclusive
Reference Object: /axapi/v3/ip/access-list
alg-dest-nat
Description Translate VIP to real server IP in SIP message when destination NAT is used
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
alg-source-nat
Description Translate source IP to NAT IP in SIP message when source NAT is used
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
call-id-persist-disable
Description Disable call-ID persistence
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-keep-alive
Description Respond client keep-alive packet directly instead of forwarding to server
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-request-header
Type: Listclient-response-header
Type: Listdialog-aware
Description Permit system processes dialog session
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-when-client-fail
Description Drop current SIP message when select client fail
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: drop-when-client-fail and failed-client-selection-message are mutually exclusive
drop-when-server-fail
Description Drop current SIP message when select server fail
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: drop-when-server-fail and failed-server-selection-message are mutually exclusive
exclude-translation
Type: Listfailed-client-selection
Description Define action when select client fail
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
failed-client-selection-message
Description Send SIP message (includs status code) to server when select client fail(Format: 3 digits(1XX~6XX) space reason)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: failed-client-selection-message and drop-when-client-fail are mutually exclusive
failed-server-selection
Description Define action when select server fail
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
failed-server-selection-message
Description Send SIP message (includs status code) to client when select server fail(Format: 3 digits(1XX~6XX) space reason)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: failed-server-selection-message and drop-when-server-fail are mutually exclusive
insert-client-ip
Description Insert Client IP address into SIP header
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
interval
Description The interval of keep-alive packet for each persist connection (second)
Type: number
Range: 5-300
Default: 30
keep-server-ip-if-match-acl
Description Use Real Server IP for addresses matching the ACL for a Call-Id
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description SIP Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
pstn-gw
Description configure pstn gw host name for tel: uri translate to sip: uri (Hostname String, default is “pstn”)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Default: pstn
server-keep-alive
Description Send server keep-alive packet for every persist connection when enable conn-reuse
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-request-header
Type: Listserver-response-header
Type: Listserver-selection-per-request
Description Force server selection on every SIP request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
service-group
Description service group name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
smp-call-id-rtp-session
Description Create the across cpu call-id rtp session
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
timeout
Description Time in minutes
Type: number
Range: 1-250
Default: 30
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
sip-list_server-request-header¶
Specification Value Type list Block object keys insert-condition-server-request
Description ‘insert-if-not-exist’: Only insert the header when it does not exist; ‘insert-always’: Always insert the header even when there is a header with the same name;
Type: string
Supported Values: insert-if-not-exist, insert-always
server-request-erase-all
Description Erase all headers
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-request-header-erase
Description Erase a SIP header (Header Name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
server-request-header-insert
Description Insert a SIP header (Header Content (Format: “name:value”))
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
sip-list_server-response-header¶
Specification Value Type list Block object keys insert-condition-server-response
Description ‘insert-if-not-exist’: Only insert the header when it does not exist; ‘insert-always’: Always insert the header even when there is a header with the same name;
Type: string
Supported Values: insert-if-not-exist, insert-always
server-response-erase-all
Description Erase all headers
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-response-header-erase
Description Erase a SIP header (Header Name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
server-response-header-insert
Description Insert a SIP header (Header Content (Format: “name:value”))
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
sip-list_client-request-header¶
Specification Value Type list Block object keys client-request-erase-all
Description Erase all headers
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-request-header-erase
Description Erase a SIP header (Header Name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-request-header-insert
Description Insert a SIP header (Header Content (Format: “name:value”))
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
insert-condition-client-request
Description ‘insert-if-not-exist’: Only insert the header when it does not exist; ‘insert-always’: Always insert the header even when there is a header with the same name;
Type: string
Supported Values: insert-if-not-exist, insert-always
sip-list_client-response-header¶
Specification Value Type list Block object keys client-response-erase-all
Description Erase all headers
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-response-header-erase
Description Erase a SIP header (Header Name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-response-header-insert
Description Insert a SIP header (Header Content (Format: “name:value”))
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
insert-condition-client-response
Description ‘insert-if-not-exist’: Only insert the header when it does not exist; ‘insert-always’: Always insert the header even when there is a header with the same name;
Type: string
Supported Values: insert-if-not-exist, insert-always
sip-list_exclude-translation¶
Specification Value Type list Block object keys header-string
Description SIP header name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
translation-value
Description ‘start-line’: SIP request line or status line; ‘header’: SIP message headers; ‘body’: SIP message body;
Type: string
Supported Values: start-line, header, body
respmod-icap-list¶
Specification Value Type list Block object keys action
Description ‘continue’: Continue; ‘drop’: Drop; ‘reset’: Reset;
Type: string
Supported Values: continue, drop, reset
Default: continue
bypass-ip-cfg
Type: Listdisable-http-server-reset
Description Don’t reset http server
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fail-close
Description When template sg is down mark vport down
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
failure-action
Description ‘continue’: Continue; ‘drop’: Drop; ‘reset’: Reset;
Type: string
Supported Values: continue, drop, reset
Default: continue
include-protocol-in-uri
Description Include protocol and port in HTTP URI
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-only-allowed-method
Description Only log allowed HTTP method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
logging
Description logging template (Logging template name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/logging
min-payload-size
Description min-payload-size value 0 - 65535, default is 0
Type: number
Range: 0-65535
Default: 0
name
Description Reqmod ICAP Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
preview
Description Preview value 1 - 32768, default is 32768
Type: number
Range: 1-32768
Default: 32768
server-ssl
Description Server SSL template (Server SSL template name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/server-ssl
service-group
Description Bind a Service Group to the template (Service Group Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
service-url
Description URL to send to ICAP server (Service URL Name)
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
shared-partition-persist-source-ip-template
Description Reference a persist source ip template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: shared-partition-persist-source-ip-template and source-ip are mutually exclusive
shared-partition-tcp-proxy-template
Description Reference a TCP Proxy template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: shared-partition-tcp-proxy-template and tcp-proxy are mutually exclusive
source-ip
Description Source IP persistence template (Source IP persistence template name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: source-ip and shared-partition-persist-source-ip-template are mutually exclusive
Reference Object: /axapi/v3/slb/template/persist/source-ip
tcp-proxy
Description TCP Proxy Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: tcp-proxy and shared-partition-tcp-proxy-template are mutually exclusive
Reference Object: /axapi/v3/slb/template/tcp-proxy
template-persist-source-ip-shared
Description Source IP Persistence Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/persist/source-ip
template-tcp-proxy-shared
Description TCP Proxy Template name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/tcp-proxy
timeout
Description Timeout value 1 - 200 in units of 200ms, default is 5 (default is 1000ms) (1 - 200 in units of 200ms, default is 5 (1000ms))
Type: number
Range: 1-200
Default: 5
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
x-auth-url
Description Use URL format for authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
respmod-icap-list_bypass-ip-cfg¶
Specification Value Type list Block object keys bypass-ip
Description ip address to bypass respmod-icap service
Type: string
Format: ipv4-address
mask
Description IP prefix mask
Type: string
Format: ipv4-netmask
virtual-server-list¶
Specification Value Type list Block object keys conn-limit
Description Connection limit
Type: number
Range: 1-64000000
Default: 64000000
conn-limit-no-logging
Description Do not log connection over limit event
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
conn-limit-reset
Description Send client reset when connection over limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
conn-rate-limit
Description Connection rate limit
Type: number
Range: 1-1048575
conn-rate-limit-no-logging
Description Do not log connection over limit event
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
conn-rate-limit-reset
Description Send client reset when connection rate over limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-when-all-ports-down
Description Disable Virtual Server when all member ports are down
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: disable-when-all-ports-down and disable-when-any-port-down are mutually exclusive
disable-when-any-port-down
Description Disable Virtual Server when any member port is down
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: disable-when-any-port-down and disable-when-all-ports-down are mutually exclusive
icmp-lockup
Description Enter lockup state when ICMP rate exceeds lockup rate limit (Maximum rate limit. If exceeds this limit, drop all ICMP packet for a time period)
Type: number
Range: 1-65535
icmp-lockup-period
Description Lockup period (second)
Type: number
Range: 1-16383
icmp-rate-limit
Description ICMP rate limit (Normal rate limit. If exceeds this limit, drop the ICMP packet that goes over the limit)
Type: number
Range: 1-65535
icmpv6-lockup
Description Enter lockup state when ICMP rate exceeds lockup rate limit (Maximum rate limit. If exceeds this limit, drop all ICMP packet for a time period)
Type: number
Range: 1-65535
icmpv6-lockup-period
Description Lockup period (second)
Type: number
Range: 1-16383
icmpv6-rate-limit
Description ICMPv6 rate limit (Normal rate limit. If exceeds this limit, drop the ICMP packet that goes over the limit)
Type: number
Range: 1-65535
name
Description Virtual server template name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Default: default
rate-interval
Description ‘100ms’: Use 100 ms as sampling interval; ‘second’: Use 1 second as sampling interval;
Type: string
Supported Values: 100ms, second
Default: second
subnet-gratuitous-arp
Description Send gratuitous ARP for every IP in the subnet virtual server
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-stack-tfo-active-conn-limit
Description The allowed active layer 7 tcp fast-open connection limit, default is zero (number)
Type: number
Range: 0-10000
Default: 0
tcp-stack-tfo-backoff-time
Description The time tcp stack will wait before allowing new fast-open requests after security condition, default 600 seconds (number)
Type: number
Range: 1-14400
Default: 600
tcp-stack-tfo-cookie-time-limit
