slb template client-ssl¶
Client SSL Template
client-ssl Specification¶
Parameter Value Type Collection Object Key(s) name Collection Name client-ssl-list Collection URI /axapi/v3/slb/template/client-ssl Element Name client-ssl Element URI /axapi/v3/slb/template/client-ssl/{name} Element Attributes client-ssl_attributes Partition Visibility shared Operational Data URI /axapi/v3/slb/template/client-ssl/{name}/oper Schema client-ssl schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/slb/template/client-ssl | ||
Create List | POST | /axapi/v3/slb/template/client-ssl | ||
Get Object | GET | /axapi/v3/slb/template/client-ssl/{name} | ||
Get List | GET | /axapi/v3/slb/template/client-ssl | ||
Modify Object | POST | /axapi/v3/slb/template/client-ssl/{name} | ||
Replace Object | PUT | /axapi/v3/slb/template/client-ssl/{name} | ||
Replace List | PUT | /axapi/v3/slb/template/client-ssl | ||
Delete Object | DELETE | /axapi/v3/slb/template/client-ssl/{name} | ||
client-ssl-list¶
client-ssl-list is JSON List of client-ssl attributes
client-ssl-list : [
]
client-ssl attributes¶
ad-group-list
Description Forward proxy bypass if ad-group matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
alert-type
Description ‘fatal’: Log fatal alerts;
Type: string
Supported Values: fatal
auth-sg
Description Specify authorization LDAP service group
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: auth-sg and authen-name are mutually exclusive
Reference Object: /axapi/v3/aam/authentication/service-group
auth-sg-dn
Description Use Subject DN as LDAP search base DN
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
auth-sg-filter
Description Specify LDAP search filter
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
auth-username
Description Specify the Username Field in the Client Certificate(If multi-fields are specificed, prior one has higher priority)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
auth-username-attribute
Description Specify attribute name of username for client SSL authorization
Type: string
Format: string-rlx
Maximum Length: 31 characters
Maximum Length: 1 characters
authen-name
Description Specify authorization LDAP server name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: authen-name and auth-sg are mutually exclusive
Reference Object: /axapi/v3/aam/authentication/server/ldap
authorization
Description Specify LDAP server for client SSL authorizaiton
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
bypass-cert-issuer-class-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: bypass-cert-issuer-class-list-name and bypass-cert-issuer-multi-class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
bypass-cert-issuer-multi-class-list
Type: Listbypass-cert-san-class-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: bypass-cert-san-class-list-name and bypass-cert-san-multi-class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
bypass-cert-san-multi-class-list
Type: Listbypass-cert-subject-class-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: bypass-cert-subject-class-list-name and bypass-cert-subject-multi-class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
bypass-cert-subject-multi-class-list
Type: Listca-certs
Type: Listcache-persistence-list-name
Description Class List Name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
case-insensitive
Description Case insensitive forward proxy bypass
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
central-cert-pin-list
Description Forward proxy bypass if SNI string is contained in central updated cert-pinning-candidate list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cert-revoke-action
Description ‘bypass’: bypass SSLi processing; ‘continue’: continue the connection; ‘drop’: close the connection; ‘block’: block the connection with a warning page;
Type: string
Supported Values: bypass, continue, drop, block
Default: bypass
cert-unknown-action
Description ‘bypass’: bypass SSLi processing; ‘continue’: continue the connection; ‘drop’: close the connection; ‘block’: block the connection with a warning page;
Type: string
Supported Values: bypass, continue, drop, block
Default: bypass
certificate-issuer-contains-list
Type: Listcertificate-issuer-ends-with-list
Type: Listcertificate-issuer-equals-list
Type: Listcertificate-issuer-starts-with-list
Type: Listcertificate-list
Type: List
Reference Object: /axapi/v3/slb/template/client-ssl/{name}/certificate/{cert}
certificate-san-contains-list
Type: Listcertificate-san-ends-with-list
Type: Listcertificate-san-equals-list
Type: Listcertificate-san-starts-with-list
Type: Listcertificate-subject-contains-list
Type: Listcertificate-subject-ends-with-list
Type: Listcertificate-subject-equals-list
Type: Listcertificate-subject-starts-with-list
Type: Listchain-cert
Description Chain Certificate Name
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: chain-cert and chain-cert-shared-str are mutually exclusive
chain-cert-shared-str
Description Chain Certificate Name
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: chain-cert-shared-str and chain-cert are mutually exclusive
cipher-without-prio-list
Type: Listclass-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: class-list-name and multi-clist-name are mutually exclusive
Reference Object: /axapi/v3/class-list
client-auth-case-insensitive
Description Case insensitive forward proxy client auth bypass
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-auth-class-list
Description Forward proxy client auth bypass if SNI string matches class-list (Class List Name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-auth-contains-list
Type: Listclient-auth-ends-with-list
Type: Listclient-auth-equals-list
Type: Listclient-auth-starts-with-list
Type: Listclient-certificate
Description ‘Ignore’: Don’t request client certificate; ‘Require’: Require client certificate; ‘Request’: Request client certificate;
Type: string
Supported Values: Ignore, Require, Request
Default: Ignore
client-ipv4-list
Type: Listclient-ipv6-list
Type: Listclose-notify
Description Send close notification when terminate connection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
contains-list
Type: Listcrl-certs
Type: Listdgversion
Description Lower TLS/SSL version can be downgraded
Type: number
Range: 30-34
Default: 31
dh-type
Description ‘1024’: 1024; ‘1024-dsa’: 1024-dsa; ‘2048’: 2048;
Type: string
Supported Values: 1024, 1024-dsa, 2048
direct-client-server-auth
Description Let backend server does SSL client authentication directly
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-sslv3
Description Reject Client requests for SSL version 3
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
early-data
Description Enable TLS 1.3 early data (0-RTT)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ec-list
Type: Listenable-ssli-ftp-alg
Description Enable SSLi FTP over TLS support at which port
Type: number
Range: 1-65535
enable-tls-alert-logging
Description Enable TLS alert logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ends-with-list
Type: Listequals-list
Type: Listexception-ad-group-list
Description Exceptions to forward proxy bypass if ad-group matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
exception-certificate-issuer-cl-name
Description Exceptions to forward-proxy-bypass
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
exception-certificate-san-cl-name
Description Exceptions to forward-proxy-bypass
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
exception-certificate-subject-cl-name
Description Exceptions to forward-proxy-bypass
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
exception-client-ipv4-list
Type: Listexception-client-ipv6-list
Type: Listexception-server-ipv4-list
Type: Listexception-server-ipv6-list
Type: Listexception-sni-cl-name
Description Exceptions to forward-proxy-bypass
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
exception-user-name-list
Description Exceptions to forward proxy bypass if user-name matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
