slb template policy forward-policy¶
Forward Policy commands
forward-policy Specification¶
Parameter Value Type Configuration Resource Element Name forward-policy Element URI /axapi/v3/slb/template/policy/{name}/forward-policy Element Attributes forward-policy_attributes Partition Visibility shared Schema forward-policy schema
Operations Allowed:
Operation | Method | URI | Payload | |
---|---|---|---|---|
Create Object | POST | /axapi/v3/slb/template/policy/{name}/forward-policy | ||
Get Object | GET | /axapi/v3/slb/template/policy/{name}/forward-policy | ||
Modify Object | POST | /axapi/v3/slb/template/policy/{name}/forward-policy | ||
Replace Object | PUT | /axapi/v3/slb/template/policy/{name}/forward-policy | ||
Delete Object | DELETE | /axapi/v3/slb/template/policy/{name}/forward-policy | ||
forward-policy attributes¶
acos-event-log
Description Enable acos event logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
action-list
Type: List
Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/action/{name}
dual-stack-action-list
Type: List
Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/dual-stack-action/{name}
enable-adv-match
Description Enable adv-match rules and deactive all the other kinds of destination rules
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
filtering
Type: Listforward-http-connect-to-icap
Description Forward HTTP CONNECT request to ICAP server
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
local-logging
Description Enable local logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
no-client-conn-reuse
Description Inspects only first request of a connection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
reqmod-icap
Description ICAP reqmod template (Reqmod ICAP Template Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/reqmod-icap
require-web-category
Description Wait for web category to be resolved before taking proxy decision
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
san-filtering
Type: Listsource-list
Type: List
Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
filtering¶
Specification Value Type list Block object keys ssli-url-filtering
Description ‘bypassed-sni-disable’: Disable SNI filtering for bypassed URL’s(enabled by default); ‘intercepted-sni-enable’: Enable SNI filtering for intercepted URL’s(disabled by default); ‘intercepted-http-disable’: Disable HTTP(host/URL) filtering for intercepted URL’s(enabled by default); ‘no-sni-allow’: Allow connection if SNI filtering is enabled and SNI header is not present(Drop by default);
Type: string
Supported Values: bypassed-sni-disable, intercepted-sni-enable, intercepted-http-disable, no-sni-allow
san-filtering¶
Specification Value Type list Block object keys ssli-url-filtering-san
Description ‘enable-san’: Enable SAN filtering(disabled by default); ‘bypassed-san-disable’: Disable SAN filtering for bypassed URL’s(enabled by default); ‘intercepted-san-enable’: Enable SAN filtering for intercepted URL’s(disabled by default); ‘no-san-allow’: Allow connection if SAN filtering is enabled and SAN field is not present(Drop by default);
Type: string
Supported Values: enable-san, bypassed-san-disable, intercepted-san-enable, no-san-allow
action-list¶
Specification Value Type list Block object keys action1
Description ‘forward-to-internet’: Forward request to Internet; ‘forward-to-service-group’: Forward request to service group; ‘forward-to-proxy’: Forward request to HTTP proxy server; ‘drop’: Drop request;
Type: string
Supported Values: forward-to-internet, forward-to-service-group, forward-to-proxy, drop
drop-message
Description drop-message sent to the client as webpage(html tags are included and quotation marks are required for white spaces)
Type: string
Format: string-rlx
Maximum Length: 1023 characters
Maximum Length: 1 characters
Mutual Exclusion: drop-message and drop-redirect-url are mutually exclusive
drop-redirect-url
Description Specify URL to which client request is redirected upon being dropped
Type: string
Format: string-rlx
Maximum Length: 1023 characters
Maximum Length: 1 characters
Mutual Exclusion: drop-redirect-url, drop-response-code, and drop-message are mutually exclusive
drop-response-code
Description Specify response code for drop action
Type: number
Range: 100-599
Mutual Exclusion: drop-response-code and drop-redirect-url are mutually exclusive
fake-sg
Description service group to forward the packets to Internet
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
fall-back
Description Fallback service group for Internet
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
fall-back-snat
Description Source NAT pool or pool group for fallback server
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: fall-back-snat and fall-back-snat-pt-only are mutually exclusive
fall-back-snat-pt-only
Description Source port translation only for fallback server
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: fall-back-snat-pt-only and fall-back-snat are mutually exclusive
forward-snat
Description Source NAT pool or pool group
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: forward-snat and forward-snat-pt-only are mutually exclusive
forward-snat-pt-only
Description Source port translation only
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: forward-snat-pt-only and forward-snat are mutually exclusive
http-status-code
Description ‘301’: Moved permanently; ‘302’: Found;
Type: string
Supported Values: 301, 302
Default: 302
log
Description enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description Action policy name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
proxy-chaining
Description Enable proxy chaining feature
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
proxy-chaining-bypass
Description Forward all https packets to upstream proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
real-sg
Description service group to forward the packets
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
sampling-enable
Type: Listsupport-cert-fetch
Description Fetch server certificate by upstream proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
action-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘hits’: Number of requests matching this destination rule;
Type: string
Supported Values: all, hits
dual-stack-action-list¶
Specification Value Type list Block object keys fall-back
Description Fallback service group
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
fall-back-snat
Description Source NAT pool or pool group for fallback
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ip/nat/pool
ipv4
Description IPv4 service group to forward
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
ipv4-snat
Description IPv4 source NAT pool or pool group
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ip/nat/pool
ipv6
Description IPv6 service group to forward
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
ipv6-snat
Description IPv6 source NAT pool or pool group
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ipv6/nat/pool
log
Description enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description Action name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dual-stack-action-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘hits’: Number of requests forward by this action;
Type: string
Supported Values: all, hits
source-list¶
Specification Value Type list Block object keys destination
Description: destination is a JSON Block. Please see below for source-list_destination
Type: Object
Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination
match-any
Description Match any source
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: match-any and match-class-list are mutually exclusive
match-authorize-policy
Description Authorize-policy for user and group based policy
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/aam/authorization/policy
match-class-list
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: match-class-list and match-any are mutually exclusive
name
Description source destination match rule name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
priority
Description Priority of the source(higher the number higher the priority, default 0)
Type: number
Range: 1-2000