Description The time limit (in seconds) that a layer 7 tcp fast-open cookie is valid, default is 60 seconds (number)
Type: number
Range: 1-14400
Default: 60
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
client-ssh-list¶
Specification Value Type list Block object keys encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)forward-proxy-enable
Description Enable SSH forward proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-hostkey
Description Specify private-key (Key Name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
name
Description Client SSH Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ssli-list¶
Specification Value Type list Block object keys name
Description SSLi Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
type
Description ‘http’: HTTP service; ‘xmpp’: XMPP service; ‘smtp’: SMTP service; ‘pop’: POP service; ‘ldap’: LDAP service; ‘ftp’: FTP service;
Type: string
Supported Values: http, xmpp, smtp, pop, ldap, ftp
Default: http
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
server-ssh-list¶
Specification Value Type list Block object keys forward-proxy-enable
Description Enable SSH forward proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description Server SSH Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-list¶
Specification Value Type list Block object keys add-padding-to-client
Description ‘block-length’: Block-Length Padding; ‘random-block-length’: Random-Block-Length Padding;
Type: string
Supported Values: block-length, random-block-length
cache-record-serving-policy
Description ‘global’: Follow global cofiguration (Default); ‘no-change’: No change in record order; ‘round-robin’: Round-robin;
Type: string
Supported Values: global, no-change, round-robin
cache-ttl-adjustment-enable
Description enable the ttl adjustment for dns cache response
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
class-list
Description: class-list is a JSON Block. Please see below for dns-list_class-list
Type: Object
Reference Object: /axapi/v3/slb/template/dns/{name}/class-list
default-policy
Description ‘nocache’: Cache disable; ‘cache’: Cache enable;
Type: string
Supported Values: nocache, cache
Default: nocache
disable-dns-template
Description Disable DNS template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-ra-cached-resp
Description Disable DNS recursive available flag in cached response
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-rpz-attach-soa
Description Disable attaching SOA due to RPZ
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-logging
Description dns logging template (DNS Logging template name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/dns-logging
dns64
Description: dns64 is a JSON Block. Please see below for dns-list_dns64
Type: Object
Reference Object: /axapi/v3/slb/template/dns/{name}/dns64
dnssec-service-group
Description Use different service group if DNSSEC DO bit set (Service Group Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
drop
Description Drop the malformed query
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: drop and forward are mutually exclusive
enable-cache-sharing
Description Enable DNS cache sharing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward
Description Forward to service group (Service group name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: forward and drop are mutually exclusive
Reference Object: /axapi/v3/slb/service-group
insert-ipv4
Description prefix-length to insert for IPv4
Type: number
Range: 0-32
insert-ipv6
Description prefix-length to insert for IPv6
Type: number
Range: 0-128
local-dns-resolution
Description: local-dns-resolution is a JSON Block. Please see below for dns-list_local-dns-resolution
Type: Object
Reference Object: /axapi/v3/slb/template/dns/{name}/local-dns-resolution
max-cache-entry-size
Description Define maximum cache entry size (Maximum cache entry size per VIP (default 1024))
Type: number
Range: 1-4096
Default: 1024
max-cache-size
Description Define maximum cache size (Maximum cache entry per VIP)
Type: number
max-query-length
Description Define Maximum DNS Query Length, default is unlimited (Specify Maximum Length)
Type: number
Range: 1-4095
name
Description DNS Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
negative-dns-cache
Description: negative-dns-cache is a JSON Block. Please see below for dns-list_negative-dns-cache
Type: Object
Reference Object: /axapi/v3/slb/template/dns/{name}/negative-dns-cache
period
Description Period in minutes
Type: number
Range: 1-10000
query-class-filter
Description: query-class-filter is a JSON Block. Please see below for dns-list_query-class-filter
Type: Object
Reference Object: /axapi/v3/slb/template/dns/{name}/query-class-filter
query-id-switch
Description Use DNS query ID to create sesion
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
query-type-filter
Description: query-type-filter is a JSON Block. Please see below for dns-list_query-type-filter
Type: Object
Reference Object: /axapi/v3/slb/template/dns/{name}/query-type-filter
recursive-dns-resolution
Description: recursive-dns-resolution is a JSON Block. Please see below for dns-list_recursive-dns-resolution
Type: Object
Reference Object: /axapi/v3/slb/template/dns/{name}/recursive-dns-resolution
redirect-to-tcp-port
Description Direct the client to retry with TCP for DNS UDP request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
remove-aa-flag
Description Make answers created from cache non-authoritative
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
remove-csubnet
Description Remove EDNS(0) client subnet from client queries
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
remove-padding-to-server
Description Remove EDNS(0) padding to server
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
response-rate-limiting
Description: response-rate-limiting is a JSON Block. Please see below for dns-list_response-rate-limiting
Type: Object
Reference Object: /axapi/v3/slb/template/dns/{name}/response-rate-limiting
rpz-list
Type: List
Reference Object: /axapi/v3/slb/template/dns/{name}/rpz/{seq-id}
udp-retransmit
Description: udp-retransmit is a JSON Block. Please see below for dns-list_udp-retransmit
Type: Object
Reference Object: /axapi/v3/slb/template/dns/{name}/udp-retransmit
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-list_response-rate-limiting¶
Specification Value Type object TC-rate
Description Every n’th response that would be rate-limited will respond with TC bit
Type: number
Range: 2-10
Mutual Exclusion: TC-rate and slip-rate are mutually exclusive
action
Description ‘log-only’: Only log rate-limiting, do not actually rate limit. Requires enable-log configuration; ‘rate-limit’: Rate-Limit based on configuration (Default); ‘whitelist’: Whitelist, disable rate-limiting;
Type: string
Supported Values: log-only, rate-limit, whitelist
Default: rate-limit
enable-log
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
filter-response-rate
Description Maximum allowed request rate for the filter. This should match average traffic. (default 10 per seconds)
Type: number
Range: 1-1000
Default: 10
match-subnet
Description IP subnet mask (response rate by IP subnet mask)
Type: string
Format: ipv4-netmask
Default: 255.255.255.255
match-subnet-v6
Description IPV6 subnet mask (response rate by IPv6 subnet mask)
Type: number
Range: 1-128
Default: 128
response-rate
Description Responses exceeding this rate within the window will be dropped (default 5 per second)
Type: number
Range: 1-1000
Default: 5
rrl-class-list-list
Type: List
Reference Object: /axapi/v3/slb/template/dns/{name}/response-rate-limiting/rrl-class-list/{name}
slip-rate
Description Every n’th response that would be rate-limited will be let through instead
Type: number
Range: 2-10
Mutual Exclusion: slip-rate and TC-rate are mutually exclusive
src-ip-only
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
window
Description Rate-Limiting Interval in Seconds (default is one)
Type: number
Range: 1-60
Default: 1
dns-list_response-rate-limiting_rrl-class-list-list¶
Specification Value Type list Block object keys lid-list
Type: List
Reference Object: /axapi/v3/slb/template/dns/{name}/response-rate-limiting/rrl-class-list/{name}/lid/{lidnum}
name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-list_response-rate-limiting_rrl-class-list-list_lid-list¶
Specification Value Type list Block object keys lid-action
Description ‘log-only’: Only log rate-limiting, do not actually rate limit. Requires enable-log configuration; ‘rate-limit’: Rate-Limit based on configuration (Default); ‘whitelist’: Whitelist, disable rate-limiting;
Type: string
Supported Values: log-only, rate-limit, whitelist
Default: rate-limit
lid-enable-log
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
lid-match-subnet
Description IP subnet mask (response rate by IP subnet mask)
Type: string
Format: ipv4-netmask
Default: 255.255.255.255
lid-match-subnet-v6
Description IPV6 subnet mask (response rate by IPv6 subnet mask)
Type: number
Range: 1-128
Default: 128
lid-response-rate
Description Responses exceeding this rate within the window will be dropped (default 5 per second)
Type: number
Range: 1-1000
Default: 5
lid-slip-rate
Description Every n’th response that would be rate-limited will be let through instead
Type: number
Range: 2-10
Mutual Exclusion: lid-slip-rate and lid-tc-rate are mutually exclusive
lid-src-ip-only
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
lid-tc-rate
Description Every n’th response that would be rate-limited will respond with TC bit
Type: number
Range: 2-10
Mutual Exclusion: lid-tc-rate and lid-slip-rate are mutually exclusive
lid-window
Description Rate-Limiting Interval in Seconds (default is one)
Type: number
Range: 1-60
Default: 1
lidnum
Description Specify a limit ID
Type: number
Range: 1-1023
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-list_rpz-list¶
Specification Value Type list Block object keys logging
Description: logging is a JSON Block. Please see below for dns-list_rpz-list_logging
Type: Object
Reference Object: /axapi/v3/slb/template/dns/{name}/rpz/{seq-id}/logging
name
Description Specify a Response Policy Zone name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
seq-id
Description sequential id of RPZ
Type: number
Range: 1-8
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-list_rpz-list_logging¶
Specification Value Type object enable
Description Log RPZ triggered action
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
rpz-action
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-list_rpz-list_logging_rpz-action¶
Specification Value Type list Block object keys str-rpz-action
Description ‘drop’: Log RPZ due to drop action; ‘pass-thru’: Log RPZ due to pass-thru action; ‘nxdomain’: Log RPZ due to nxdomain action; ‘nodata’: Log RPZ due to nodata action; ‘tcp-only’: Log RPZ due to tcp-only action; ‘local-data’: Log RPZ due to local-data action;
Type: string
Supported Values: drop, pass-thru, nxdomain, nodata, tcp-only, local-data
dns-list_recursive-dns-resolution¶
Specification Value Type object csubnet-retry
Description retry when server REFUSED AX inserted EDNS(0) subnet, works only when insert-client-subnet is configured
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
default-recursive
Description Default recursive mode, forward query to bound service-group if hostnames matched
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dnssec-validation
Description ‘enabled’: Enable DNSSEC validation; ‘disabled’: Disable DNSSEC validation;
Type: string
Supported Values: enabled, disabled
Default: disabled
fast-ns-selection
Description ‘enabled’: Enable fast NS selection; ‘disabled’: Disable fast NS selection;
Type: string
Supported Values: enabled, disabled
Default: enabled
force-cname-resolution
Description ‘enabled’: Force CNAME resolution always; ‘disabled’: Use answer record in CNAME response if it exists, else resolve;
Type: string
Supported Values: enabled, disabled
Default: enabled
full-response
Description Serve all records (authority and additional) when applicable
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
gateway-health-check
Description: gateway-health-check is a JSON Block. Please see below for dns-list_recursive-dns-resolution_gateway-health-check
Type: Object
Reference Object: /axapi/v3/slb/template/dns/{name}/recursive-dns-resolution/gateway-health-check
host-list-cfg
Type: Listipv4-nat-pool
Description IPv4 Source NAT pool or pool group
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ip/nat/pool
ipv6-nat-pool
Description IPv6 Source NAT pool or pool group
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ipv6/nat/pool
lookup-order
Description: lookup-order is a JSON Block. Please see below for dns-list_recursive-dns-resolution_lookup-order
Type: Object
Reference Object: /axapi/v3/slb/template/dns/{name}/recursive-dns-resolution/lookup-order
max-trials
Description Total number of times to try DNS query to server before closing client connection, default 255
Type: number
Range: 1-255
Default: 255
ns-cache-lookup
Description ‘disabled’: Disable NS Cache Lookup; ‘enabled’: Enable NS Cache Lookup;