exception-web-category
Description: exception-web-category is a JSON Block. Please see below for exception-web-category
Type: Object
exception-web-reputation
Description: exception-web-reputation is a JSON Block. Please see below for exception-web-reputation
Type: Object
expire-hours
Description Certificate lifetime in hours
Type: number
Range: 1-168
forward-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)
Mutual Exclusion: forward-encrypted and fp-ca-certificate are mutually exclusive
forward-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: forward-passphrase and fp-ca-certificate are mutually exclusive
forward-proxy-alt-sign
Description Forward proxy alternate signing cert and key
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-block-message
Description Message to be included on the block page (Message, enclose in quotes if spaces are present)
Type: string
Format: string-rlx
Maximum Length: 1023 characters
Maximum Length: 1 characters
forward-proxy-ca-cert
Description CA Certificate for forward proxy (SSL forward proxy CA Certificate Name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: forward-proxy-ca-cert,fp-ca-certificate, fp-ca-key, fp-ca-key-pass-phrase, fp-ca-key-passphrase, fp-ca-key-encrypted, fp-ca-chain-cert, and fp-ca-certificate-shared are mutually exclusive
forward-proxy-ca-key
Description CA Private Key for forward proxy (SSL forward proxy CA Key Name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: forward-proxy-ca-key,fp-ca-certificate, fp-ca-key, fp-ca-key-pass-phrase, fp-ca-key-passphrase, fp-ca-key-encrypted, fp-ca-chain-cert, and fp-ca-certificate-shared are mutually exclusive
forward-proxy-cert-cache-limit
Description Certificate cache size limit, default is 524288 (set to 0 for unlimited size)
Type: number
Range: 0-2147483647
Default: 524288
forward-proxy-cert-cache-timeout
Description Certificate cache timeout, default is 1 hour (seconds, set to 0 for never timeout)
Type: number
Range: 0-2147483647
Default: 3600
forward-proxy-cert-expiry
Description Adjust certificate expiry relative to the time when it is created on the device
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-cert-not-ready-action
Description ‘bypass’: bypass the connection; ‘reset’: reset the connection; ‘intercept’: wait for cert and then inspect the connection;
Type: string
Supported Values: bypass, reset, intercept
Default: bypass
forward-proxy-cert-revoke-action
Description Action taken if a certificate is irreversibly revoked, bypass SSLi processing by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
forward-proxy-cert-unknown-action
Description Action taken if a certificate revocation status is unknown, bypass SSLi processing by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
forward-proxy-crl-disable
Description Disable Certificate Revocation List checking for forward proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-decrypted-dscp
Description Apply a DSCP to decrypted and bypassed traffic (DSCP to apply to decrypted traffic)
Type: number
Range: 1-63
forward-proxy-decrypted-dscp-bypass
Description DSCP to apply to bypassed traffic
Type: number
Range: 1-63
forward-proxy-enable
Description Enable SSL forward proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: forward-proxy-enable and ssli-inbound-enable are mutually exclusive
forward-proxy-esni-action
Description Action taken if receiving encrypted server name indication extension in client hello MSG, bypass the connection by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-failsafe-disable
Description Disable Failsafe for SSL forward proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-hash-persistence-interval
Description Set the time interval to save the hash persistence certs (Interval value, in minutes)
Type: number
Range: 1-720
Default: 30
forward-proxy-log-disable
Description Disable SSL forward proxy logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-no-shared-cipher-action
Description Action taken if handshake fails due to no shared ciper, close the connection by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
forward-proxy-no-sni-action
Description ‘intercept’: intercept in no SNI case; ‘bypass’: bypass in no SNI case; ‘reset’: reset in no SNI case;
Type: string
Supported Values: intercept, bypass, reset
Default: intercept
forward-proxy-ocsp-disable
Description Disable ocsp-stapling for forward proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-require-sni-cert-matched
Description ‘no-match-action-inspect’: Inspected if not matched; ‘no-match-action-drop’: Dropped if not matched;
Type: string
Supported Values: no-match-action-inspect, no-match-action-drop
forward-proxy-selfsign-redir
Description Redirect connections to pages with self signed certs to a warning page
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-ssl-version
Description TLS/SSL version, default is TLS1.2 (TLS/SSL version: 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3)
Type: number
Range: 31-34
Default: 33
forward-proxy-trusted-ca-lists
Type: Listforward-proxy-verify-cert-fail-action
Description Action taken if certificate verification fails, close the connection by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
fp-alt-cert
Description CA Certificate for forward proxy alternate signing (Certificate name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
fp-alt-chain-cert
Description Chain Certificate (Chain Certificate Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
fp-alt-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)fp-alt-key
Description CA Private Key for forward proxy alternate signing (Key name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
fp-alt-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
fp-alt-shared
Description Alternate CA Certificate and Private Key Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fp-ca-certificate
Description CA Certificate for forward proxy (SSL forward proxy CA Certificate Name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-ca-certificate,forward-proxy-ca-cert, fp-ca-shared, forward-proxy-ca-key, forward-passphrase, forward-encrypted, and fp-ca-key-shared are mutually exclusive
fp-ca-certificate-shared
Description CA Private Key Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: fp-ca-certificate-shared, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive
fp-ca-chain-cert
Description Chain Certificate (Chain Certificate Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-ca-chain-cert, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive
fp-ca-key
Description CA Private Key for forward proxy (SSL forward proxy CA Key Name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-ca-key, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive
fp-ca-key-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)
Mutual Exclusion: fp-ca-key-encrypted, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive
fp-ca-key-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-ca-key-passphrase, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive
fp-ca-key-shared
Description CA Private Key Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: fp-ca-key-shared and fp-ca-certificate are mutually exclusive
fp-ca-shared
Description CA Certificate Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: fp-ca-shared and fp-ca-certificate are mutually exclusive
fp-cert-ext-aia-ca-issuers
Description CA Issuers (Authority Information Access URI)
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-cert-ext-aia-ca-issuers and fp-cert-ext-aia-ocsp are mutually exclusive
fp-cert-ext-aia-ocsp
Description OCSP (Authority Information Access URI)
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-cert-ext-aia-ocsp and fp-cert-ext-aia-ca-issuers are mutually exclusive
fp-cert-ext-crldp
Description CRL Distribution Point (CRL Distribution Point URI)
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
fp-cert-fetch-autonat