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
source-list_destination¶
Specification Value Type object adv-match-list
Type: List
Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination/adv-match/{priority}
any
Description: any is a JSON Block. Please see below for source-list_destination_any
Type: Object
Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination/any
class-list-list
Type: List
Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination/class-list/{dest-class-list}
web-category-list-list
Type: List
Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination/web-category-list/{web-category-list}
web-reputation-scope-list
source-list_destination_class-list-list¶
Specification Value Type list Block object keys action
Description Action to be performed
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
dest-class-list
Description Destination Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dual-stack-action
Description Dual-stack action to be performed
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
priority
Description Priority value of the action(higher the number higher the priority)
Type: number
Range: 1-1024
type
Description ‘host’: Match hostname; ‘url’: Match URL; ‘ip’: Match destination IP address;
Type: string
Supported Values: host, url, ip
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
source-list_destination_web-category-list-list¶
Specification Value Type list Block object keys action
Description Action to be performed
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
dual-stack-action
Description Dual-stack action to be performed
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
priority
Description Priority value of the action(higher the number higher the priority)
Type: number
Range: 1-1024
type
Description ‘host’: Match hostname; ‘url’: match URL;
Type: string
Supported Values: host, url
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
web-category-list
Description Destination Web Category List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/web-category/category-list
source-list_destination_any¶
Specification Value Type object action
Description Action to be performed
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: action and dual-stack-action are mutually exclusive
dual-stack-action
Description Dual-stack action to be performed
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dual-stack-action and action are mutually exclusive
sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
source-list_destination_any_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘hits’: Number of requests matching this destination rule;
Type: string
Supported Values: all, hits
source-list_destination_adv-match-list¶
Specification Value Type list Block object keys action
Description Forwading action of this rule
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: action and dual-stack-action are mutually exclusive
disable-reqmod-icap
Description Disable REQMOD ICAP template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-respmod-icap
Description Disable RESPMOD ICAP template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dual-stack-action
Description Forwarding action of this rule
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dual-stack-action and action are mutually exclusive
match-host
Description Match request host (HTTP stage) or SNI/SAN (SSL stage)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
match-http-content-encoding
Description Match the value of HTTP header “Content-Encoding”
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
match-http-content-length-range-begin
Description Match the value of HTTP header “Content-Length” with an inclusive range
Type: number
Range: 0-2147483647
match-http-content-length-range-end
Description End of the “Content-Length” range
Type: number
Range: 0-2147483647
match-http-content-type
Description Match the value of HTTP header “Content-Type”
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
match-http-header
Description Matching the name of all request headers
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
match-http-method-connect
Description Match HTTP request method CONNECT
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-http-method-delete
Description Match HTTP request method DELETE
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-http-method-get
Description Match HTTP request method GET
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-http-method-head
Description Match HTTP request method HEAD
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-http-method-options
Description Match HTTP request method OPTIONS
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-http-method-patch
Description Match HTTP request method PATCH
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-http-method-post
Description Match HTTP request method POST
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-http-method-put
Description Match HTTP request method PUT
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-http-method-trace
Description Match HTTP request method TRACE
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
match-http-request-file-extension
Description Match file extension of URL in HTTP request line
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
match-http-url
Description Match URL in HTTP request line
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
match-http-url-regex
Description Match URI in HTTP request line by given regular expression
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
match-http-user-agent
Description Matching the value of HTTP header “User-Agent”
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
match-server-address
Description Match target server IP address
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
match-server-port
Description Match target server port number
Type: number
Range: 1-65535
Mutual Exclusion: match-server-port and match-server-port-range-begin are mutually exclusive
match-server-port-range-begin
Description Math targer server port range inclusively
Type: number
Range: 1-65535
Mutual Exclusion: match-server-port-range-begin and match-server-port are mutually exclusive
match-server-port-range-end
Description End of port range
Type: number
Range: 1-65535
match-time-range
Description Enable rule in this time-range
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/forward-proxy/time-range
match-web-category-list
Description Match web-category list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/web-category/category-list
match-web-reputation-scope
Description Match web-reputation scope
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/web-category/reputation-scope
notify-page
Description Send notify-page to client
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/forward-proxy/notify-page
priority
Description Rule priority (1000 is highest)
Type: number
Range: 1-1000
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
source-list_destination_adv-match-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘hits’: Number of requests hit this rule;
Type: string
Supported Values: all, hits
source-list_destination_web-reputation-scope-list¶
Specification Value Type list Block object keys action
Description Action to be performed
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
dual-stack-action
Description Dual-stack action to be performed
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
priority
Description Priority value of the action(higher the number higher the priority)
Type: number
Range: 1-1024
type
Description ‘host’: Match hostname; ‘url’: match URL;
Type: string
Supported Values: host, url
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
web-reputation-scope
Description Destination Web Reputation Scope Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/web-category/reputation-scope
source-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘hits’: Number of requests matching this source rule; ‘destination-match-not-found’: Number of requests without matching destination rule; ‘no-host-info’: Failed to parse ip or host information from request;
Type: string
Supported Values: all, hits, destination-match-not-found, no-host-info