Type: string
Supported Values: disabled, enabled
Default: enabled
request-for-pending-resolution
Description ‘drop’: Drop of the request during ongoing; ‘respond-with-servfail’: Respond with SERVFAIL of the request during ongoing; ‘start-new-resolution’: Start new resolution of the request during ongoing;
Type: string
Supported Values: drop, respond-with-servfail, start-new-resolution
Default: respond-with-servfail
retries-per-level
Description Number of DNS query retries at each server level before closing client connection, default 6
Type: number
Range: 1-6
Default: 6
udp-initial-interval
Description UDP DNS Retry Interval value 1-6, default is 5 sec (1-6, default is 5sec)
Type: number
Range: 1-6
Default: 5
udp-retry-interval
Description UDP DNS Retry Interval value 1-6, default is 1 sec (1-6 , default is 1 sec)
Type: number
Range: 1-6
Default: 1
use-client-qid
Description Use client side query id for recursive query
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
use-service-group-response
Description ‘disabled’: Start Recursive Resolver if Server response doesnt have final answer; ‘enabled’: Forward Backend Server response to client and dont start recursive resolver;
Type: string
Supported Values: disabled, enabled
Default: enabled
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-list_recursive-dns-resolution_lookup-order¶
Specification Value Type object query-type
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-list_recursive-dns-resolution_lookup-order_query-type¶
Specification Value Type list Block object keys num-query-type
Description Other query type value
Type: number
Range: 1-65535
order
Description ‘ipv4-precede-ipv6’: Recursive lookup via IPv4 then IPv6; ‘ipv6-precede-ipv4’: Recursive lookup via IPv6 then IPv4;
Type: string
Supported Values: ipv4-precede-ipv6, ipv6-precede-ipv4
str-query-type
Description ‘A’: Address record; ‘AAAA’: IPv6 Address record; ‘CNAME’: Canonical name record; ‘MX’: Mail exchange record; ‘NS’: Name server record; ‘SRV’: Service locator; ‘PTR’: PTR resource record; ‘SOA’: Start of authority record; ‘TXT’: Text record; ‘ANY’: All cached record;
Type: string
Supported Values: A, AAAA, CNAME, MX, NS, SRV, PTR, SOA, TXT, ANY
dns-list_recursive-dns-resolution_gateway-health-check¶
Specification Value Type object gwhc-ns-cache-lookup
Description ‘disabled’: Disable NS Cache Lookup; ‘enabled’: Enable NS Cache Lookup;
Type: string
Supported Values: disabled, enabled
Default: disabled
interval
Description Specify the health check interval, default is 10 sec (Interval value, in seconds (default 10))
Type: number
Range: 1-300
Default: 10
num-query-type
Description Other record type value
Type: number
Range: 1-65535
Mutual Exclusion: num-query-type and str-query-type are mutually exclusive
query-name
Description Specify the query name used in probe queries, default “a10networks.com”
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
Default: a10networks.com
retry
Description Maximum number of DNS query retries at each server level before health check fails, default 6 (Retry count (default 6))
Type: number
Range: 1-6
Default: 6
retry-multi
Description Specify number of times that health check consecutively fails before declaring gateway DOWN, default 1 (retry-multi count (default 1))
Type: number
Range: 1-10
Default: 1
str-query-type
Description ‘A’: Address record; ‘AAAA’: IPv6 Address record; ‘CNAME’: Canonical name record; ‘MX’: Mail exchange record; ‘NS’: Name server record; ‘SRV’: Service locator; ‘PTR’: PTR resource record; ‘SOA’: Start of authority record; ‘TXT’: Text record;
Type: string
Supported Values: A, AAAA, CNAME, MX, NS, SRV, PTR, SOA, TXT
Default: A
Mutual Exclusion: str-query-type and num-query-type are mutually exclusive
timeout
Description Specify the health check timeout before retrying or finish, default is 5 sec (Timeout value, in seconds (default 5))
Type: number
Range: 1-6
Default: 5
up-retry
Description Specify number of times that health check consecutively passes before declaring gateway UP, default 1 (up-retry count (default 1))
Type: number
Range: 1-10
Default: 1
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-list_recursive-dns-resolution_host-list-cfg¶
Specification Value Type list Block object keys hostnames
Description Hostnames class-list name (dns type), perform resolution while query name matched
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
dns-list_class-list¶
Specification Value Type object lid-list
Type: List
Reference Object: /axapi/v3/slb/template/dns/{name}/class-list/lid/{lidnum}
name
Description Specify a class list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-list_class-list_lid-list¶
Specification Value Type list Block object keys action-value
Description ‘dns-cache-disable’: Disable DNS cache when it exceeds limit; ‘dns-cache-enable’: Enable DNS cache when it exceeds limit; ‘forward’: Forward the traffic even it exceeds limit;
Type: string
Supported Values: dns-cache-disable, dns-cache-enable, forward
conn-rate-limit
Description Connection rate limit
Type: number
Range: 1-2147483647
dns
Description: dns is a JSON Block. Please see below for dns-list_class-list_lid-list_dns
Type: Object
lidnum
Description Specify a limit ID
Type: number
Range: 1-1023
lockout
Description Don’t accept any new connection for certain time (Lockout duration in minutes)
Type: number
Range: 1-1023
log
Description Log a message
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-interval
Description Log interval (minute, by default system will log every over limit instance)
Type: number
Range: 1-255
over-limit-action
Description Action when exceeds limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
per
Description Per (Number of 100ms)
Type: number
Range: 1-65535
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-list_class-list_lid-list_dns¶
Specification Value Type object cache-action
Description ‘cache-disable’: Disable dns cache; ‘cache-enable’: Enable dns cache;
Type: string
Supported Values: cache-disable, cache-enable
Default: cache-disable
honor-server-response-ttl
Description Honor the server reponse TTL
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ttl
Description TTL for cache entry (TTL in seconds)
Type: number
Range: 1-65535
weight
Description Weight for cache entry
Type: number
Range: 1-7
dns-list_dns64¶
Specification Value Type object cache
Description Use a cached A-query response to provide AAAA query responses for the same hostname
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
change-query
Description Always change incoming AAAA DNS Query to A
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable
Description Enable DNS64 (Need to config this option before config any other dns64 options)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
parallel-query
Description Forward AAAA Query & generate A Query in parallel
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
retry
Description Retry count, default is 3 (Retry Number)
Type: number
Range: 0-15
Default: 3
single-response-disable
Description Disable Single Response which is used to avoid ambiguity
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
timeout
Description Timeout to send additional Queries, unit: second, default is 1
Type: number
Range: 0-15
Default: 1
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-list_udp-retransmit¶
Specification Value Type object max-trials
Description Total number of times to try DNS query to server before closing client connection, default 3
Type: number
Range: 1-5
Default: 3
retry-interval
Description DNS Retry Interval value 1 - 400 in units of 100ms, default is 10 (default is 1000ms) (1 - 400 in units of 100ms, default is 10 (1000ms/1sec))
Type: number
Range: 1-400
Default: 10
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-list_query-class-filter¶
Specification Value Type object query-class
Type: Listquery-class-action
Description ‘allow’: Allow only certain DNS query classes; ‘deny’: Deny only certain DNS query classes;
Type: string
Supported Values: allow, deny
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-list_query-class-filter_query-class¶
Specification Value Type list Block object keys num-query-class
Description Other query class value
Type: number
Range: 1-65535
str-query-class
Description ‘INTERNET’: INTERNET query class; ‘CHAOS’: CHAOS query class; ‘HESIOD’: HESIOD query class; ‘NONE’: NONE query class; ‘ANY’: ANY query class;
Type: string
Supported Values: INTERNET, CHAOS, HESIOD, NONE, ANY
dns-list_local-dns-resolution¶
Specification Value Type object host-list-cfg
Type: Listlocal-resolver-cfg
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-list_local-dns-resolution_host-list-cfg¶
Specification Value Type list Block object keys hostnames
Description Hostnames class-list name (dns type)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
dns-list_local-dns-resolution_local-resolver-cfg¶
Specification Value Type list Block object keys local-resolver
Description Local dns servers (address)
Type: string
Format: ipv4-address
dns-list_negative-dns-cache¶
Specification Value Type object bypass-query-threshold
Description the threshold bypass the query, default is 100
Type: number
Range: 1-65535
Default: 100
enable-negative-dns-cache
Description Enable DNS negative cache (Need to turn-on the dns-cache for this feature)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-negative-cache-ttl
Description Max negative cache ttl, default is 2 hours
Type: number
Range: 0-604800
Default: 7200
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-list_query-type-filter¶
Specification Value Type object query-type
Type: Listquery-type-action
Description ‘allow’: Allow only certain DNS query types; ‘deny’: Deny only certain DNS query types;
Type: string
Supported Values: allow, deny
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-list_query-type-filter_query-type¶
Specification Value Type list Block object keys num-query-type
Description Other record type value
Type: number
Range: 1-65535
str-query-type
Description ‘A’: Address record; ‘AAAA’: IPv6 Address record; ‘CNAME’: Canonical name record; ‘MX’: Mail exchange record; ‘NS’: Name server record; ‘SRV’: Service locator; ‘PTR’: PTR resource record; ‘SOA’: Start of authority record; ‘TXT’: Text record; ‘ANY’: All cached record;
Type: string
Supported Values: A, AAAA, CNAME, MX, NS, SRV, PTR, SOA, TXT, ANY
http-list¶
Specification Value Type list Block object keys 100-cont-wait-for-req-complete
Description When REQ has Expect 100 and response is not 100, then wait for whole request to be sent
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allowed-methods
Description Enable allowed-method check (List of allowed HTTP methods)
Type: string
Format: string-rlx
Maximum Length: 1023 characters
Maximum Length: 1 characters
Mutual Exclusion: allowed-methods and disallowed-methods are mutually exclusive
allowed-methods-action
Description ‘drop’: Respond 400 directly;
Type: string
Supported Values: drop
Default: drop
bypass-sg
Description Select service group for non-http traffic (Service Group Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
client-idle-timeout
Description Client session timeout if the next request is not received (timeout in seconds. 0 means disable, default is 0)
Type: number
Range: 0-120
Default: 0
client-ip-hdr-replace
Description Replace the existing header
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-port-hdr-replace
Description Replace the existing header
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
compression-auto-disable-on-high-cpu
Description Auto-disable software compression on high cpu usage (Disable compression if cpu usage is above threshold. Default is off.)
Type: number
Range: 1-100
compression-br-level
Description brotli compression level, default 1 (brotli compression level value, default is 1)
Type: number
Range: 1-9
Default: 1
compression-br-sliding-window-size
Description brotli compression sliding window size, default 10 (brotli compression sliding window size in the form of log (i.e., 10 means 1k-16MB bytes))
Type: number
Range: 10-24
compression-content-type
Type: Listcompression-enable
Description Enable Compression
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
compression-exclude-content-type
Type: Listcompression-exclude-uri
Type: Listcompression-keep-accept-encoding
Description Keep accept encoding
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
compression-keep-accept-encoding-enable
Description Enable Server Accept Encoding
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
compression-level
Description gzip compression level, default 1 (gzip compression level value, default is 1)
Type: number
Range: 1-9
Default: 1
compression-method-order
Description Method Order (Order to decide which compression algorithm to be applied when multiple algorithms are acceptable)
Type: string
Format: string-rlx
Maximum Length: 11 characters
Maximum Length: 11 characters
compression-minimum-content-length
Description Minimum Content Length (Minimum content length for compression in bytes. Default is 120.)