Description ‘auto’: Configure auto NAT for server certificate fetching;
Type: string
Supported Values: auto
Mutual Exclusion: fp-cert-fetch-autonat and fp-cert-fetch-natpool-name are mutually exclusive
fp-cert-fetch-autonat-precedence
Description Set this NAT pool as higher precedence than other source NAT like configued under template policy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fp-cert-fetch-natpool-name
Description Specify NAT pool or pool group
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-cert-fetch-natpool-name, shared-partition-pool, and fp-cert-fetch-autonat are mutually exclusive
Reference Object: /axapi/v3/ip/nat/pool
fp-cert-fetch-natpool-name-shared
Description Specify NAT pool or pool group
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ip/nat/pool
fp-cert-fetch-natpool-precedence
Description Set this NAT pool as higher precedence than other source NAT like configued under template policy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fp-esni-action
Description ‘bypass’: bypass SSLi processing; ‘drop’: close the connection;
Type: string
Supported Values: bypass, drop
Default: bypass
handshake-logging-enable
Description Enable SSL handshake logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hsm-type
Description ‘thales-embed’: Thales embed key; ‘thales-hwcrhk’: Thales hwcrhk Key;
Type: string
Supported Values: thales-embed, thales-hwcrhk
inspect-certificate-issuer-cl-name
Description Forward proxy Inspect if Certificate issuer matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
inspect-certificate-san-cl-name
Description Forward proxy Inspect if Certificate Subject Alternative Name matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
inspect-certificate-subject-cl-name
Description Forward proxy Inspect if Certificate Subject matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
inspect-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
ja3-enable
Description Enable JA3 features
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ja3-insert-http-header
Description Insert the JA3 hash into this request as a HTTP header (HTTP Header Name)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
ja3-reject-class-list
Description Drop request if the JA3 hash matches this class-list (type string-case-insensitive) (Class-List Name)
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
ja3-reject-max-number-per-host
Description Drop request if numbers of JA3 of this client address exceeded
Type: number
Range: 1-256
ja3-ttl
Description seconds to keep each JA3 record
Type: number
Range: 1-86400
Default: 600
ldap-base-dn-from-cert
Description Use Subject DN as LDAP search base DN
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ldap-search-filter
Description Specify LDAP search filter
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
local-cert-pin-list
Description: local-cert-pin-list is a JSON Block. Please see below for local-cert-pin-list
Type: Object
local-logging
Description Enable local logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
multi-class-list
Type: Listname
Description Client SSL Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
no-anti-replay
Description Disable anti-replay protection for TLS 1.3 early data (0-RTT data)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
no-shared-cipher-action
Description ‘bypass’: bypass SSLi processing; ‘drop’: close the connection;
Type: string
Supported Values: bypass, drop
Default: drop
non-ssl-bypass-l4session
Description Handle the non-ssl session as L4 for performance optimization
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
non-ssl-bypass-service-group
Description Service Group for Bypass non-ssl traffic (Service Group Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
notafter
Description notAfter date
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
notafterday
Description Day
Type: number
Range: 1-31
notaftermonth
Description Month
Type: number
Range: 1-12
notafteryear
Description Year
Type: number
Range: 2005-2035
notbefore
Description notBefore date
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
notbeforeday
Description Day
Type: number
Range: 1-31
notbeforemonth
Description Month
Type: number
Range: 1-12
notbeforeyear
Description Year
Type: number
Range: 2005-2035
ocsp-stapling
Description Config OCSP stapling support
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ocspst-ca-cert
Description CA certificate
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
ocspst-ocsp
Description Specify OCSP Authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ocspst-sg
Description Specify authentication service group
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: ocspst-sg and ocspst-srvr are mutually exclusive
Reference Object: /axapi/v3/aam/authentication/service-group
ocspst-sg-days
Description Specify update period, in days
Type: number
Range: 1-31
Mutual Exclusion: ocspst-sg-days, ocspst-sg-hours, and ocspst-sg-minutes are mutually exclusive
ocspst-sg-hours
Description Specify update period, in hours
Type: number
Range: 1-23
Default: 1
Mutual Exclusion: ocspst-sg-hours, ocspst-sg-days, and ocspst-sg-minutes are mutually exclusive
ocspst-sg-minutes
Description Specify update period, in minutes
Type: number
Range: 1-59
Mutual Exclusion: ocspst-sg-minutes, ocspst-sg-days, and ocspst-sg-hours are mutually exclusive
ocspst-sg-timeout
Description Specify retry timeout (Default is 30 mins)
Type: number
Range: 1-44640
Default: 30
ocspst-srvr
Description Specify OCSP authentication server
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: ocspst-srvr and ocspst-sg are mutually exclusive
Reference Object: /axapi/v3/aam/authentication/server/ocsp
ocspst-srvr-days
Description Specify update period, in days
Type: number
Range: 1-31
Mutual Exclusion: ocspst-srvr-days, ocspst-srvr-hours, and ocspst-srvr-minutes are mutually exclusive
ocspst-srvr-hours
Description Specify update period, in hours
Type: number
Range: 1-23
Default: 1
Mutual Exclusion: ocspst-srvr-hours, ocspst-srvr-days, and ocspst-srvr-minutes are mutually exclusive
ocspst-srvr-minutes
Description Specify update period, in minutes
Type: number
Range: 1-59
Mutual Exclusion: ocspst-srvr-minutes, ocspst-srvr-days, and ocspst-srvr-hours are mutually exclusive
ocspst-srvr-timeout
Description Specify retry timeout (Default is 30 mins)
Type: number
Range: 1-44640
Default: 30
renegotiation-disable
Description Disable SSL renegotiation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
req-ca-lists
Type: Listrequire-web-category
Description Wait for web category to be resolved before taking bypass decision
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-ipv4-list
Type: Listserver-ipv6-list
Type: Listserver-name-auto-map
Description Enable automatic mapping of server name indication in Client hello extension
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-name-list
Type: Listsession-cache-size
Description Session Cache Size (Maximum cache size. Default value 0 (Session ID reuse disabled))
Type: number
session-cache-timeout
Description Session Cache Timeout (Timeout value, in seconds. Default value 0 (Session cache timeout disabled))
Type: number
Range: 0-604800
Default: 0
session-ticket-disable
Description Disable client side session ticket support
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
session-ticket-lifetime
Description Session ticket lifetime in seconds from stateless session resumption (Lifetime value in seconds. Default value 0 (Session ticket lifetime is 7200 seconds))
Type: number
Range: 0-2147483647
Default: 0
shared-partition-cipher-template
Description Reference a cipher template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: shared-partition-cipher-template, template-cipher, and cipher-wo-prio are mutually exclusive
shared-partition-pool
Description Reference a NAT pool or pool group from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: shared-partition-pool and fp-cert-fetch-natpool-name are mutually exclusive