Type: number
Range: 1-2147483647
Default: 120
cookie-format
Description ‘rfc6265’: Follow rfc6265;
Type: string
Supported Values: rfc6265
cookie-samesite
Description ‘none’: none; ‘lax’: lax; ‘strict’: strict;
Type: string
Supported Values: none, lax, strict
default-charset
Description ‘iso-8859-1’: Use ISO-8859-1 as the default charset; ‘utf-8’: Use UTF-8 as the default charset; ‘us-ascii’: Use US-ASCII as the default charset;
Type: string
Supported Values: iso-8859-1, utf-8, us-ascii
Default: utf-8
disallowed-methods
Description Enable disallowed-method check (List of disallowed HTTP methods)
Type: string
Format: string-rlx
Maximum Length: 1023 characters
Maximum Length: 1 characters
Mutual Exclusion: disallowed-methods and allowed-methods are mutually exclusive
disallowed-methods-action
Description ‘drop’: Respond 400 directly;
Type: string
Supported Values: drop
Default: drop
failover-url
Description Failover to this URL (Failover URL Name)
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
frame-limit
Description Limit the number of CONTINUATION, PING, PRIORITY, RESET, SETTINGS and empty frames in one HTTP2 connection, default 10000
Type: number
Range: 0-65535
Default: 10000
host-switching
Type: Listhttp-protocol-check
Description: http-protocol-check is a JSON Block. Please see below for http-list_http-protocol-check
Type: Object
Reference Object: /axapi/v3/slb/template/http/{name}/http-protocol-check
http2-client-no-snat
Description Set max-concurrent-stream = 1 when the client side is HTTP2 and no source-nat configuration is under vport
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
insert-client-ip
Description Insert Client IP address into HTTP header
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
insert-client-ip-header-name
Description HTTP Header Name for inserting Client IP
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
insert-client-port
Description Insert Client Port address into HTTP header
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
insert-client-port-header-name
Description HTTP Header Name for inserting Client Port
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
keep-client-alive
Description Keep client alive
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-retry
Description log when HTTP request retry
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-concurrent-streams
Description (http2 only) Max concurrent streams, default 50
Type: number
Range: 1-1000
Default: 50
name
Description HTTP Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
non-http-bypass
Description Bypass non-http traffic instead of dropping
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
persist-on-401
Description Persist to the same server if the response code is 401
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
prefix
Description ‘host’: the cookie will have been set with a Secure attribute, a Path attribute with a value of /, and no Domain attribute; ‘secure’: the cookie will have been set with a Secure attribute; ‘check’: check server prefix and enforce prefix format;
Type: string
Supported Values: host, secure, check
rd-port
Description Port (Port Number)
Type: number
Range: 1-65535
Mutual Exclusion: rd-port and rd-simple-loc are mutually exclusive
rd-resp-code
Description ‘301’: Moved Permanently; ‘302’: Found; ‘303’: See Other; ‘307’: Temporary Redirect;
Type: string
Supported Values: 301, 302, 303, 307
rd-secure
Description Use HTTPS
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: rd-secure and rd-simple-loc are mutually exclusive
rd-simple-loc
Description Redirect location tag absolute URI string
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
Mutual Exclusion: rd-simple-loc, rd-secure, and rd-port are mutually exclusive
redirect
Description Automatically send a redirect response
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
redirect-rewrite
Description: redirect-rewrite is a JSON Block. Please see below for http-list_redirect-rewrite
Type: Object
req-hdr-wait-time
Description HTTP request header wait time before abort connection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
req-hdr-wait-time-val
Description Number of seconds wait for client request header (default is 7)
Type: number
Range: 1-31
Default: 7
request-header-erase-list
Type: Listrequest-header-insert-list
Type: Listrequest-line-case-insensitive
Description Parse http request line as case insensitive
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
request-timeout
Description Request timeout if response not received (timeout in seconds)
Type: number
Range: 1-120
response-content-replace-list
Type: Listresponse-header-erase-list
Type: Listresponse-header-insert-list
Type: Listretry-on-5xx
Description Retry http request on HTTP 5xx code and request timeout
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: retry-on-5xx and retry-on-5xx-per-req are mutually exclusive
retry-on-5xx-per-req
Description Retry http request on HTTP 5xx code for each request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: retry-on-5xx-per-req and retry-on-5xx are mutually exclusive
retry-on-5xx-per-req-val
Description Number of times to retry (default is 3)
Type: number
Range: 1-3
Default: 3
retry-on-5xx-val
Description Number of times to retry (default is 3)
Type: number
Range: 1-3
Default: 3
server-support-http2-only
Description Notify the vport regarding whether server supports http2 only
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-support-http2-only-value
Description ‘auto-detect’: Commuincate with the server via HTTP/2 when an support-http2-only rport is detected; ‘force’: Communicate with the server via HTTP/2 when possible;
Type: string
Supported Values: auto-detect, force
Default: auto-detect
stream-cancellation-limit
Description cancellation limit, default 0 (accumulated cancellation limit value, default is 0)
Type: number
Range: 0-1000
Default: 0
stream-cancellation-rate
Description cancellation rate, default 10 (cancellation rate value, default is 10)
Type: number
Range: 0-1000
Default: 10
strict-transaction-switch
Description Force server selection on every HTTP request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template
Description: template is a JSON Block. Please see below for http-list_template
Type: Object
term-11client-hdr-conn-close
Description Terminate HTTP 1.1 client when req has Connection: close
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
url-hash-first
Description Use the begining part of URL to calculate hash value (URL string length to calculate hash value)
Type: number
Range: 4-128
Mutual Exclusion: url-hash-first and url-hash-last are mutually exclusive
url-hash-last
Description Use the end part of URL to calculate hash value (URL string length to calculate hash value)
Type: number
Range: 4-128
Mutual Exclusion: url-hash-last and url-hash-first are mutually exclusive
url-hash-offset
Description Skip part of URL to calculate hash value (Offset of the URL string)
Type: number
Range: 0-255
url-hash-persist
Description Use URL’s hash value to select server
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
url-switching
Type: Listuse-server-status
Description Use Server-Status header to do URL hashing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
http-list_request-header-erase-list¶
Specification Value Type list Block object keys request-header-erase
Description Erase a header from HTTP request (Header Name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-list_redirect-rewrite¶
Specification Value Type object match-list
Type: Listredirect-secure
Description Use HTTPS
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
redirect-secure-port
Description Port (Port Number)
Type: number
Range: 1-65535
Default: 443
http-list_redirect-rewrite_match-list¶
Specification Value Type list Block object keys redirect-match
Description URL Matching (Pattern URL String)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
rewrite-to
Description Rewrite to Destination URL String
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-list_response-header-insert-list¶
Specification Value Type list Block object keys response-header-insert
Description Insert a header into HTTP response (Header Content (Format: “[name]:[value]”))
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
response-header-insert-type
Description ‘insert-if-not-exist’: Only insert the header when it does not exist; ‘insert-always’: Always insert the header even when there is a header with the same name;
Type: string
Supported Values: insert-if-not-exist, insert-always
http-list_response-header-erase-list¶
Specification Value Type list Block object keys response-header-erase
Description Erase a header from HTTP response (Header Name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-list_template¶
Specification Value Type object logging
Description Logging template (Logging Config name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/logging
http-list_url-switching¶
Specification Value Type list Block object keys url-match-string
Description URL String
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
url-service-group
Description Create a Service Group comprising Servers (Service Group Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
url-switching-type
Description ‘contains’: Select service group if URL string contains another string; ‘ends-with’: Select service group if URL string ends with another string; ‘equals’: Select service group if URL string equals another string; ‘starts-with’: Select service group if URL string starts with another string; ‘regex-match’: Select service group if URL string matches with regular expression; ‘url-case-insensitive’: Case insensitive URL switching; ‘url-hits-enable’: Enables URL Hits;
Type: string
Supported Values: contains, ends-with, equals, starts-with, regex-match, url-case-insensitive, url-hits-enable
http-list_response-content-replace-list¶
Specification Value Type list Block object keys response-content-replace
Description replace the data from HTTP response content (String in the http content need to be replaced)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
response-new-string
Description String will be in the http content
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
http-list_http-protocol-check¶
Specification Value Type object get-and-payload
Description ‘drop’: Drop the request and send 400 to the client side;
Type: string
Supported Values: drop
h2up-content-length-alias
Description ‘drop’: Drop the request and send 400 to the client side;
Type: string
Supported Values: drop
h2up-with-host-and-auth
Description ‘drop’: Drop the request and send 400 to the client side;
Type: string
Supported Values: drop
h2up-with-transfer-encoding
Description ‘drop’: Drop the request and send 400 to the client side;
Type: string
Supported Values: drop
header-filter-rule-list
Type: List
Reference Object: /axapi/v3/slb/template/http/{name}/http-protocol-check/header-filter-rule/{seq-num}
malformed-h2up-header-value
Description ‘drop’: Drop the request and send 400 to the client side;
Type: string
Supported Values: drop
malformed-h2up-scheme-value
Description ‘drop’: Drop the request and send 400 to the client side;
Type: string
Supported Values: drop
multiple-content-length
Description ‘drop’: Drop the request and send 400 to the client side;
Type: string
Supported Values: drop
multiple-transfer-encoding
Description ‘drop’: Drop the request and send 400 to the client side;
Type: string
Supported Values: drop
transfer-encoding-and-content-length
Description ‘drop’: Drop the request and Send 400 to the client side;
Type: string
Supported Values: drop
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
http-list_http-protocol-check_header-filter-rule-list¶
Specification Value Type list Block object keys action-value
Description ‘drop’: Drop the request;
Type: string
Supported Values: drop
header-name-value
Description Header name value
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
header-value-value
Description Header value
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
match-type-value
Description ‘full-text’: Full text match; ‘pcre’: PCRE match;
Type: string
Supported Values: full-text, pcre
seq-num
Description Specify a sequence number
Type: number
Range: 0-4
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
http-list_request-header-insert-list¶
Specification Value Type list Block object keys request-header-insert
Description Insert a header into HTTP request (Header Content (Format: “[name]:[value]”))
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
request-header-insert-type
Description ‘insert-if-not-exist’: Only insert the header when it does not exist; ‘insert-always’: Always insert the header even when there is a header with the same name;
Type: string
Supported Values: insert-if-not-exist, insert-always
http-list_host-switching¶
Specification Value Type list Block object keys host-match-string
Description Hostname String
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
host-service-group
Description Create a Service Group comprising Servers (Service Group Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
host-switching-type
Description ‘contains’: Select service group if hostname contains another string; ‘ends-with’: Select service group if hostname ends with another string; ‘equals’: Select service group if hostname equals another string; ‘starts-with’: Select service group if hostname starts with another string; ‘regex-match’: Select service group if URL string matches with regular expression; ‘host-hits-enable’: Enables Host Hits counters;
Type: string
Supported Values: contains, ends-with, equals, starts-with, regex-match, host-hits-enable
http-list_compression-content-type¶
Specification Value Type list Block object keys content-type
Description Compression content-type
Type: string
Format: string-rlx
Maximum Length: 31 characters
Maximum Length: 1 characters
http-list_compression-exclude-uri¶
Specification Value Type list Block object keys exclude-uri
Description Compression exclude uri
Type: string
Format: string-rlx
Maximum Length: 31 characters
Maximum Length: 1 characters
http-list_compression-exclude-content-type¶
Specification Value Type list Block object keys exclude-content-type
Description Compression exclude content-type (Compression exclude content type)
Type: string
Format: string-rlx
Maximum Length: 31 characters
Maximum Length: 1 characters
dns-logging-list¶
Specification Value Type list Block object keys disable
Description Disable DNS Logging template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-logging-protocol
Description ‘both’: Log DNS over tcp and udp; ‘tcp’: Log DNS over tcp; ‘udp’: Log DNS over udp;
Type: string
Supported Values: both, tcp, udp
dns-logging-request-section
Description ‘all’: Log DNS header and question section; ‘header’: Log DNS header information; ‘question’: Log DNS question section;
Type: string
Supported Values: all, header, question
dns-logging-response-section
Description ‘all’: Log DNS header information, answer, authority, additional section content; ‘header’: Log DNS header information; ‘answer’: Log DNS header information and answer section content;
Type: string
Supported Values: all, header, answer
dns-logging-type
Description ‘query’: DNS Query Logging; ‘response’: DNS Response Logging; ‘both’: DNS Query and Response Logging;
Type: string
Supported Values: query, response, both
name
Description DNS Logging Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
response-type
Description: response-type is a JSON Block. Please see below for dns-logging-list_response-type
Type: Object
Reference Object: /axapi/v3/slb/template/dns-logging/{name}/response-type
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-logging-list_response-type¶
Specification Value Type object config
Description start config the response type detail
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
type-list
Type: List
Reference Object: /axapi/v3/slb/template/dns-logging/{name}/response-type/type/{response-type-name}
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-logging-list_response-type_type-list¶
Specification Value Type list Block object keys caa-type-limit-num
Description Limit the field length
Type: number
Range: 0-256
Default: 0
Mutual Exclusion: caa-type-limit-num and caa-type-no-limit are mutually exclusive
caa-type-no-limit
Description Print the field as much as possible
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: caa-type-no-limit and caa-type-limit-num are mutually exclusive
digest
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dnskey-type-limit-num
Description Limit the field length
Type: number
Range: 0-256
Default: 0
Mutual Exclusion: dnskey-type-limit-num and dnskey-type-no-limit are mutually exclusive
dnskey-type-no-limit
Description Print the field as much as possible
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: dnskey-type-no-limit and dnskey-type-limit-num are mutually exclusive
ds-type-limit-num
Description Limit the field length
Type: number
Range: 0-256
Default: 0
Mutual Exclusion: ds-type-limit-num and ds-type-no-limit are mutually exclusive
ds-type-no-limit
Description Print the field as much as possible
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: ds-type-no-limit and ds-type-limit-num are mutually exclusive
length-limit-flag
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
naptr-type-limit-num
Description Limit the field length
Type: number
Range: 0-256
Default: 0
Mutual Exclusion: naptr-type-limit-num and naptr-type-no-limit are mutually exclusive
naptr-type-no-limit
Description Print the field as much as possible
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: naptr-type-no-limit and naptr-type-limit-num are mutually exclusive
opt-type-limit-num
Description Limit the field length
Type: number
Range: 0-256
Default: 0
Mutual Exclusion: opt-type-limit-num and opt-type-no-limit are mutually exclusive
opt-type-no-limit
Description Print the field as much as possible
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: opt-type-no-limit and opt-type-limit-num are mutually exclusive
other-data
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
public-key
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
rdata-field
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
response-type-name
Description ‘TXT’: TXT; ‘RRSIG’: RRSIG; ‘TSIG’: TSIG; ‘DNSKEY’: DNSKEY; ‘DS’: DS; ‘CAA’: CAA; ‘NAPTR’: NAPTR; ‘OPT’: OPT;
Type: string
Supported Values: TXT, RRSIG, TSIG, DNSKEY, DS, CAA, NAPTR, OPT
rrsig-type-limit-num
Description Limit the field length
Type: number
Range: 0-256
Default: 0
Mutual Exclusion: rrsig-type-limit-num and rrsig-type-no-limit are mutually exclusive
rrsig-type-no-limit
Description Print the field as much as possible
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: rrsig-type-no-limit and rrsig-type-limit-num are mutually exclusive
service-field
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
signature
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tsig-type-limit-num
Description Limit the field length
Type: number
Range: 0-256
Default: 0
Mutual Exclusion: tsig-type-limit-num and tsig-type-no-limit are mutually exclusive
tsig-type-no-limit
Description Print the field as much as possible
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: tsig-type-no-limit and tsig-type-limit-num are mutually exclusive
txt-data
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
txt-type-limit-num
Description Limit the field length
Type: number
Range: 0-256
Default: 0
Mutual Exclusion: txt-type-limit-num and txt-type-no-limit are mutually exclusive
txt-type-no-limit
Description Print the field as much as possible
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: txt-type-no-limit and txt-type-limit-num are mutually exclusive
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
value-field
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
virtual-port-list¶
Specification Value Type list Block object keys aflow
Description Use aFlow to eliminate the traffic surge
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-syn-otherflags
Description Allow initial SYN packet with other flags
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-vip-to-rport-mapping
Description Allow mapping of VIP to real port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
conn-limit
Description Connection limit
Type: number
Range: 1-64000000
Default: 64000000
conn-limit-no-logging
Description Do not log connection over limit event
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
conn-limit-reset
Description Send client reset when connection over limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
conn-rate-limit
Description Connection rate limit
Type: number
Range: 1-1048575
conn-rate-limit-no-logging
Description Do not log connection over limit event
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
conn-rate-limit-reset
Description Send client reset when connection rate over limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-unknown-conn
Description Drop conection if receives TCP packet without SYN or RST flag and it does not belong to any existing connections
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dscp
Description Differentiated Services Code Point (DSCP to Real Server IP Mapping Value)
Type: number
Range: 1-63
ignore-tcp-msl
Description reclaim TCP resource immediately without MSL
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-options
Description ‘no-logging’: Do not log over limit event; ‘no-repeat-logging’: log once for over limit event. Default is log once per minute;
Type: string
Supported Values: no-logging, no-repeat-logging
name
Description Virtual port template name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Default: default
non-syn-initiation
Description Allow initial TCP packet to be non-SYN
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
pkt-rate-interval
Description ‘100ms’: Source IP and port rate limit per 100ms; ‘second’: Source IP and port rate limit per second (default);
Type: string
Supported Values: 100ms, second
Default: second
pkt-rate-limit-reset
Description send client-side reset (reset after packet limit)
Type: number
Range: 0-1048575
Default: 0
pkt-rate-type
Description ‘src-ip-port’: Source IP and port rate limit; ‘src-port’: Source port rate limit;
Type: string
Supported Values: src-ip-port, src-port
rate
Description Source IP and port rate limit (Packet rate limit)
Type: number
Range: 1-1048575
rate-interval
Description ‘100ms’: Use 100 ms as sampling interval; ‘second’: Use 1 second as sampling interval;
Type: string
Supported Values: 100ms, second
Default: second
reset-l7-on-failover
Description Send reset to L7 client and server connection upon a failover
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
reset-unknown-conn
Description Send reset back if receives TCP packet without SYN or RST flag and it does not belong to any existing connections
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
snat-msl
Description Source NAT MSL (Source NAT MSL value (seconds))
Type: number
Range: 1-1800
snat-port-preserve
Description Source NAT Port Preservation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
when-rr-enable
Description Only do rate limit if CPU RR triggered
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
mqtt-list¶
Specification Value Type list Block object keys clientid-hash-first
Description Use the begining part of client ID to calculate hash value (client ID string length to calculate hash value)
Type: number
Range: 4-128
clientid-hash-last
Description Use the end part of Client ID to calculate hash value (Client ID length to calculate hash value)
Type: number
Range: 4-128
clientid-hash-offset
Description Skip part of Client ID to calculate hash value (Offset of the Client ID)
Type: number
Range: 0-255
clientid-hash-persist
Description Use Client ID’s hash value to select server
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description MQTT Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
cipher-list¶
Specification Value Type list Block object keys cipher-cfg
Type: Listcipher13-cfg
Type: Listname
Description Cipher Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
cipher-list_cipher13-cfg¶
Specification Value Type list Block object keys cipher13-suite
Description ‘TLS_AES_256_GCM_SHA384’: TLS_AES_256_GCM_SHA384 (0x1302); ‘TLS_CHACHA20_POLY1305_SHA256’: TLS_CHACHA20_POLY1305_SHA256 (0x1303); ‘TLS_AES_128_GCM_SHA256’: TLS_AES_128_GCM_SHA256 (0x1301);
Type: string
Supported Values: TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256
priority
Description Cipher priority (Cipher priority (default 1))
Type: number
Range: 1-100
Default: 1
cipher-list_cipher-cfg¶
Specification Value Type list Block object keys cipher-suite
Description ‘SSL3_RSA_DES_192_CBC3_SHA’: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A); ‘SSL3_RSA_RC4_128_MD5’: TLS_RSA_WITH_RC4_128_MD5 (0x0004); ‘SSL3_RSA_RC4_128_SHA’: TLS_RSA_WITH_RC4_128_SHA (0x0005); ‘TLS1_RSA_AES_128_SHA’: TLS_RSA_WITH_AES_128_CBC_SHA (0x002F); ‘TLS1_RSA_AES_256_SHA’: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035); ‘TLS1_RSA_AES_128_SHA256’: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003C); ‘TLS1_RSA_AES_256_SHA256’: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003D); ‘TLS1_DHE_RSA_AES_128_GCM_SHA256’: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009E); ‘TLS1_DHE_RSA_AES_128_SHA’: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033); ‘TLS1_DHE_RSA_AES_128_SHA256’: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067); ‘TLS1_DHE_RSA_AES_256_GCM_SHA384’: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009F); ‘TLS1_DHE_RSA_AES_256_SHA’: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039); ‘TLS1_DHE_RSA_AES_256_SHA256’: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006B); ‘TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256’: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xC02B); ‘TLS1_ECDHE_ECDSA_AES_128_SHA’: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xC009); ‘TLS1_ECDHE_ECDSA_AES_128_SHA256’: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xC023); ‘TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384’: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xC02C); ‘TLS1_ECDHE_ECDSA_AES_256_SHA’: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xC00A); ‘TLS1_ECDHE_RSA_AES_128_GCM_SHA256’: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC02F); ‘TLS1_ECDHE_RSA_AES_128_SHA’: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013); ‘TLS1_ECDHE_RSA_AES_128_SHA256’: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027); ‘TLS1_ECDHE_RSA_AES_256_GCM_SHA384’: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030); ‘TLS1_ECDHE_RSA_AES_256_SHA’: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014); ‘TLS1_RSA_AES_128_GCM_SHA256’: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009C); ‘TLS1_RSA_AES_256_GCM_SHA384’: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009D); ‘TLS1_ECDHE_RSA_AES_256_SHA384’: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028); ‘TLS1_ECDHE_ECDSA_AES_256_SHA384’: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xC024); ‘TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256’: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA8); ‘TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256’: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA9); ‘TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256’: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCAA); ‘TLS1_ECDHE_SM2_WITH_SMS4_SM3’: TLS_ECDHE_SM2_WITH_SMS4_SM3 (0xE102); ‘TLS1_ECDHE_SM2_WITH_SMS4_SHA256’: TLS_ECDHE_SM2_WITH_SMS4_SHA256 (0xE105); ‘TLS1_ECDHE_SM2_WITH_SMS4_GCM_SM3’: TLS_ECDHE_SM2_WITH_SMS4_GCM_SM3 (0xE107);
Type: string
Supported Values: SSL3_RSA_DES_192_CBC3_SHA, SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, TLS1_RSA_AES_128_SHA, TLS1_RSA_AES_256_SHA, TLS1_RSA_AES_128_SHA256, TLS1_RSA_AES_256_SHA256, TLS1_DHE_RSA_AES_128_GCM_SHA256, TLS1_DHE_RSA_AES_128_SHA, TLS1_DHE_RSA_AES_128_SHA256, TLS1_DHE_RSA_AES_256_GCM_SHA384, TLS1_DHE_RSA_AES_256_SHA, TLS1_DHE_RSA_AES_256_SHA256, TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256, TLS1_ECDHE_ECDSA_AES_128_SHA, TLS1_ECDHE_ECDSA_AES_128_SHA256, TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA, TLS1_ECDHE_RSA_AES_128_GCM_SHA256, TLS1_ECDHE_RSA_AES_128_SHA, TLS1_ECDHE_RSA_AES_128_SHA256, TLS1_ECDHE_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA, TLS1_RSA_AES_128_GCM_SHA256, TLS1_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA384, TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256, TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256, TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256, TLS1_ECDHE_SM2_WITH_SMS4_SM3, TLS1_ECDHE_SM2_WITH_SMS4_SHA256, TLS1_ECDHE_SM2_WITH_SMS4_GCM_SM3
priority
Description Cipher priority (Cipher priority (default 1))
Type: number
Range: 1-100
Default: 1
policy-list¶
Specification Value Type list Block object keys bw-list-id
Type: Listbw-list-name
Description Specify a blacklist/whitelist name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list
Description: class-list is a JSON Block. Please see below for policy-list_class-list
Type: Object
Reference Object: /axapi/v3/slb/template/policy/{name}/class-list
forward-policy
Description: forward-policy is a JSON Block. Please see below for policy-list_forward-policy
Type: Object
Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy
full-domain-tree
Description Share counters between geo-location and sub regions
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
interval
Description Log interval (minute)
Type: number
Range: 1-255
name
Description Policy template name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
over-limit
Description Specify operation in case over limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
over-limit-lockup
Description Don’t accept any new connection for certain time (Lockup duration (minute))
Type: number
Range: 1-127
over-limit-logging
Description Log a message
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
over-limit-reset
Description Reset the connection when it exceeds limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
overlap
Description Use overlap mode for geo-location to do longest match
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sampling-enable
Type: Listshare
Description Share counters between virtual ports and virtual servers
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
timeout
Description Define timeout value of PBSLB dynamic entry (Timeout value (minute, default is 5))
Type: number
Range: 1-127
Default: 5
use-destination-ip
Description Use destination IP to match the policy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
policy-list_forward-policy¶
Specification Value Type object acos-event-log
Description Enable acos event logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
action-list
Type: List
Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/action/{name}
dual-stack-action-list
Type: List
Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/dual-stack-action/{name}
enable-adv-match
Description Enable adv-match rules and deactive all the other kinds of destination rules
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