sni-bypass-enable-log
Description Enable logging when bypass event happens, disabled by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-bypass-expired-cert
Description Bypass when certificate expired
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-bypass-explicit-list
Description Bypass when matched explicit bypass list (Specify class list name)
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
sni-bypass-missing-cert
Description Bypass when missing cert/key
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-enable-log
Description Enable logging of sni-auto-map failures. Disable by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ssl-false-start-disable
Description disable SSL False Start
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ssli-inbound-enable
Description Enable inbound SSLi
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: ssli-inbound-enable and forward-proxy-enable are mutually exclusive
ssli-logging
Description SSLi logging level, default is error logging only
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sslilogging
Description ‘disable’: Disable all logging; ‘all’: enable all logging(error, info);
Type: string
Supported Values: disable, all
sslv2-bypass-service-group
Description Service Group for Bypass SSLV2 (Service Group Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
starts-with-list
Type: Listtemplate-cipher
Description Cipher Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: template-cipher, shared-partition-cipher-template, and cipher-wo-prio are mutually exclusive
Reference Object: /axapi/v3/slb/template/cipher
template-cipher-shared
Description Cipher Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/cipher
template-hsm
Description HSM Template (HSM Template Name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/hsm/template
user-name-list
Description Forward proxy bypass if user-name matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
verify-cert-fail-action
Description ‘bypass’: bypass SSLi processing; ‘continue’: continue the connection; ‘drop’: close the connection; ‘block’: block the connection with a warning page;
Type: string
Supported Values: bypass, continue, drop, block
Default: drop
version
Description TLS/SSL version, default is the highest number supported (TLS/SSL version: 30-SSLv3.0, 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3)
Type: number
Range: 1-34
web-category
Description: web-category is a JSON Block. Please see below for web-category
Type: Object
web-reputation
Description: web-reputation is a JSON Block. Please see below for web-reputation
Type: Object
bypass-cert-subject-multi-class-list¶
Specification Value Type list Block object keys bypass-cert-subject-multi-class-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: bypass-cert-subject-multi-class-list-name and bypass-cert-subject-class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
certificate-san-contains-list¶
Specification Value Type list Block object keys certificate-san-contains
Description Forward proxy bypass if Certificate SAN contains another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
equals-list¶
Specification Value Type list Block object keys equals
Description Forward proxy bypass if SNI string equals another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-ipv6-list¶
Specification Value Type list Block object keys client-ipv6-list-name
Description IPV6 client class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
forward-proxy-trusted-ca-lists¶
Specification Value Type list Block object keys forward-proxy-trusted-ca
Description Forward proxy trusted CA file (CA file name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
fp-trusted-ca-shared
Description Trusted CA Certificate Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ec-list¶
Specification Value Type list Block object keys ec
Description ‘secp256r1’: X9_62_prime256v1; ‘secp384r1’: secp384r1;
Type: string
Supported Values: secp256r1, secp384r1
contains-list¶
Specification Value Type list Block object keys contains
Description Forward proxy bypass if SNI string contains another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ends-with-list¶
Specification Value Type list Block object keys ends-with
Description Forward proxy bypass if SNI string ends with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ca-certs¶
Specification Value Type list Block object keys ca-cert
Description CA Certificate (CA Certificate Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
ca-shared
Description CA Certificate Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-ocsp
Description Specify ocsp authentication server(s) for client certificate verification
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-ocsp-sg
Description Specify service-group (Service group name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/aam/authentication/service-group
client-ocsp-srvr
Description Specify authentication server
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/aam/authentication/server/ocsp/instance
client-auth-contains-list¶
Specification Value Type list Block object keys client-auth-contains
Description Forward proxy bypass if SNI string contains another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
certificate-subject-contains-list¶
Specification Value Type list Block object keys certificate-subject-contains
Description Forward proxy bypass if Certificate Subject contains another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
req-ca-lists¶
Specification Value Type list Block object keys client-cert-req-ca-shared
Description CA Certificate Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-certificate-Request-CA
Description Send CA lists in certificate request (CA Certificate Name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
certificate-subject-starts-with-list¶
Specification Value Type list Block object keys certificate-subject-starts
Description Forward proxy bypass if Certificate Subject starts with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
web-reputation¶
Specification Value Type object bypass-low-risk
Description Bypass when reputation score is greater than or equal to 61
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: bypass-low-risk,bypass-trustworthy, bypass-moderate-risk, bypass-suspicious, bypass-malicious, and bypass-threshold are mutually exclusive
bypass-malicious
Description Bypass when reputation score is greater than or equal to 1
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: bypass-malicious,bypass-trustworthy, bypass-low-risk, bypass-moderate-risk, bypass-suspicious, and bypass-threshold are mutually exclusive
bypass-moderate-risk
Description Bypass when reputation score is greater than or equal to 41
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: bypass-moderate-risk,bypass-trustworthy, bypass-low-risk, bypass-suspicious, bypass-malicious, and bypass-threshold are mutually exclusive
bypass-suspicious
Description Bypass when reputation score is greater than or equal to 21
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: bypass-suspicious,bypass-trustworthy, bypass-low-risk, bypass-moderate-risk, bypass-malicious, and bypass-threshold are mutually exclusive
bypass-threshold
Description Bypass when reputation score is greater than or equal to the customized score (1-100)
Type: number
Range: 1-100
Mutual Exclusion: bypass-threshold,bypass-trustworthy, bypass-low-risk, bypass-moderate-risk, bypass-suspicious, and bypass-malicious are mutually exclusive
bypass-trustworthy
Description Bypass when reputation score is greater than or equal to 81
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: bypass-trustworthy,bypass-low-risk, bypass-moderate-risk, bypass-suspicious, bypass-malicious, and bypass-threshold are mutually exclusive
bypass-cert-issuer-multi-class-list¶
Specification Value Type list Block object keys bypass-cert-issuer-multi-class-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: bypass-cert-issuer-multi-class-list-name and bypass-cert-issuer-class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
client-auth-equals-list¶
Specification Value Type list Block object keys client-auth-equals
Description Forward proxy bypass if SNI string equals another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
certificate-issuer-equals-list¶
Specification Value Type list Block object keys certificate-issuer-equals
Description Forward proxy bypass if Certificate issuer equals another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
certificate-san-ends-with-list¶
Specification Value Type list Block object keys certificate-san-ends-with
Description Forward proxy bypass if Certificate SAN ends with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
crl-certs¶
Specification Value Type list Block object keys crl
Description Certificate Revocation Lists (Certificate Revocation Lists file name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
crl-shared
Description Certificate Revocation Lists Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
certificate-list¶
Specification Value Type list Block object keys cert
Description Certificate Name
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
chain-cert
Description Chain Certificate (Chain Certificate Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
key
Description Server Private Key (Key Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
key-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
shared
Description Server Certificate and Key Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
client-ipv4-list¶
Specification Value Type list Block object keys client-ipv4-list-name
Description IPV4 client class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
multi-class-list¶
Specification Value Type list Block object keys multi-clist-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: multi-clist-name and class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
certificate-issuer-ends-with-list¶
Specification Value Type list Block object keys certificate-issuer-ends-with
Description Forward proxy bypass if Certificate issuer ends with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
exception-server-ipv4-list¶
Specification Value Type list Block object keys exception-server-ipv4-list-name
Description IPV4 exception server class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
web-category¶
Specification Value Type object abortion
Description Category Abortion
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
adult-and-pornography
Description Category Adult and Pornography
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
alcohol-and-tobacco
Description Category Alcohol and Tobacco
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
auctions
Description Category Auctions
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
bot-nets
Description Category Bot Nets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
business-and-economy
Description Category Business and Economy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cdns
Description Category CDNs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cheating
Description Category Cheating
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
computer-and-internet-info
Description Category Computer and Internet Info
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
computer-and-internet-security
Description Category Computer and Internet Security
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cult-and-occult
Description Category Cult and Occult
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dating
Description Category Dating
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dead-sites
Description Category Dead Sites (db Ops only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drugs
Description Category Abused Drugs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamically-generated-content
Description Dynamically Generated Content
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
educational-institutions
Description Category Educational Institutions
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
entertainment-and-arts
Description Category Entertainment and Arts
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fashion-and-beauty
Description Category Fashion and Beauty
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
financial-services
Description Category Financial Services
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
gambling
Description Category Gambling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
games
Description Category Games
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
government
Description Category Government
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
gross
Description Category Gross
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hacking
Description Category Hacking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hate-and-racism
Description Category Hate and Racism
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
health-and-medicine
Description Category Health and Medicine
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
home-and-garden
Description Category Home and Garden
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hunting-and-fishing
Description Category Hunting and Fishing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
illegal
Description Category Illegal
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
illegal-pornography
Description Category Illegal join Adult and Pornography
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
image-and-video-search
Description Category Image and Video Search
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
internet-communications
Description Category Internet Communications
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
internet-portals
Description Category Internet Portals
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
job-search
Description Category Job Search
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
keyloggers-and-monitoring
Description Category Keyloggers and Monitoring
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
kids
Description Category Kids
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
legal
Description Category Legal
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
local-information
Description Category Local Information
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malware-sites
Description Category Malware Sites
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
marijuana
Description Category Marijuana
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
military
Description Category Military
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
motor-vehicles
Description Category Motor Vehicles
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
music
Description Category Music
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
news-and-media
Description Category News and Media
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
nudity
Description Category Nudity
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
nudity-artistic
Description Category Nudity join Entertainment and Arts
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
online-greeting-cards
Description Category Online Greeting cards
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
parked-domains
Description Category Parked Domains
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
pay-to-surf
Description Category Pay to Surf
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
peer-to-peer
Description Category Peer to Peer
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
personal-sites-and-blogs
Description Category Personal sites and Blogs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
personal-storage
Description Category Personal Storage
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
philosophy-and-politics
Description Category Philosophy and Political Advocacy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