filtering
Type: Listforward-http-connect-to-icap
Description Forward HTTP CONNECT request to ICAP server
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
local-logging
Description Enable local logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
no-client-conn-reuse
Description Inspects only first request of a connection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
reqmod-icap
Description ICAP reqmod template (Reqmod ICAP Template Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/reqmod-icap
require-web-category
Description Wait for web category to be resolved before taking proxy decision
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
san-filtering
Type: Listsource-list
Type: List
Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
policy-list_forward-policy_filtering¶
Specification Value Type list Block object keys ssli-url-filtering
Description ‘bypassed-sni-disable’: Disable SNI filtering for bypassed URL’s(enabled by default); ‘intercepted-sni-enable’: Enable SNI filtering for intercepted URL’s(disabled by default); ‘intercepted-http-disable’: Disable HTTP(host/URL) filtering for intercepted URL’s(enabled by default); ‘no-sni-allow’: Allow connection if SNI filtering is enabled and SNI header is not present(Drop by default);
Type: string
Supported Values: bypassed-sni-disable, intercepted-sni-enable, intercepted-http-disable, no-sni-allow
policy-list_forward-policy_san-filtering¶
Specification Value Type list Block object keys ssli-url-filtering-san
Description ‘enable-san’: Enable SAN filtering(disabled by default); ‘bypassed-san-disable’: Disable SAN filtering for bypassed URL’s(enabled by default); ‘intercepted-san-enable’: Enable SAN filtering for intercepted URL’s(disabled by default); ‘no-san-allow’: Allow connection if SAN filtering is enabled and SAN field is not present(Drop by default);
Type: string
Supported Values: enable-san, bypassed-san-disable, intercepted-san-enable, no-san-allow
policy-list_forward-policy_action-list¶
Specification Value Type list Block object keys action1
Description ‘forward-to-internet’: Forward request to Internet; ‘forward-to-service-group’: Forward request to service group; ‘forward-to-proxy’: Forward request to HTTP proxy server; ‘drop’: Drop request;
Type: string
Supported Values: forward-to-internet, forward-to-service-group, forward-to-proxy, drop
drop-message
Description drop-message sent to the client as webpage(html tags are included and quotation marks are required for white spaces)
Type: string
Format: string-rlx
Maximum Length: 1023 characters
Maximum Length: 1 characters
Mutual Exclusion: drop-message and drop-redirect-url are mutually exclusive
drop-redirect-url
Description Specify URL to which client request is redirected upon being dropped
Type: string
Format: string-rlx
Maximum Length: 1023 characters
Maximum Length: 1 characters
Mutual Exclusion: drop-redirect-url, drop-response-code, and drop-message are mutually exclusive
drop-response-code
Description Specify response code for drop action
Type: number
Range: 100-599
Mutual Exclusion: drop-response-code and drop-redirect-url are mutually exclusive
fake-sg
Description service group to forward the packets to Internet
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
fall-back
Description Fallback service group for Internet
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
fall-back-snat
Description Source NAT pool or pool group for fallback server
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: fall-back-snat and fall-back-snat-pt-only are mutually exclusive
fall-back-snat-pt-only
Description Source port translation only for fallback server
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: fall-back-snat-pt-only and fall-back-snat are mutually exclusive
forward-snat
Description Source NAT pool or pool group
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: forward-snat and forward-snat-pt-only are mutually exclusive
forward-snat-pt-only
Description Source port translation only
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: forward-snat-pt-only and forward-snat are mutually exclusive
http-status-code
Description ‘301’: Moved permanently; ‘302’: Found;
Type: string
Supported Values: 301, 302
Default: 302
log
Description enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description Action policy name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
proxy-chaining
Description Enable proxy chaining feature
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
proxy-chaining-bypass
Description Forward all https packets to upstream proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
real-sg
Description service group to forward the packets
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
sampling-enable
Type: Listsupport-cert-fetch
Description Fetch server certificate by upstream proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
policy-list_forward-policy_action-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘hits’: Number of requests matching this destination rule;
Type: string
Supported Values: all, hits
policy-list_forward-policy_dual-stack-action-list¶
Specification Value Type list Block object keys fall-back
Description Fallback service group
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
fall-back-snat
Description Source NAT pool or pool group for fallback
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ip/nat/pool
ipv4
Description IPv4 service group to forward
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
ipv4-snat
Description IPv4 source NAT pool or pool group
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ip/nat/pool
ipv6
Description IPv6 service group to forward
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
ipv6-snat
Description IPv6 source NAT pool or pool group
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ipv6/nat/pool
log
Description enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description Action name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
policy-list_forward-policy_dual-stack-action-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘hits’: Number of requests forward by this action;
Type: string
Supported Values: all, hits
policy-list_forward-policy_source-list¶
Specification Value Type list Block object keys destination
Description: destination is a JSON Block. Please see below for policy-list_forward-policy_source-list_destination
Type: Object
Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination
match-any
Description Match any source
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: match-any and match-class-list are mutually exclusive
match-authorize-policy
Description Authorize-policy for user and group based policy
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/aam/authorization/policy
match-class-list
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: match-class-list and match-any are mutually exclusive
name
Description source destination match rule name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
priority
Description Priority of the source(higher the number higher the priority, default 0)
Type: number
Range: 1-2000
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
policy-list_forward-policy_source-list_destination¶
Specification Value Type object adv-match-list
Type: List
Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination/adv-match/{priority}
any
Description: any is a JSON Block. Please see below for policy-list_forward-policy_source-list_destination_any
Type: Object
Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination/any
class-list-list
Type: List
Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination/class-list/{dest-class-list}
web-category-list-list
Type: List
Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination/web-category-list/{web-category-list}
web-reputation-scope-list
policy-list_forward-policy_source-list_destination_class-list-list¶
Specification Value Type list Block object keys action
Description Action to be performed
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
dest-class-list
Description Destination Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dual-stack-action
Description Dual-stack action to be performed
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
priority
Description Priority value of the action(higher the number higher the priority)
Type: number
Range: 1-1024
type
Description ‘host’: Match hostname; ‘url’: Match URL; ‘ip’: Match destination IP address;
Type: string
Supported Values: host, url, ip
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
policy-list_forward-policy_source-list_destination_web-category-list-list¶
Specification Value Type list Block object keys action
Description Action to be performed
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
dual-stack-action
Description Dual-stack action to be performed
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
priority
Description Priority value of the action(higher the number higher the priority)
Type: number
Range: 1-1024
type
Description ‘host’: Match hostname; ‘url’: match URL;
Type: string
Supported Values: host, url
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
web-category-list
Description Destination Web Category List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/web-category/category-list
policy-list_forward-policy_source-list_destination_any¶
Specification Value Type object action
Description Action to be performed
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: action and dual-stack-action are mutually exclusive
dual-stack-action
Description Dual-stack action to be performed
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dual-stack-action and action are mutually exclusive
sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
policy-list_forward-policy_source-list_destination_any_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘hits’: Number of requests matching this destination rule;
Type: string
Supported Values: all, hits
policy-list_forward-policy_source-list_destination_adv-match-list¶
Specification Value Type list Block object keys action
Description Forwading action of this rule
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: action and dual-stack-action are mutually exclusive
disable-reqmod-icap
Description Disable REQMOD ICAP template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-respmod-icap
Description Disable RESPMOD ICAP template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dual-stack-action
Description Forwarding action of this rule
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dual-stack-action and action are mutually exclusive
match-host
Description Match request host (HTTP stage) or SNI/SAN (SSL stage)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
match-http-content-encoding
Description Match the value of HTTP header “Content-Encoding”
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
match-http-content-length-range-begin
Description Match the value of HTTP header “Content-Length” with an inclusive range
Type: number
Range: 0-2147483647
match-http-content-length-range-end
Description End of the “Content-Length” range
Type: number
Range: 0-2147483647
match-http-content-type
Description Match the value of HTTP header “Content-Type”
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
match-http-header
Description Matching the name of all request headers
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
match-http-method-connect
Description Match HTTP request method CONNECT
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-http-method-delete
Description Match HTTP request method DELETE
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-http-method-get
Description Match HTTP request method GET
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-http-method-head
Description Match HTTP request method HEAD
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-http-method-options
Description Match HTTP request method OPTIONS
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-http-method-patch
Description Match HTTP request method PATCH
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-http-method-post
Description Match HTTP request method POST
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-http-method-put
Description Match HTTP request method PUT
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-http-method-trace
Description Match HTTP request method TRACE
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-http-request-file-extension
Description Match file extension of URL in HTTP request line
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
match-http-url
Description Match URL in HTTP request line
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
match-http-url-regex
Description Match URI in HTTP request line by given regular expression
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
match-http-user-agent
Description Matching the value of HTTP header “User-Agent”
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
match-server-address
Description Match target server IP address
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
match-server-port
Description Match target server port number
Type: number
Range: 1-65535
Mutual Exclusion: match-server-port and match-server-port-range-begin are mutually exclusive
match-server-port-range-begin
Description Math targer server port range inclusively
Type: number
Range: 1-65535
Mutual Exclusion: match-server-port-range-begin and match-server-port are mutually exclusive
match-server-port-range-end
Description End of port range
Type: number
Range: 1-65535
match-time-range
Description Enable rule in this time-range
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/forward-proxy/time-range
match-web-category-list
Description Match web-category list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/web-category/category-list
match-web-reputation-scope
Description Match web-reputation scope
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/web-category/reputation-scope
notify-page
Description Send notify-page to client
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/forward-proxy/notify-page
priority
Description Rule priority (1000 is highest)
Type: number
Range: 1-1000
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
policy-list_forward-policy_source-list_destination_adv-match-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘hits’: Number of requests hit this rule;
Type: string
Supported Values: all, hits
policy-list_forward-policy_source-list_destination_web-reputation-scope-list¶
Specification Value Type list Block object keys action
Description Action to be performed
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
dual-stack-action
Description Dual-stack action to be performed
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
priority
Description Priority value of the action(higher the number higher the priority)
Type: number
Range: 1-1024
type
Description ‘host’: Match hostname; ‘url’: match URL;
Type: string
Supported Values: host, url
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
web-reputation-scope
Description Destination Web Reputation Scope Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/web-category/reputation-scope
policy-list_forward-policy_source-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘hits’: Number of requests matching this source rule; ‘destination-match-not-found’: Number of requests without matching destination rule; ‘no-host-info’: Failed to parse ip or host information from request;
Type: string
Supported Values: all, hits, destination-match-not-found, no-host-info