phishing-and-other-fraud
Description Category Phishing and Other Frauds
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
proxy-avoid-and-anonymizers
Description Category Proxy Avoid and Anonymizers
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
questionable
Description Category Questionable
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
real-estate
Description Category Real Estate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
recreation-and-hobbies
Description Category Recreation and Hobbies
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
reference-and-research
Description Category Reference and Research
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
religion
Description Category Religion
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
search-engines
Description Category Search Engines
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sex-education
Description Category Sex Education
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
shareware-and-freeware
Description Category Shareware and Freeware
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
shopping
Description Category Shopping
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
social-network
Description Category Social Network
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
society
Description Category Society
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
spam-urls
Description Category SPAM URLs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sports
Description Category Sports
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
spyware-and-adware
Description Category Spyware and Adware
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
stock-advice-and-tools
Description Category Stock Advice and Tools
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
streaming-media
Description Category Streaming Media
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
swimsuits-and-intimate-apparel
Description Category Swimsuits and Intimate Apparel
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
training-and-tools
Description Category Training and Tools
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
translation
Description Category Translation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
travel
Description Category Travel
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uncategorized
Description Uncategorized URLs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
violence
Description Category Violence
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
weapons
Description Category Weapons
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
web-advertisements
Description Category Web Advertisements
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
web-based-email
Description Category Web based email
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
web-hosting-sites
Description Category Web Hosting Sites
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
certificate-san-equals-list¶
Specification Value Type list Block object keys certificate-san-equals
Description Forward proxy bypass if Certificate SAN equals another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
exception-client-ipv4-list¶
Specification Value Type list Block object keys exception-client-ipv4-list-name
Description IPV4 exception client class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
certificate-issuer-contains-list¶
Specification Value Type list Block object keys certificate-issuer-contains
Description Forward proxy bypass if Certificate issuer contains another string (Certificate issuer)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-auth-starts-with-list¶
Specification Value Type list Block object keys client-auth-starts-with
Description Forward proxy bypass if SNI string starts with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
certificate-subject-ends-with-list¶
Specification Value Type list Block object keys certificate-subject-ends-with
Description Forward proxy bypass if Certificate Subject ends with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
bypass-cert-san-multi-class-list¶
Specification Value Type list Block object keys bypass-cert-san-multi-class-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: bypass-cert-san-multi-class-list-name and bypass-cert-san-class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
server-name-list¶
Specification Value Type list Block object keys server-cert
Description Server Certificate associated to SNI (Server Certificate Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
server-cert-regex
Description Server Certificate associated to SNI regex (Server Certificate Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
server-chain
Description Server Certificate Chain associated to SNI (Server Certificate Chain Name)
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
server-chain-regex
Description Server Certificate Chain associated to SNI regex (Server Certificate Chain Name)
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
server-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)server-encrypted-regex
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)server-key
Description Server Private Key associated to SNI (Server Private Key Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
server-key-regex
Description Server Private Key associated to SNI regex (Server Private Key Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
server-name
Description Server name indication in Client hello extension (Server name String)
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
server-name-alternate
Description Specific the second certifcate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-name-regex
Description Server name indication in Client hello extension with regular expression (Server name String with regex)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
server-name-regex-alternate
Description Specific the second certifcate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-passphrase
Description help Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
server-passphrase-regex
Description help Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
server-shared
Description Server Name Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-shared-regex
Description Server Name Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-regex-shared-partition-client-ssl-template
Description Reference a Client SSL template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-regex-template
Description Template associated to SNI regex
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-regex-template-client-ssl
Description Client SSL Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/client-ssl
sni-regex-template-client-ssl-shared-name
Description Client SSL Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/client-ssl
sni-shared-partition-client-ssl-template
Description Reference a Client SSL template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-template
Description Template associated to SNI
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-template-client-ssl
Description Client SSL Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/client-ssl
sni-template-client-ssl-shared-name
Description Client SSL Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/client-ssl
exception-web-category¶
Specification Value Type object exception-abortion
Description Category Abortion
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-adult-and-pornography
Description Category Adult and Pornography
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-alcohol-and-tobacco
Description Category Alcohol and Tobacco
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-auctions
Description Category Auctions
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-bot-nets
Description Category Bot Nets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-business-and-economy
Description Category Business and Economy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-cdns
Description Category CDNs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-cheating
Description Category Cheating
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-computer-and-internet-info
Description Category Computer and Internet Info
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-computer-and-internet-security
Description Category Computer and Internet Security
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-cult-and-occult
Description Category Cult and Occult
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-dating
Description Category Dating
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-dead-sites
Description Category Dead Sites (db Ops only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-drugs
Description Category Abused Drugs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-dynamically-generated-content
Description Dynamically Generated Content
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-educational-institutions
Description Category Educational Institutions
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-entertainment-and-arts
Description Category Entertainment and Arts
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-fashion-and-beauty
Description Category Fashion and Beauty
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-financial-services
Description Category Financial Services
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-gambling
Description Category Gambling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-games
Description Category Games
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-government
Description Category Government
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-gross
Description Category Gross
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-hacking
Description Category Hacking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-hate-and-racism
Description Category Hate and Racism
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-health-and-medicine
Description Category Health and Medicine
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-home-and-garden
Description Category Home and Garden
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-hunting-and-fishing
Description Category Hunting and Fishing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-illegal
Description Category Illegal
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-illegal-pornography
Description Category Illegal join Adult and Pornography
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-image-and-video-search
Description Category Image and Video Search
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-internet-communications
Description Category Internet Communications
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-internet-portals
Description Category Internet Portals
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-job-search
Description Category Job Search
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-keyloggers-and-monitoring
Description Category Keyloggers and Monitoring
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-kids
Description Category Kids
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-legal
Description Category Legal
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-local-information
Description Category Local Information
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-malware-sites
Description Category Malware Sites
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-marijuana
Description Category Marijuana
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-military
Description Category Military
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-motor-vehicles
Description Category Motor Vehicles
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-music
Description Category Music
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-news-and-media
Description Category News and Media
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-nudity
Description Category Nudity
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-nudity-artistic
Description Category Nudity join Entertainment and Arts
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-online-greeting-cards
Description Category Online Greeting cards
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-parked-domains
Description Category Parked Domains
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-pay-to-surf
Description Category Pay to Surf
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-peer-to-peer
Description Category Peer to Peer
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-personal-sites-and-blogs
Description Category Personal sites and Blogs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-personal-storage
Description Category Personal Storage
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-philosophy-and-politics
Description Category Philosophy and Political Advocacy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-phishing-and-other-fraud
Description Category Phishing and Other Frauds
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-proxy-avoid-and-anonymizers
Description Category Proxy Avoid and Anonymizers
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-questionable
Description Category Questionable
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-real-estate
Description Category Real Estate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-recreation-and-hobbies
Description Category Recreation and Hobbies
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-reference-and-research
Description Category Reference and Research
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-religion
Description Category Religion
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-search-engines
Description Category Search Engines
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-sex-education
Description Category Sex Education
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-shareware-and-freeware
Description Category Shareware and Freeware
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-shopping
Description Category Shopping
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-social-network
Description Category Social Network
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-society
Description Category Society
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-spam-urls
Description Category SPAM URLs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-sports
Description Category Sports
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-spyware-and-adware
Description Category Spyware and Adware
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-stock-advice-and-tools
Description Category Stock Advice and Tools
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-streaming-media
Description Category Streaming Media
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-swimsuits-and-intimate-apparel
Description Category Swimsuits and Intimate Apparel
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-training-and-tools
Description Category Training and Tools
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-translation
Description Category Translation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-travel
Description Category Travel
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-uncategorized
Description Uncategorized URLs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-violence
Description Category Violence
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-weapons
Description Category Weapons
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-web-advertisements
Description Category Web Advertisements
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-web-based-email
Description Category Web based email
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-web-hosting-sites
Description Category Web Hosting Sites