policy-list_class-list¶
Specification Value Type object client-ip-l3-dest
Description Use destination IP as client IP address
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: client-ip-l3-dest and client-ip-l7-header are mutually exclusive
client-ip-l7-header
Description Use extract client IP address from L7 header
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: client-ip-l7-header and client-ip-l3-dest are mutually exclusive
header-name
Description Specify L7 header name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
lid-list
Type: List
Reference Object: /axapi/v3/slb/template/policy/{name}/class-list/lid/{lidnum}
name
Description Class list name or geo-location-class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
policy-list_class-list_lid-list¶
Specification Value Type list Block object keys action-value
Description ‘forward’: Forward the traffic even it exceeds limit; ‘reset’: Reset the connection when it exceeds limit;
Type: string
Supported Values: forward, reset
bw-per
Description Per (Specify interval in number of 100ms)
Type: number
Range: 1-65535
bw-rate-limit
Description Specify bandwidth rate limit (Bandwidth rate limit in bytes)
Type: number
Range: 1-2147483647
conn-limit
Description Connection limit
Type: number
Range: 0-1048575
conn-per
Description Per (Specify interval in number of 100ms)
Type: number
Range: 1-65535
conn-rate-limit
Description Specify connection rate limit
Type: number
Range: 1-2147483647
direct-action
Description Set action when match the lid
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
direct-action-interval
Description Specify logging interval in minute (default is 3)
Type: number
Range: 0-60
Default: 3
direct-action-value
Description ‘drop’: drop the packet; ‘reset’: Send reset back;
Type: string
Supported Values: drop, reset
Mutual Exclusion: direct-action-value and direct-service-group are mutually exclusive
direct-fail
Description Only log unsuccessful connections
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
direct-logging-drp-rst
Description Configure PBSLB logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
direct-pbslb-interval
Description Specify logging interval in minutes(default is 3)
Type: number
Range: 0-60
Default: 3
direct-pbslb-logging
Description Configure PBSLB logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
direct-service-group
Description Specify a service group (Specify the service group name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: direct-service-group and direct-action-value are mutually exclusive
Reference Object: /axapi/v3/slb/service-group
dns64
Description: dns64 is a JSON Block. Please see below for policy-list_class-list_lid-list_dns64
Type: Object
interval
Description Specify log interval in minutes, by default system will log every over limit instance
Type: number
Range: 1-255
lidnum
Description Specify a limit ID
Type: number
Range: 1-1023
lockout
Description Don’t accept any new connection for certain time (Lockout duration in minutes)
Type: number
Range: 1-1023
log
Description Log a message
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
over-limit-action
Description Set action when exceeds limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
request-limit
Description Request limit (Specify request limit)
Type: number
Range: 1-1048575
request-per
Description Per (Specify interval in number of 100ms)
Type: number
Range: 1-65535
request-rate-limit
Description Request rate limit (Specify request rate limit)
Type: number
Range: 1-4294967295
response-code-rate-limit
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
policy-list_class-list_lid-list_dns64¶
Specification Value Type object disable
Description Disable
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exclusive-answer
Description Exclusive Answer in DNS Response
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
prefix
Description IPv6 prefix
Type: string
Format: ipv6-address-plen
policy-list_class-list_lid-list_response-code-rate-limit¶
Specification Value Type list Block object keys code-range-end
Description server response code range end
Type: number
Range: 100-600
code-range-start
Description server response code range start
Type: number
Range: 100-600
period
Description seconds
Type: number
Range: 1-127
threshold
Description the times of getting the response code
Type: number
Range: 1-15
policy-list_bw-list-id¶
Specification Value Type list Block object keys action-interval
Description Specify logging interval in minute (default is 3)
Type: number
Range: 0-60
Default: 3
bw-list-action
Description ‘drop’: drop the packet; ‘reset’: Send reset back;
Type: string
Supported Values: drop, reset
Mutual Exclusion: bw-list-action and service-group are mutually exclusive
fail
Description Only log unsuccessful connections
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
id
Description Specify id that maps to service group (The id number)
Type: number
Range: 0-1023
logging-drp-rst
Description Configure PBSLB logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
pbslb-interval
Description Specify logging interval in minutes
Type: number
Range: 0-60
Default: 3
pbslb-logging
Description Configure PBSLB logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
service-group
Description Specify a service group (Specify the service group name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: service-group and bw-list-action are mutually exclusive
Reference Object: /axapi/v3/slb/service-group
policy-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘fwd-policy-dns-unresolved’: Forward-policy unresolved DNS queries; ‘fwd-policy-dns-outstanding’: Forward-policy current DNS outstanding requests; ‘fwd-policy-snat-fail’: Forward-policy source-nat translation failure; ‘fwd-policy-hits’: Number of forward-policy requests for this policy template; ‘fwd-policy-forward-to-internet’: Number of forward-policy requests forwarded to internet; ‘fwd-policy-forward-to-service-group’: Number of forward-policy requests forwarded to service group; ‘fwd-policy-forward-to-proxy’: Number of forward-policy requests forwarded to proxy; ‘fwd-policy-policy-drop’: Number of forward-policy requests dropped; ‘fwd-policy-source-match-not-found’: Forward-policy requests without matching source rule; ‘exp-client-hello-not-found’: Expected Client HELLO requests not found;
Type: string
Supported Values: all, fwd-policy-dns-unresolved, fwd-policy-dns-outstanding, fwd-policy-snat-fail, fwd-policy-hits, fwd-policy-forward-to-internet, fwd-policy-forward-to-service-group, fwd-policy-forward-to-proxy, fwd-policy-policy-drop, fwd-policy-source-match-not-found, exp-client-hello-not-found
server-list¶
Specification Value Type list Block object keys add
Description Slow start connection limit add by a number every interval (Add by this number every interval)
Type: number
Range: 1-4095
Mutual Exclusion: add and times are mutually exclusive
bw-rate-limit
Description Configure bandwidth rate limit on real server (Bandwidth rate limit in Kbps)
Type: number
Range: 1-16777216
bw-rate-limit-acct
Description ‘to-server-only’: Only account for traffic sent to server; ‘from-server-only’: Only account for traffic received from server; ‘all’: Account for all traffic sent to and received from server;
Type: string
Supported Values: to-server-only, from-server-only, all
Default: all
bw-rate-limit-duration
Description Duration in seconds the observed rate needs to honor
Type: number
Range: 1-250
bw-rate-limit-no-logging
Description Do not log bandwidth rate limit related state transitions
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
bw-rate-limit-resume
Description Resume server selection after bandwidth drops below this threshold (in Kbps) (Bandwidth rate limit resume threshold (in Kbps))
Type: number
Range: 1-16777216
conn-limit
Description Connection limit
Type: number
Range: 1-64000000
Default: 64000000
conn-limit-no-logging
Description Do not log connection over limit event
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
conn-rate-limit
Description Connection rate limit
Type: number
Range: 1-1048575
conn-rate-limit-no-logging
Description Do not log connection over limit event
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-fail-interval
Description The interval to retry when DNS failed to query (DNS failure interval (in second, default is 30))
Type: number
Range: 0-1800
Default: 30
dns-query-interval
Description The interval to query DNS server for the hostname (DNS query interval (in minute, default is 10))
Type: number
Range: 1-1440
Default: 10
dynamic-server-prefix
Description Prefix of dynamic server (Prefix of dynamic server (default is “DRS”))
Type: string
Maximum Length: 3 characters
Maximum Length: 1 characters
Default: DRS
every
Description Slow start connection limit increment interval (default 10)
Type: number
Range: 1-60
Default: 10
extended-stats
Description Enable extended statistics on real server
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
health-check
Description Health Check Monitor (Health monitor name)
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: health-check and health-check-disable are mutually exclusive
Reference Object: /axapi/v3/health/monitor
health-check-disable
Description Disable configured health check configuration
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: health-check-disable and health-check are mutually exclusive
initial-slow-start
Description Initial slow start connection limit (default 128)
Type: number
Range: 1-4095
Default: 128
log-selection-failure
Description Enable real-time logging for server selection failure event
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-dynamic-server
Description Maximum dynamic server number (Maximum dynamic server number (default is 255))
Type: number
Range: 1-1023
Default: 255
min-ttl-ratio
Description Minimum TTL to DNS query interval ratio (Minimum TTL ratio (default is 2))
Type: number
Range: 1-15
Default: 2
name
Description Server template name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Default: default
rate-interval
Description ‘100ms’: Use 100 ms as sampling interval; ‘second’: Use 1 second as sampling interval;
Type: string
Supported Values: 100ms, second
Default: second
resume
Description Resume accepting new connection after connection number drops below threshold (Connection resume threshold)
Type: number
Range: 1-1048575
slow-start
Description Slowly ramp up the connection number after server is up
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
spoofing-cache
Description Servers under the template are spoofing cache
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
stats-data-action
Description ‘stats-data-enable’: Enable statistical data collection for real server; ‘stats-data-disable’: Disable statistical data collection for real server;
Type: string
Supported Values: stats-data-enable, stats-data-disable
Default: stats-data-enable
till
Description Slow start ends when slow start connection limit reaches a number (default 4096) (Slow start ends when connection limit reaches this number)
Type: number
Range: 1-65535
Default: 4096
times
Description Slow start connection limit multiply by a number every interval (default 2) (Multiply by this number every interval)
Type: number
Range: 2-10
Default: 2
Mutual Exclusion: times and add are mutually exclusive
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
weight
Description Weight for the Real Servers (Connection Weight (default is 1))
Type: number
Range: 1-1000
Default: 1
monitor-list¶
Specification Value Type list Block object keys clear-cfg
Type: Listid
Description Monitor template ID Number
Type: number
Range: 1-16
link-disable-cfg
Type: Listlink-down-cfg
Type: Listlink-enable-cfg
Type: Listlink-up-cfg
Type: Listmonitor-relation
Description ‘monitor-and’: Configures the monitors in current template to work with AND logic; ‘monitor-or’: Configures the monitors in current template to work with OR logic;
Type: string
Supported Values: monitor-and, monitor-or
Default: monitor-and
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
monitor-list_clear-cfg¶
Specification Value Type list Block object keys clear-all-sequence
Description Sequence number (Specify the port physical port number)
Type: number
Range: 1-16
clear-sequence
Description Specify the port physical port number
Type: number
Range: 1-16
sessions
Description ‘all’: Clear all sessions; ‘sequence’: Sequence number;
Type: string
Supported Values: all, sequence
monitor-list_link-enable-cfg¶
Specification Value Type list Block object keys ena-sequence
Description Sequence number (Specify the physical port number)
Type: number
Range: 1-16
enaeth
Description Specify the physical port number (Ethernet interface number)
Type: number
Format: interface
monitor-list_link-up-cfg¶
Specification Value Type list Block object keys link-up-sequence1
Description Sequence number (Specify the port physical port number)
Type: number
Range: 1-16
link-up-sequence2
Description Sequence number (Specify the port physical port number)
Type: number
Range: 1-16
link-up-sequence3
Description Sequence number (Specify the port physical port number)
Type: number
Range: 1-16
linkup-ethernet1
Description Specify the port physical port number (Ethernet interface number)
Type: number
Format: interface
linkup-ethernet2
Description Specify the port physical port number (Ethernet interface number)
Type: number
Format: interface
linkup-ethernet3
Description Specify the port physical port number (Ethernet interface number)
Type: number
Format: interface
monitor-list_link-down-cfg¶
Specification Value Type list Block object keys link-down-sequence1
Description Sequence number (Specify the port physical port number)
Type: number
Range: 1-16
link-down-sequence2
Description Sequence number (Specify the port physical port number)
Type: number
Range: 1-16
link-down-sequence3
Description Sequence number (Specify the port physical port number)
Type: number
Range: 1-16
linkdown-ethernet1
Description Specify the port physical port number (Ethernet interface number)
Type: number
Format: interface
linkdown-ethernet2
Description Specify the port physical port number (Ethernet interface number)
Type: number
Format: interface
linkdown-ethernet3
Description Specify the port physical port number (Ethernet interface number)
Type: number
Format: interface
monitor-list_link-disable-cfg¶
Specification Value Type list Block object keys dis-sequence
Description Sequence number (Specify the physical port number)
Type: number
Range: 1-16
diseth
Description Specify the physical port number (Ethernet interface number)
Type: number
Format: interface
tcp-proxy-list¶
Specification Value Type list Block object keys ack-aggressiveness
Description ‘low’: Delayed ACK; ‘medium’: Delayed ACK, with ACK on each packet with PUSH flag; ‘high’: ACK on each packet;
Type: string
Supported Values: low, medium, high
Default: low
alive-if-active
Description keep connection alive if active traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
backend-wscale
Description The TCP window scale used for the server side, default is off (number)
Type: number
Range: 1-14
del-session-on-server-down
Description Delete session if the server/port goes down (either disabled/hm down)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable
Description send reset to client when server is disabled
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: disable and down are mutually exclusive
disable-abc
Description Appropriate Byte Counting RFC 3465 Disabled, default is enabled (Appropriate Byte Counting (ABC) is enabled by default)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-sack
Description disable Selective Ack Option
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-tcp-timestamps
Description disable TCP Timestamps Option
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-window-scale
Description disable TCP Window-Scale Option
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
down
Description send reset to client when server is down
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: down and disable are mutually exclusive
dynamic-buffer-allocation
Description Optimally adjust the transmit and receive buffer sizes of TCP proxy while keeping their sum constant
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
early-retransmit
Description Configure the Early-Retransmit Algorithm (RFC 5827) (Early-Retransmit is disabled by default)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fin-timeout
Description FIN timeout (sec), default is disabled (number)
Type: number
Range: 1-60
force-delete-timeout
Description The maximum time that a session can stay in the system before being deleted, default is off (number (second))
Type: number
Range: 1-31
Mutual Exclusion: force-delete-timeout and force-delete-timeout-100ms are mutually exclusive
force-delete-timeout-100ms
Description The maximum time that a session can stay in the system before being deleted, default is off (number in 100ms)
Type: number
Range: 1-31
Mutual Exclusion: force-delete-timeout-100ms and force-delete-timeout are mutually exclusive
half-close-idle-timeout
Description TCP Half Close Idle Timeout (sec), default is off (cmd is deprecated, use fin-timeout instead) (number)
Type: number
Range: 60-120
half-open-idle-timeout
Description TCP Half Open Idle Timeout (sec), default is off (number)
Type: number
Range: 1-60
idle-timeout
Description Idle Timeout (Interval of 60 seconds), default is 600 (idle timeout in second, default 600)
Type: number
Range: 1-2097151
Default: 600
init-cwnd
Description The initial congestion control window size (packets), default is 10 (init-cwnd in packets, default 10)
Type: number
Range: 1-15
Default: 10
initial-window-size
Description Set the initial window size, default is off (number)
Type: number
Range: 1-65535
insert-client-ip
Description Insert client ip into TCP option
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
invalid-rate-limit
Description Invalid Packet Response Rate Limit (ms), default is 500 (number default 500 challenges)
Type: number
Range: 0-60000000
Default: 500
keepalive-interval
Description Interval between keepalive probes (sec), default is off (number (seconds))
Type: number
Range: 60-12000
keepalive-probes
Description Number of keepalive probes sent, default is off
Type: number
Range: 2-10
limited-slowstart
Description RFC 3742 Limited Slow-Start for TCP with Large Congestion Windows (number)
Type: number
Range: 0-2147483647
Default: 0
maxburst
Description The max packet count sent per transmission event (number)
Type: number
Range: 1-100
Default: 25
min-rto
Description The minmum retransmission timeout, default is 200ms (number)
Type: number
Range: 100-1000
Default: 200
mss
Description Responding MSS to use if client MSS is large, default is off (number)
Type: number
Range: 128-9000
Default: 1460
nagle
Description Enable Nagle Algorithm
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
naked-ack-on-handshake
Description Send naked ack before data during 3-way handshake
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description TCP Proxy Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Default: default
proxy-header
Description: proxy-header is a JSON Block. Please see below for tcp-proxy-list_proxy-header
Type: Object
psh-flag-optimization
Description Enable Optimized PSH Flag Use
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
qos
Description QOS level (number)
Type: number
Range: 1-63
reassembly-limit
Description The reassembly queuing limit, default is 25 segments (number)
Type: number
Range: 1-500
Default: 25
reassembly-timeout
Description The reassembly timeout, default is 30sec (number)
Type: number
Range: 1-300
Default: 30
receive-buffer
Description TCP Receive Buffer (default 200k) (number default 200000 bytes)
Type: number
Range: 1-2147483647
Default: 200000
reno
Description Enable Reno Congestion Control Algorithm
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
reset-fwd
Description send reset to server if error happens
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
reset-rev
Description send reset to client if error happens
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
retransmit-retries
Description Number of Retries for Retransmit, default is 5
Type: number
Range: 1-20
Default: 5
server-down-action
Description ‘FIN’: FIN Connection; ‘RST’: Reset Connection;
Type: string
Supported Values: FIN, RST
syn-retries
Description SYN Retry Numbers, default is 5
Type: number
Range: 1-20
Default: 5
timewait
Description Timewait Threshold (sec), default 5 (number)
Type: number
Range: 1-60
Default: 5
transmit-buffer
Description TCP Transmit Buffer (default 200k) (number default 200000 bytes)
Type: number
Range: 1-2147483647
Default: 200000
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
tcp-proxy-list_proxy-header¶
Specification Value Type object proxy-header-action
Description ‘insert’: Insert proxy header;
Type: string
Supported Values: insert
version
Description ‘v1’: version 1; ‘v2’: version 2;
Type: string
Supported Values: v1, v2
ftp-list¶
Specification Value Type list Block object keys active-mode-port
Description Non-Standard FTP Active mode port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
active-mode-port-val
Description Non-Standard FTP Active mode port
Type: number
Range: 1-65534
Mutual Exclusion: active-mode-port-val and any are mutually exclusive
any
Description Allow any FTP Active mode port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: any and active-mode-port-val are mutually exclusive
name
Description FTP template name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
to
Description End range of FTP Active mode port
Type: number
Range: 1-65534
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
imap-pop3-list¶
Specification Value Type list Block object keys logindisabled
Description Disable Login before STARTTLS.Works only for imap
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description IMAP-POP3 Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
starttls
Description ‘disabled’: Disable STARTTLS; ‘optional’: STARTTLS is optional requirement; ‘enforced’: Must issue STARTTLS command before imap transaction;
Type: string
Supported Values: disabled, optional, enforced
Default: disabled
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
server-ssl-list¶
Specification Value Type list Block object keys alert-type
Description ‘fatal’: Log fatal alerts;
Type: string
Supported Values: fatal
ca-certs
Type: Listcertificate
Description: certificate is a JSON Block. Please see below for server-ssl-list_certificate
Type: Object
Reference Object: /axapi/v3/slb/template/server-ssl/{name}/certificate
cipher-template
Description Cipher Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: cipher-template, cipher-wo-prio, and shared-partition-cipher-template are mutually exclusive
Reference Object: /axapi/v3/slb/template/cipher
cipher-without-prio-list
Type: Listclose-notify
Description Send close notification when terminate connection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
crl-certs
Type: Listdgversion
Description Lower TLS/SSL version can be downgraded
Type: number
Range: 30-34
Default: 31
dh-type
Description ‘1024’: 1024; ‘1024-dsa’: 1024-dsa; ‘2048’: 2048;
Type: string
Supported Values: 1024, 1024-dsa, 2048
early-data
Description Enable TLS 1.3 early data (0-RTT)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ec-list
Type: Listenable-ssli-ftp-alg
Description Enable SSLi FTP over TLS support at which port
Type: number
Range: 1-65535
enable-tls-alert-logging
Description Enable TLS alert logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-enable
Description Enable SSL forward proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
handshake-logging-enable
Description Enable SSL handshake logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description Server SSL Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
ocsp-stapling
Description Enable ocsp-stapling support
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
renegotiation-disable
Description Disable SSL renegotiation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-certificate-error
Type: Listserver-name
Description Specify Server Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
session-cache-size
Description Session Cache Size (Maximum cache size. Default value 0 (Session ID reuse disabled))
Type: number
Range: 0-128
Default: 0
session-cache-timeout
Description Session Cache Timeout (Timeout value, in seconds. Default no timeout.)
Type: number
Range: 1-7200
session-ticket-enable
Description Enable server side session ticket support
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
shared-partition-cipher-template
Description Reference a cipher template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: shared-partition-cipher-template, cipher-wo-prio, and cipher-template are mutually exclusive
ssli-logging
Description SSLi logging level, default is error logging only
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sslilogging
Description ‘disable’: Disable all logging; ‘all’: enable all logging(error, info);
Type: string
Supported Values: disable, all
template-cipher-shared
Description Cipher Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/cipher
use-client-sni
Description use client SNI
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
version
Description TLS/SSL version, default is the highest number supported (TLS/SSL version: 30-SSLv3.0, 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3)
Type: number
Range: 30-34
Default: 33
server-ssl-list_crl-certs¶
Specification Value Type list Block object keys crl
Description Certificate Revocation Lists (Certificate Revocation Lists file name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
crl-partition-shared
Description Certificate Revocation Lists Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-ssl-list_certificate¶
Specification Value Type object cert
Description Certificate Name
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)key
Description Client private-key (Key Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
shared
Description Client Certificate and Key Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
server-ssl-list_ec-list¶
Specification Value Type list Block object keys ec
Description ‘secp256r1’: X9_62_prime256v1; ‘secp384r1’: secp384r1;
Type: string
Supported Values: secp256r1, secp384r1
server-ssl-list_server-certificate-error¶
Specification Value Type list Block object keys error-type
Description ‘email’: Notify the error via email; ‘ignore’: Ignore the error, which mean the connection can continue; ‘logging’: Log the error; ‘trap’: Notify the error by SNMP trap;
Type: string
Supported Values: email, ignore, logging, trap
server-ssl-list_ca-certs¶
Specification Value Type list Block object keys ca-cert
Description Specify CA certificate
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
ca-cert-partition-shared
Description CA Certificate Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-ocsp-sg
Description Specify service-group (Service group name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/aam/authentication/service-group
server-ocsp-srvr
Description Specify authentication server
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/aam/authentication/server/ocsp
server-ssl-list_cipher-without-prio-list¶
Specification Value Type list Block object keys cipher-wo-prio
Description ‘SSL3_RSA_DES_192_CBC3_SHA’: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A); ‘SSL3_RSA_RC4_128_MD5’: TLS_RSA_WITH_RC4_128_MD5 (0x0004); ‘SSL3_RSA_RC4_128_SHA’: TLS_RSA_WITH_RC4_128_SHA (0x0005); ‘TLS1_RSA_AES_128_SHA’: TLS_RSA_WITH_AES_128_CBC_SHA (0x002F); ‘TLS1_RSA_AES_256_SHA’: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035); ‘TLS1_RSA_AES_128_SHA256’: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003C); ‘TLS1_RSA_AES_256_SHA256’: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003D); ‘TLS1_DHE_RSA_AES_128_GCM_SHA256’: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009E); ‘TLS1_DHE_RSA_AES_128_SHA’: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033); ‘TLS1_DHE_RSA_AES_128_SHA256’: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067); ‘TLS1_DHE_RSA_AES_256_GCM_SHA384’: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009F); ‘TLS1_DHE_RSA_AES_256_SHA’: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039); ‘TLS1_DHE_RSA_AES_256_SHA256’: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006B); ‘TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256’: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xC02B); ‘TLS1_ECDHE_ECDSA_AES_128_SHA’: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xC009); ‘TLS1_ECDHE_ECDSA_AES_128_SHA256’: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xC023); ‘TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384’: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xC02C); ‘TLS1_ECDHE_ECDSA_AES_256_SHA’: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xC00A); ‘TLS1_ECDHE_RSA_AES_128_GCM_SHA256’: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC02F); ‘TLS1_ECDHE_RSA_AES_128_SHA’: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013); ‘TLS1_ECDHE_RSA_AES_128_SHA256’: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027); ‘TLS1_ECDHE_RSA_AES_256_GCM_SHA384’: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030); ‘TLS1_ECDHE_RSA_AES_256_SHA’: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014); ‘TLS1_RSA_AES_128_GCM_SHA256’: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009C); ‘TLS1_RSA_AES_256_GCM_SHA384’: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009D); ‘TLS1_ECDHE_RSA_AES_256_SHA384’: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028); ‘TLS1_ECDHE_ECDSA_AES_256_SHA384’: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xC024); ‘TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256’: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA8); ‘TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256’: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA9); ‘TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256’: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCAA);
Type: string
Supported Values: SSL3_RSA_DES_192_CBC3_SHA, SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, TLS1_RSA_AES_128_SHA, TLS1_RSA_AES_256_SHA, TLS1_RSA_AES_128_SHA256, TLS1_RSA_AES_256_SHA256, TLS1_DHE_RSA_AES_128_GCM_SHA256, TLS1_DHE_RSA_AES_128_SHA, TLS1_DHE_RSA_AES_128_SHA256, TLS1_DHE_RSA_AES_256_GCM_SHA384, TLS1_DHE_RSA_AES_256_SHA, TLS1_DHE_RSA_AES_256_SHA256, TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256, TLS1_ECDHE_ECDSA_AES_128_SHA, TLS1_ECDHE_ECDSA_AES_128_SHA256, TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA, TLS1_ECDHE_RSA_AES_128_GCM_SHA256, TLS1_ECDHE_RSA_AES_128_SHA, TLS1_ECDHE_RSA_AES_128_SHA256, TLS1_ECDHE_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA, TLS1_RSA_AES_128_GCM_SHA256, TLS1_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA384, TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256, TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256, TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256
Mutual Exclusion: cipher-wo-prio, cipher-template, and shared-partition-cipher-template are mutually exclusive