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exception-server-ipv6-list¶
Specification Value Type list Block object keys exception-server-ipv6-list-name
Description IPV6 exception server class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
certificate-issuer-starts-with-list¶
Specification Value Type list Block object keys certificate-issuer-starts
Description Forward proxy bypass if Certificate issuer starts with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
certificate-san-starts-with-list¶
Specification Value Type list Block object keys certificate-san-starts
Description Forward proxy bypass if Certificate SAN starts with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
server-ipv4-list¶
Specification Value Type list Block object keys server-ipv4-list-name
Description IPV4 server class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
client-auth-ends-with-list¶
Specification Value Type list Block object keys client-auth-ends-with
Description Forward proxy bypass if SNI string ends with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
exception-client-ipv6-list¶
Specification Value Type list Block object keys exception-client-ipv6-list-name
Description IPV6 exception client class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
exception-web-reputation¶
Specification Value Type object exception-low-risk
Description Intercept when reputation score is less than or equal to 80
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: exception-low-risk,exception-trustworthy, exception-moderate-risk, exception-suspicious, exception-malicious, and exception-threshold are mutually exclusive
exception-malicious
Description Intercept when reputation score is less than or equal to 20
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: exception-malicious,exception-trustworthy, exception-low-risk, exception-moderate-risk, exception-suspicious, and exception-threshold are mutually exclusive
exception-moderate-risk
Description Intercept when reputation score is less than or equal to 60
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: exception-moderate-risk,exception-trustworthy, exception-low-risk, exception-suspicious, exception-malicious, and exception-threshold are mutually exclusive
exception-suspicious
Description Intercept when reputation score is less than or equal to 40
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: exception-suspicious,exception-trustworthy, exception-low-risk, exception-moderate-risk, exception-malicious, and exception-threshold are mutually exclusive
exception-threshold
Description Intercept when reputation score is less than or equal to a customized value (1-100)
Type: number
Range: 1-100
Mutual Exclusion: exception-threshold,exception-trustworthy, exception-low-risk, exception-moderate-risk, exception-suspicious, and exception-malicious are mutually exclusive
exception-trustworthy
Description Intercept when reputation score is less than or equal to 100
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: exception-trustworthy,exception-low-risk, exception-moderate-risk, exception-suspicious, exception-malicious, and exception-threshold are mutually exclusive
local-cert-pin-list¶
Specification Value Type object local-cert-pin-list-bypass-fail-count
Description Set the connection fail count as bypass criteria (Bypass when connection failure count is greater than the criteria (1-65536))
Type: number
Range: 1-65536
server-ipv6-list¶
Specification Value Type list Block object keys server-ipv6-list-name
Description IPV6 server class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
certificate-subject-equals-list¶
Specification Value Type list Block object keys certificate-subject-equals
Description Forward proxy bypass if Certificate Subject equals another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
cipher-without-prio-list¶
Specification Value Type list Block object keys cipher-wo-prio
Description ‘SSL3_RSA_DES_192_CBC3_SHA’: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A); ‘SSL3_RSA_RC4_128_MD5’: TLS_RSA_WITH_RC4_128_MD5 (0x0004); ‘SSL3_RSA_RC4_128_SHA’: TLS_RSA_WITH_RC4_128_SHA (0x0005); ‘TLS1_RSA_AES_128_SHA’: TLS_RSA_WITH_AES_128_CBC_SHA (0x002F); ‘TLS1_RSA_AES_256_SHA’: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035); ‘TLS1_RSA_AES_128_SHA256’: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003C); ‘TLS1_RSA_AES_256_SHA256’: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003D); ‘TLS1_DHE_RSA_AES_128_GCM_SHA256’: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009E); ‘TLS1_DHE_RSA_AES_128_SHA’: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033); ‘TLS1_DHE_RSA_AES_128_SHA256’: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067); ‘TLS1_DHE_RSA_AES_256_GCM_SHA384’: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009F); ‘TLS1_DHE_RSA_AES_256_SHA’: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039); ‘TLS1_DHE_RSA_AES_256_SHA256’: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006B); ‘TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256’: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xC02B); ‘TLS1_ECDHE_ECDSA_AES_128_SHA’: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xC009); ‘TLS1_ECDHE_ECDSA_AES_128_SHA256’: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xC023); ‘TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384’: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xC02C); ‘TLS1_ECDHE_ECDSA_AES_256_SHA’: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xC00A); ‘TLS1_ECDHE_RSA_AES_128_GCM_SHA256’: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC02F); ‘TLS1_ECDHE_RSA_AES_128_SHA’: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013); ‘TLS1_ECDHE_RSA_AES_128_SHA256’: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027); ‘TLS1_ECDHE_RSA_AES_256_GCM_SHA384’: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030); ‘TLS1_ECDHE_RSA_AES_256_SHA’: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014); ‘TLS1_RSA_AES_128_GCM_SHA256’: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009C); ‘TLS1_RSA_AES_256_GCM_SHA384’: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009D); ‘TLS1_ECDHE_RSA_AES_256_SHA384’: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028); ‘TLS1_ECDHE_ECDSA_AES_256_SHA384’: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xC024); ‘TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256’: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA8); ‘TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256’: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA9); ‘TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256’: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCAA);
Type: string
Supported Values: SSL3_RSA_DES_192_CBC3_SHA, SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, TLS1_RSA_AES_128_SHA, TLS1_RSA_AES_256_SHA, TLS1_RSA_AES_128_SHA256, TLS1_RSA_AES_256_SHA256, TLS1_DHE_RSA_AES_128_GCM_SHA256, TLS1_DHE_RSA_AES_128_SHA, TLS1_DHE_RSA_AES_128_SHA256, TLS1_DHE_RSA_AES_256_GCM_SHA384, TLS1_DHE_RSA_AES_256_SHA, TLS1_DHE_RSA_AES_256_SHA256, TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256, TLS1_ECDHE_ECDSA_AES_128_SHA, TLS1_ECDHE_ECDSA_AES_128_SHA256, TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA, TLS1_ECDHE_RSA_AES_128_GCM_SHA256, TLS1_ECDHE_RSA_AES_128_SHA, TLS1_ECDHE_RSA_AES_128_SHA256, TLS1_ECDHE_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA, TLS1_RSA_AES_128_GCM_SHA256, TLS1_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA384, TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256, TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256, TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256
Mutual Exclusion: cipher-wo-prio, template-cipher, and shared-partition-cipher-template are mutually exclusive
starts-with-list¶
Specification Value Type list Block object keys starts-with
Description Forward proxy bypass if SNI string starts with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters