{ "id":"/axapi/v3/slb/template/client-ssl/{name}", "type":"object", "node-type":"list", "title":"client-ssl", "partition-visibility":"shared", "description":"Client SSL Template", "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Client SSL Template Name", "optional":false }, "auth-username":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify the Username Field in the Client Certificate(If multi-fields are specificed, prior one has higher priority)", "optional":true }, "ca-certs":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "ca-cert":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":245, "partition-visibility":"shared", "description":"CA Certificate (CA Certificate Name)" }, "ca-shared":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"private", "description":"CA Certificate Partition Shared" }, "client-ocsp":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Specify ocsp authentication server(s) for client certificate verification" }, "client-ocsp-srvr":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/server/ocsp/instance", "description":"Specify authentication server" }, "client-ocsp-sg":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/service-group", "description":"Specify service-group (Service group name)" } } } ] }, "chain-cert":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":245, "partition-visibility":"shared", "not":"chain-cert-shared-str", "description":"Chain Certificate Name", "optional":true }, "chain-cert-shared-str":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":245, "partition-visibility":"private", "not":"chain-cert", "description":"Chain Certificate Name", "optional":true }, "dh-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'1024': 1024; '1024-dsa': 1024-dsa; '2048': 2048; ", "enum":[ "1024", "1024-dsa", "2048" ], "optional":true }, "ec-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "ec":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'secp256r1': X9_62_prime256v1; 'secp384r1': secp384r1; 'secp521r1': secp521r1; 'x25519': x25519; ", "enum":[ "secp256r1", "secp384r1", "secp521r1", "x25519" ] } } } ] }, "local-logging":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable local logging", "optional":true }, "ocsp-stapling":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Config OCSP stapling support", "optional":true }, "ocspst-ca-cert":{ "type":"string", "format":"string", "minLength":1, "maxLength":245, "partition-visibility":"shared", "description":"CA certificate", "optional":true }, "ocspst-ocsp":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Specify OCSP Authentication", "optional":true }, "ocspst-srvr":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/server/ocsp", "not":"ocspst-sg", "description":"Specify OCSP authentication server", "optional":true }, "ocspst-srvr-days":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "not-list":[ "ocspst-srvr-hours", "ocspst-srvr-minutes" ], "description":"Specify update period, in days", "optional":true }, "ocspst-srvr-hours":{ "type":"number", "format":"number", "minimum":1, "maximum":23, "default":1, "partition-visibility":"shared", "not-list":[ "ocspst-srvr-days", "ocspst-srvr-minutes" ], "description":"Specify update period, in hours", "optional":true }, "ocspst-srvr-minutes":{ "type":"number", "format":"number", "minimum":1, "maximum":59, "partition-visibility":"shared", "not-list":[ "ocspst-srvr-days", "ocspst-srvr-hours" ], "description":"Specify update period, in minutes", "optional":true }, "ocspst-srvr-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":44640, "default":30, "partition-visibility":"shared", "description":"Specify retry timeout (Default is 30 mins)", "optional":true }, "ocspst-sg":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/service-group", "not":"ocspst-srvr", "description":"Specify authentication service group", "optional":true }, "ocspst-sg-days":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "not-list":[ "ocspst-sg-hours", "ocspst-sg-minutes" ], "description":"Specify update period, in days", "optional":true }, "ocspst-sg-hours":{ "type":"number", "format":"number", "minimum":1, "maximum":23, "default":1, "partition-visibility":"shared", "not-list":[ "ocspst-sg-days", "ocspst-sg-minutes" ], "description":"Specify update period, in hours", "optional":true }, "ocspst-sg-minutes":{ "type":"number", "format":"number", "minimum":1, "maximum":59, "partition-visibility":"shared", "not-list":[ "ocspst-sg-days", "ocspst-sg-hours" ], "description":"Specify update period, in minutes", "optional":true }, "ocspst-sg-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":44640, "default":30, "partition-visibility":"shared", "description":"Specify retry timeout (Default is 30 mins)", "optional":true }, "ssli-inbound-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"forward-proxy-enable", "description":"Enable inbound SSLi", "optional":true }, "ssli-logging":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"SSLi logging level, default is error logging only", "optional":true }, "sslilogging":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'disable': Disable all logging; 'all': enable all logging(error, info); ", "enum":[ "disable", "all" ], "optional":true }, "client-certificate":{ "type":"string", "format":"enum", "default":"Ignore", "partition-visibility":"shared", "description":"'Ignore': Don't request client certificate; 'Require': Require client certificate; 'Request': Request client certificate; ", "enum":[ "Ignore", "Require", "Request" ], "optional":true }, "req-ca-lists":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "client-certificate-Request-CA":{ "type":"string", "format":"string", "minLength":1, "maxLength":245, "partition-visibility":"shared", "description":"Send CA lists in certificate request (CA Certificate Name)" }, "client-cert-req-ca-shared":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"private", "description":"CA Certificate Partition Shared" } } } ] }, "close-notify":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Send close notification when terminate connection", "optional":true }, "crl-certs":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "crl":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Certificate Revocation Lists (Certificate Revocation Lists file name)" }, "crl-shared":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"private", "description":"Certificate Revocation Lists Partition Shared" } } } ] }, "forward-proxy-ca-cert":{ "type":"string", "format":"string", "minLength":1, "maxLength":245, "partition-visibility":"shared", "not-list":[ "fp-ca-certificate", "fp-ca-key", "fp-ca-key-pass-phrase", "fp-ca-key-passphrase", "fp-ca-key-encrypted", "fp-ca-chain-cert", "fp-ca-certificate-shared" ], "description":"CA Certificate for forward proxy (SSL forward proxy CA Certificate Name)", "optional":true }, "fp-ca-shared":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"private", "not":"fp-ca-certificate", "description":"CA Certificate Partition Shared", "optional":true }, "forward-proxy-ca-key":{ "type":"string", "format":"string", "minLength":1, "maxLength":245, "partition-visibility":"shared", "not-list":[ "fp-ca-certificate", "fp-ca-key", "fp-ca-key-pass-phrase", "fp-ca-key-passphrase", "fp-ca-key-encrypted", "fp-ca-chain-cert", "fp-ca-certificate-shared" ], "description":"CA Private Key for forward proxy (SSL forward proxy CA Key Name)", "optional":true }, "forward-passphrase":{ "type":"string", "format":"password", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"fp-ca-certificate", "description":"Password Phrase", "optional":true }, "forward-encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "not":"fp-ca-certificate", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)", "optional":true }, "fp-ca-key-shared":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"private", "not":"fp-ca-certificate", "description":"CA Private Key Partition Shared", "optional":true }, "fp-ca-certificate":{ "type":"string", "format":"string", "minLength":1, "maxLength":245, "partition-visibility":"shared", "not-list":[ "forward-proxy-ca-cert", "fp-ca-shared", "forward-proxy-ca-key", "forward-passphrase", "forward-encrypted", "fp-ca-key-shared" ], "description":"CA Certificate for forward proxy (SSL forward proxy CA Certificate Name)", "optional":true }, "fp-ca-key":{ "type":"string", "format":"string", "minLength":1, "maxLength":245, "partition-visibility":"shared", "not-list":[ "forward-proxy-ca-cert", "forward-proxy-ca-key" ], "description":"CA Private Key for forward proxy (SSL forward proxy CA Key Name)", "optional":true }, "fp-ca-key-passphrase":{ "type":"string", "format":"password", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not-list":[ "forward-proxy-ca-cert", "forward-proxy-ca-key" ], "description":"Password Phrase", "optional":true }, "fp-ca-key-encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "not-list":[ "forward-proxy-ca-cert", "forward-proxy-ca-key" ], "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)", "optional":true }, "fp-ca-chain-cert":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":245, "partition-visibility":"shared", "not-list":[ "forward-proxy-ca-cert", "forward-proxy-ca-key" ], "description":"Chain Certificate (Chain Certificate Name)", "optional":true }, "fp-ca-certificate-shared":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"private", "not-list":[ "forward-proxy-ca-cert", "forward-proxy-ca-key" ], "description":"CA Private Key Partition Shared", "optional":true }, "forward-proxy-alt-sign":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Forward proxy alternate signing cert and key", "optional":true }, "fp-alt-cert":{ "type":"string", "format":"string", "minLength":1, "maxLength":245, "partition-visibility":"shared", "description":"CA Certificate for forward proxy alternate signing (Certificate name)", "optional":true }, "fp-alt-key":{ "type":"string", "format":"string", "minLength":1, "maxLength":245, "partition-visibility":"shared", "description":"CA Private Key for forward proxy alternate signing (Key name)", "optional":true }, "fp-alt-passphrase":{ "type":"string", "format":"password", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Password Phrase", "optional":true }, "fp-alt-encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)", "optional":true }, "fp-alt-chain-cert":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":245, "partition-visibility":"shared", "description":"Chain Certificate (Chain Certificate Name)", "optional":true }, "fp-alt-shared":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"private", "description":"Alternate CA Certificate and Private Key Partition Shared", "optional":true }, "forward-proxy-trusted-ca-lists":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "forward-proxy-trusted-ca":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Forward proxy trusted CA file (CA file name)" }, "fp-trusted-ca-shared":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"private", "description":"Trusted CA Certificate Partition Shared" } } } ] }, "forward-proxy-decrypted-dscp":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"Apply a DSCP to decrypted and bypassed traffic (DSCP to apply to decrypted traffic)", "optional":true }, "forward-proxy-decrypted-dscp-bypass":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"DSCP to apply to bypassed traffic", "optional":true }, "enable-tls-alert-logging":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable TLS alert logging", "optional":true }, "alert-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'fatal': Log fatal alerts; ", "enum":[ "fatal" ], "optional":true }, "forward-proxy-verify-cert-fail-action":{ "type":"number", "format":"flag", "default":1, "partition-visibility":"shared", "description":"Action taken if certificate verification fails, close the connection by default", "optional":true }, "verify-cert-fail-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'bypass': bypass SSLi processing; 'continue': continue the connection; 'drop': close the connection; 'block': block the connection with a warning page; ", "enum":[ "bypass", "continue", "drop", "block" ], "optional":true }, "forward-proxy-cert-revoke-action":{ "type":"number", "format":"flag", "default":1, "partition-visibility":"shared", "description":"Action taken if a certificate is irreversibly revoked, bypass SSLi processing by default", "optional":true }, "cert-revoke-action":{ "type":"string", "format":"enum", "default":"bypass", "partition-visibility":"shared", "description":"'bypass': bypass SSLi processing; 'continue': continue the connection; 'drop': close the connection; 'block': block the connection with a warning page; ", "enum":[ "bypass", "continue", "drop", "block" ], "optional":true }, "forward-proxy-no-shared-cipher-action":{ "type":"number", "format":"flag", "default":1, "partition-visibility":"shared", "description":"Action taken if handshake fails due to no shared ciper, close the connection by default", "optional":true }, "no-shared-cipher-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'bypass': bypass SSLi processing; 'drop': close the connection; ", "enum":[ "bypass", "drop" ], "optional":true }, "forward-proxy-esni-action":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Action taken if receiving encrypted server name indication extension in client hello MSG, bypass the connection by default", "optional":true }, "fp-esni-action":{ "type":"string", "format":"enum", "default":"bypass", "partition-visibility":"shared", "description":"'bypass': bypass SSLi processing; 'drop': close the connection; ", "enum":[ "bypass", "drop" ], "optional":true }, "forward-proxy-cert-unknown-action":{ "type":"number", "format":"flag", "default":1, "partition-visibility":"shared", "description":"Action taken if a certificate revocation status is unknown, bypass SSLi processing by default", "optional":true }, "cert-unknown-action":{ "type":"string", "format":"enum", "default":"bypass", "partition-visibility":"shared", "description":"'bypass': bypass SSLi processing; 'continue': continue the connection; 'drop': close the connection; 'block': block the connection with a warning page; ", "enum":[ "bypass", "continue", "drop", "block" ], "optional":true }, "forward-proxy-block-message":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1023, "partition-visibility":"shared", "description":"Message to be included on the block page (Message, enclose in quotes if spaces are present)", "optional":true }, "cache-persistence-list-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Class List Name", "optional":true }, "fp-cert-ext-crldp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"CRL Distribution Point (CRL Distribution Point URI)", "optional":true }, "fp-cert-ext-aia-ocsp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "not":"fp-cert-ext-aia-ca-issuers", "description":"OCSP (Authority Information Access URI)", "optional":true }, "fp-cert-ext-aia-ca-issuers":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "not":"fp-cert-ext-aia-ocsp", "description":"CA Issuers (Authority Information Access URI)", "optional":true }, "notbefore":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"notBefore date", "optional":true }, "notbeforeday":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "description":"Day", "optional":true }, "notbeforemonth":{ "type":"number", "format":"number", "minimum":1, "maximum":12, "partition-visibility":"shared", "description":"Month", "optional":true }, "notbeforeyear":{ "type":"number", "format":"number", "minimum":2005, "maximum":2035, "partition-visibility":"shared", "description":"Year", "optional":true }, "notafter":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"notAfter date", "optional":true }, "notafterday":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "description":"Day", "optional":true }, "notaftermonth":{ "type":"number", "format":"number", "minimum":1, "maximum":12, "partition-visibility":"shared", "description":"Month", "optional":true }, "notafteryear":{ "type":"number", "format":"number", "minimum":2005, "maximum":2035, "partition-visibility":"shared", "description":"Year", "optional":true }, "forward-proxy-hash-persistence-interval":{ "type":"number", "format":"number", "minimum":1, "maximum":720, "default":30, "partition-visibility":"shared", "description":"Set the time interval to save the hash persistence certs (Interval value, in minutes)", "optional":true }, "forward-proxy-ssl-version":{ "type":"number", "format":"number", "minimum":31, "maximum":34, "default":33, "partition-visibility":"shared", "description":"TLS/SSL version, default is TLS1.2 (TLS/SSL version: 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3)", "optional":true }, "forward-proxy-ocsp-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable ocsp-stapling for forward proxy", "optional":true }, "forward-proxy-crl-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable Certificate Revocation List checking for forward proxy", "optional":true }, "forward-proxy-cert-cache-timeout":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "default":3600, "partition-visibility":"shared", "description":"Certificate cache timeout, default is 1 hour (seconds, set to 0 for never timeout)", "optional":true }, "forward-proxy-cert-cache-limit":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "default":524288, "partition-visibility":"shared", "description":"Certificate cache size limit, default is 524288 (set to 0 for unlimited size)", "optional":true }, "forward-proxy-cert-expiry":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Adjust certificate expiry relative to the time when it is created on the device", "optional":true }, "expire-hours":{ "type":"number", "format":"number", "minimum":1, "maximum":168, "partition-visibility":"shared", "description":"Certificate lifetime in hours", "optional":true }, "forward-proxy-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"ssli-inbound-enable", "description":"Enable SSL forward proxy", "optional":true }, "handshake-logging-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable SSL handshake logging", "optional":true }, "session-key-logging-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable SSL session key logging", "optional":true }, "forward-proxy-selfsign-redir":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Redirect connections to pages with self signed certs to a warning page", "optional":true }, "forward-proxy-failsafe-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable Failsafe for SSL forward proxy", "optional":true }, "forward-proxy-log-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable SSL forward proxy logging", "optional":true }, "fp-cert-fetch-natpool-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/ip/nat/pool", "not-list":[ "shared-partition-pool", "fp-cert-fetch-autonat" ], "description":"Specify NAT pool or pool group", "optional":true }, "shared-partition-pool":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"private", "not":"fp-cert-fetch-natpool-name", "description":"Reference a NAT pool or pool group from shared partition", "optional":true }, "fp-cert-fetch-natpool-name-shared":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"private", "$ref":"/axapi/v3/ip/nat/pool", "description":"Specify NAT pool or pool group", "optional":true }, "fp-cert-fetch-natpool-precedence":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Set this NAT pool as higher precedence than other source NAT like configued under template policy", "optional":true }, "fp-cert-fetch-autonat":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"fp-cert-fetch-natpool-name", "description":"'auto': Configure auto NAT for server certificate fetching; ", "enum":[ "auto" ], "optional":true }, "fp-cert-fetch-autonat-precedence":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Set this NAT pool as higher precedence than other source NAT like configued under template policy", "optional":true }, "forward-proxy-no-sni-action":{ "type":"string", "format":"enum", "default":"intercept", "partition-visibility":"shared", "description":"'intercept': intercept in no SNI case; 'bypass': bypass in no SNI case; 'reset': reset in no SNI case; ", "enum":[ "intercept", "bypass", "reset" ], "optional":true }, "case-insensitive":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Case insensitive forward proxy bypass", "optional":true }, "class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "not":"multi-clist-name", "description":"Class List Name", "optional":true }, "multi-class-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "multi-clist-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "not":"class-list-name", "description":"Class List Name" } } } ] }, "user-name-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"Forward proxy bypass if user-name matches class-list", "optional":true }, "ad-group-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"Forward proxy bypass if ad-group matches class-list", "optional":true }, "exception-user-name-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"Exceptions to forward proxy bypass if user-name matches class-list", "optional":true }, "exception-ad-group-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"Exceptions to forward proxy bypass if ad-group matches class-list", "optional":true }, "exception-sni-cl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"Exceptions to forward-proxy-bypass", "optional":true }, "inspect-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"Class List Name", "optional":true }, "inspect-certificate-subject-cl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"Forward proxy Inspect if Certificate Subject matches class-list", "optional":true }, "inspect-certificate-issuer-cl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"Forward proxy Inspect if Certificate issuer matches class-list", "optional":true }, "inspect-certificate-san-cl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"Forward proxy Inspect if Certificate Subject Alternative Name matches class-list", "optional":true }, "contains-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "contains":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy bypass if SNI string contains another string" } } } ] }, "ends-with-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "ends-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy bypass if SNI string ends with another string" } } } ] }, "equals-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "equals":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy bypass if SNI string equals another string" } } } ] }, "starts-with-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "starts-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy bypass if SNI string starts with another string" } } } ] }, "certificate-subject-contains-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "certificate-subject-contains":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy bypass if Certificate Subject contains another string" } } } ] }, "bypass-cert-subject-class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "not":"bypass-cert-subject-multi-class-list-name", "description":"Class List Name", "optional":true }, "bypass-cert-subject-multi-class-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "bypass-cert-subject-multi-class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "not":"bypass-cert-subject-class-list-name", "description":"Class List Name" } } } ] }, "exception-certificate-subject-cl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"Exceptions to forward-proxy-bypass", "optional":true }, "certificate-subject-ends-with-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "certificate-subject-ends-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy bypass if Certificate Subject ends with another string" } } } ] }, "certificate-subject-equals-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "certificate-subject-equals":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy bypass if Certificate Subject equals another string" } } } ] }, "certificate-subject-starts-with-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "certificate-subject-starts":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy bypass if Certificate Subject starts with another string" } } } ] }, "certificate-issuer-contains-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "certificate-issuer-contains":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy bypass if Certificate issuer contains another string (Certificate issuer)" } } } ] }, "bypass-cert-issuer-class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "not":"bypass-cert-issuer-multi-class-list-name", "description":"Class List Name", "optional":true }, "bypass-cert-issuer-multi-class-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "bypass-cert-issuer-multi-class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "not":"bypass-cert-issuer-class-list-name", "description":"Class List Name" } } } ] }, "exception-certificate-issuer-cl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"Exceptions to forward-proxy-bypass", "optional":true }, "certificate-issuer-ends-with-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "certificate-issuer-ends-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy bypass if Certificate issuer ends with another string" } } } ] }, "certificate-issuer-equals-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "certificate-issuer-equals":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy bypass if Certificate issuer equals another string" } } } ] }, "certificate-issuer-starts-with-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "certificate-issuer-starts":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy bypass if Certificate issuer starts with another string" } } } ] }, "certificate-san-contains-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "certificate-san-contains":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy bypass if Certificate SAN contains another string" } } } ] }, "bypass-cert-san-class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "not":"bypass-cert-san-multi-class-list-name", "description":"Class List Name", "optional":true }, "bypass-cert-san-multi-class-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "bypass-cert-san-multi-class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "not":"bypass-cert-san-class-list-name", "description":"Class List Name" } } } ] }, "exception-certificate-san-cl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"Exceptions to forward-proxy-bypass", "optional":true }, "certificate-san-ends-with-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "certificate-san-ends-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy bypass if Certificate SAN ends with another string" } } } ] }, "certificate-san-equals-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "certificate-san-equals":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy bypass if Certificate SAN equals another string" } } } ] }, "certificate-san-starts-with-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "certificate-san-starts":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy bypass if Certificate SAN starts with another string" } } } ] }, "client-auth-case-insensitive":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Case insensitive forward proxy client auth bypass", "optional":true }, "client-auth-class-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy client auth bypass if SNI string matches class-list (Class List Name)", "optional":true }, "client-auth-contains-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "client-auth-contains":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy bypass if SNI string contains another string" } } } ] }, "client-auth-ends-with-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "client-auth-ends-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy bypass if SNI string ends with another string" } } } ] }, "client-auth-equals-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "client-auth-equals":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy bypass if SNI string equals another string" } } } ] }, "client-auth-starts-with-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "client-auth-starts-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Forward proxy bypass if SNI string starts with another string" } } } ] }, "forward-proxy-cert-not-ready-action":{ "type":"string", "format":"enum", "default":"bypass", "partition-visibility":"shared", "description":"'bypass': bypass the connection; 'reset': reset the connection; 'intercept': wait for cert and then inspect the connection; ", "enum":[ "bypass", "reset", "intercept" ], "optional":true }, "web-reputation":{ "type":"object", "properties":{ "bypass-trustworthy":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "bypass-low-risk", "bypass-moderate-risk", "bypass-suspicious", "bypass-malicious", "bypass-threshold" ], "description":"Bypass when reputation score is greater than or equal to 81" }, "bypass-low-risk":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "bypass-trustworthy", "bypass-moderate-risk", "bypass-suspicious", "bypass-malicious", "bypass-threshold" ], "description":"Bypass when reputation score is greater than or equal to 61" }, "bypass-moderate-risk":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "bypass-trustworthy", "bypass-low-risk", "bypass-suspicious", "bypass-malicious", "bypass-threshold" ], "description":"Bypass when reputation score is greater than or equal to 41" }, "bypass-suspicious":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "bypass-trustworthy", "bypass-low-risk", "bypass-moderate-risk", "bypass-malicious", "bypass-threshold" ], "description":"Bypass when reputation score is greater than or equal to 21" }, "bypass-malicious":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "bypass-trustworthy", "bypass-low-risk", "bypass-moderate-risk", "bypass-suspicious", "bypass-threshold" ], "description":"Bypass when reputation score is greater than or equal to 1" }, "bypass-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "not-list":[ "bypass-trustworthy", "bypass-low-risk", "bypass-moderate-risk", "bypass-suspicious", "bypass-malicious" ], "description":"Bypass when reputation score is greater than or equal to the customized score (1-100)" } } }, "exception-web-reputation":{ "type":"object", "properties":{ "exception-trustworthy":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "exception-low-risk", "exception-moderate-risk", "exception-suspicious", "exception-malicious", "exception-threshold" ], "description":"Intercept when reputation score is less than or equal to 100" }, "exception-low-risk":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "exception-trustworthy", "exception-moderate-risk", "exception-suspicious", "exception-malicious", "exception-threshold" ], "description":"Intercept when reputation score is less than or equal to 80" }, "exception-moderate-risk":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "exception-trustworthy", "exception-low-risk", "exception-suspicious", "exception-malicious", "exception-threshold" ], "description":"Intercept when reputation score is less than or equal to 60" }, "exception-suspicious":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "exception-trustworthy", "exception-low-risk", "exception-moderate-risk", "exception-malicious", "exception-threshold" ], "description":"Intercept when reputation score is less than or equal to 40" }, "exception-malicious":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "exception-trustworthy", "exception-low-risk", "exception-moderate-risk", "exception-suspicious", "exception-threshold" ], "description":"Intercept when reputation score is less than or equal to 20" }, "exception-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "not-list":[ "exception-trustworthy", "exception-low-risk", "exception-moderate-risk", "exception-suspicious", "exception-malicious" ], "description":"Intercept when reputation score is less than or equal to a customized value (1-100)" } } }, "web-category":{ "type":"object", "properties":{ "bypassed-category":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'uncategorized': Uncategorized URLs; 'real-estate': Category Real Estate; 'computer-and-internet-security': Category Computer and Internet Security; 'financial-services': Category Financial Services; 'business-and-economy': Category Business and Economy; 'computer-and-internet-info': Category Computer and Internet Info; 'auctions': Category Auctions; 'shopping': Category Shopping; 'cult-and-occult': Category Cult and Occult; 'travel': Category Travel; 'drugs': Category Abused Drugs; 'adult-and-pornography': Category Adult and Pornography; 'home-and-garden': Category Home and Garden; 'military': Category Military; 'social-network': Category Social Network; 'dead-sites': Category Dead Sites (db Ops only); 'stock-advice-and-tools': Category Stock Advice and Tools; 'training-and-tools': Category Training and Tools; 'dating': Category Dating; 'sex-education': Category Sex Education; 'religion': Category Religion; 'entertainment-and-arts': Category Entertainment and Arts; 'personal-sites-and-blogs': Category Personal sites and Blogs; 'legal': Category Legal; 'local-information': Category Local Information; 'streaming-media': Category Streaming Media; 'job-search': Category Job Search; 'gambling': Category Gambling; 'translation': Category Translation; 'reference-and-research': Category Reference and Research; 'shareware-and-freeware': Category Shareware and Freeware; 'peer-to-peer': Category Peer to Peer; 'marijuana': Category Marijuana; 'hacking': Category Hacking; 'games': Category Games; 'philosophy-and-politics': Category Philosophy and Political Advocacy; 'weapons': Category Weapons; 'pay-to-surf': Category Pay to Surf; 'hunting-and-fishing': Category Hunting and Fishing; 'society': Category Society; 'educational-institutions': Category Educational Institutions; 'online-greeting-cards': Category Online Greeting cards; 'sports': Category Sports; 'swimsuits-and-intimate-apparel': Category Swimsuits and Intimate Apparel; 'questionable': Category Questionable; 'kids': Category Kids; 'hate-and-racism': Category Hate and Racism; 'personal-storage': Category Personal Storage; 'violence': Category Violence; 'keyloggers-and-monitoring': Category Keyloggers and Monitoring; 'search-engines': Category Search Engines; 'internet-portals': Category Internet Portals; 'web-advertisements': Category Web Advertisements; 'cheating': Category Cheating; 'gross': Category Gross; 'web-based-email': Category Web based email; 'malware-sites': Category Malware Sites; 'phishing-and-other-fraud': Category Phishing and Other Frauds; 'proxy-avoid-and-anonymizers': Category Proxy Avoid and Anonymizers; 'spyware-and-adware': Category Spyware and Adware; 'music': Category Music; 'government': Category Government; 'nudity': Category Nudity; 'news-and-media': Category News and Media; 'illegal': Category Illegal; 'cdns': Category CDNs; 'internet-communications': Category Internet Communications; 'bot-nets': Category Bot Nets; 'abortion': Category Abortion; 'health-and-medicine': Category Health and Medicine; 'spam-urls': Category SPAM URLs; 'dynamically-generated-content': Category Dynamically Generated Content; 'parked-domains': Category Parked Domains; 'alcohol-and-tobacco': Category Alcohol and Tobacco; 'image-and-video-search': Category Image and Video Search; 'fashion-and-beauty': Category Fashion and Beauty; 'recreation-and-hobbies': Category Recreation and Hobbies; 'motor-vehicles': Category Motor Vehicles; 'web-hosting-sites': Category Web Hosting Sites; 'self-harm': Category Self Harm; 'dns-over-https': Category DNS over HTTPs; 'low-thc-cannabis-products': Category Low-THC Cannabis Products; 'generative-ai': Category Generative AI; 'nudity-artistic': Category Artistic Nudity; 'illegal-pornography': Category Illegal Pornography eg. Child Sexual Abuse; ", "enum":[ "uncategorized", "real-estate", "computer-and-internet-security", "financial-services", "business-and-economy", "computer-and-internet-info", "auctions", "shopping", "cult-and-occult", "travel", "drugs", "adult-and-pornography", "home-and-garden", "military", "social-network", "dead-sites", "stock-advice-and-tools", "training-and-tools", "dating", "sex-education", "religion", "entertainment-and-arts", "personal-sites-and-blogs", "legal", "local-information", "streaming-media", "job-search", "gambling", "translation", "reference-and-research", "shareware-and-freeware", "peer-to-peer", "marijuana", "hacking", "games", "philosophy-and-politics", "weapons", "pay-to-surf", "hunting-and-fishing", "society", "educational-institutions", "online-greeting-cards", "sports", "swimsuits-and-intimate-apparel", "questionable", "kids", "hate-and-racism", "personal-storage", "violence", "keyloggers-and-monitoring", "search-engines", "internet-portals", "web-advertisements", "cheating", "gross", "web-based-email", "malware-sites", "phishing-and-other-fraud", "proxy-avoid-and-anonymizers", "spyware-and-adware", "music", "government", "nudity", "news-and-media", "illegal", "cdns", "internet-communications", "bot-nets", "abortion", "health-and-medicine", "spam-urls", "dynamically-generated-content", "parked-domains", "alcohol-and-tobacco", "image-and-video-search", "fashion-and-beauty", "recreation-and-hobbies", "motor-vehicles", "web-hosting-sites", "self-harm", "dns-over-https", "low-thc-cannabis-products", "generative-ai", "nudity-artistic", "illegal-pornography" ] } } }, "exception-web-category":{ "type":"object", "properties":{ "exception-category":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'uncategorized': Uncategorized URLs; 'real-estate': Category Real Estate; 'computer-and-internet-security': Category Computer and Internet Security; 'financial-services': Category Financial Services; 'business-and-economy': Category Business and Economy; 'computer-and-internet-info': Category Computer and Internet Info; 'auctions': Category Auctions; 'shopping': Category Shopping; 'cult-and-occult': Category Cult and Occult; 'travel': Category Travel; 'drugs': Category Abused Drugs; 'adult-and-pornography': Category Adult and Pornography; 'home-and-garden': Category Home and Garden; 'military': Category Military; 'social-network': Category Social Network; 'dead-sites': Category Dead Sites (db Ops only); 'stock-advice-and-tools': Category Stock Advice and Tools; 'training-and-tools': Category Training and Tools; 'dating': Category Dating; 'sex-education': Category Sex Education; 'religion': Category Religion; 'entertainment-and-arts': Category Entertainment and Arts; 'personal-sites-and-blogs': Category Personal sites and Blogs; 'legal': Category Legal; 'local-information': Category Local Information; 'streaming-media': Category Streaming Media; 'job-search': Category Job Search; 'gambling': Category Gambling; 'translation': Category Translation; 'reference-and-research': Category Reference and Research; 'shareware-and-freeware': Category Shareware and Freeware; 'peer-to-peer': Category Peer to Peer; 'marijuana': Category Marijuana; 'hacking': Category Hacking; 'games': Category Games; 'philosophy-and-politics': Category Philosophy and Political Advocacy; 'weapons': Category Weapons; 'pay-to-surf': Category Pay to Surf; 'hunting-and-fishing': Category Hunting and Fishing; 'society': Category Society; 'educational-institutions': Category Educational Institutions; 'online-greeting-cards': Category Online Greeting cards; 'sports': Category Sports; 'swimsuits-and-intimate-apparel': Category Swimsuits and Intimate Apparel; 'questionable': Category Questionable; 'kids': Category Kids; 'hate-and-racism': Category Hate and Racism; 'personal-storage': Category Personal Storage; 'violence': Category Violence; 'keyloggers-and-monitoring': Category Keyloggers and Monitoring; 'search-engines': Category Search Engines; 'internet-portals': Category Internet Portals; 'web-advertisements': Category Web Advertisements; 'cheating': Category Cheating; 'gross': Category Gross; 'web-based-email': Category Web based email; 'malware-sites': Category Malware Sites; 'phishing-and-other-fraud': Category Phishing and Other Frauds; 'proxy-avoid-and-anonymizers': Category Proxy Avoid and Anonymizers; 'spyware-and-adware': Category Spyware and Adware; 'music': Category Music; 'government': Category Government; 'nudity': Category Nudity; 'news-and-media': Category News and Media; 'illegal': Category Illegal; 'cdns': Category CDNs; 'internet-communications': Category Internet Communications; 'bot-nets': Category Bot Nets; 'abortion': Category Abortion; 'health-and-medicine': Category Health and Medicine; 'spam-urls': Category SPAM URLs; 'dynamically-generated-content': Category Dynamically Generated Content; 'parked-domains': Category Parked Domains; 'alcohol-and-tobacco': Category Alcohol and Tobacco; 'image-and-video-search': Category Image and Video Search; 'fashion-and-beauty': Category Fashion and Beauty; 'recreation-and-hobbies': Category Recreation and Hobbies; 'motor-vehicles': Category Motor Vehicles; 'web-hosting-sites': Category Web Hosting Sites; 'self-harm': Category Self Harm; 'dns-over-https': Category DNS over HTTPs; 'low-thc-cannabis-products': Category Low-THC Cannabis Products; 'generative-ai': Category Generative AI; 'nudity-artistic': Category Artistic Nudity; 'illegal-pornography': Category Illegal Pornography eg. Child Sexual Abuse; ", "enum":[ "uncategorized", "real-estate", "computer-and-internet-security", "financial-services", "business-and-economy", "computer-and-internet-info", "auctions", "shopping", "cult-and-occult", "travel", "drugs", "adult-and-pornography", "home-and-garden", "military", "social-network", "dead-sites", "stock-advice-and-tools", "training-and-tools", "dating", "sex-education", "religion", "entertainment-and-arts", "personal-sites-and-blogs", "legal", "local-information", "streaming-media", "job-search", "gambling", "translation", "reference-and-research", "shareware-and-freeware", "peer-to-peer", "marijuana", "hacking", "games", "philosophy-and-politics", "weapons", "pay-to-surf", "hunting-and-fishing", "society", "educational-institutions", "online-greeting-cards", "sports", "swimsuits-and-intimate-apparel", "questionable", "kids", "hate-and-racism", "personal-storage", "violence", "keyloggers-and-monitoring", "search-engines", "internet-portals", "web-advertisements", "cheating", "gross", "web-based-email", "malware-sites", "phishing-and-other-fraud", "proxy-avoid-and-anonymizers", "spyware-and-adware", "music", "government", "nudity", "news-and-media", "illegal", "cdns", "internet-communications", "bot-nets", "abortion", "health-and-medicine", "spam-urls", "dynamically-generated-content", "parked-domains", "alcohol-and-tobacco", "image-and-video-search", "fashion-and-beauty", "recreation-and-hobbies", "motor-vehicles", "web-hosting-sites", "self-harm", "dns-over-https", "low-thc-cannabis-products", "generative-ai", "nudity-artistic", "illegal-pornography" ] } } }, "require-web-category":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Wait for web category to be resolved before taking bypass decision", "optional":true }, "client-ipv4-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "client-ipv4-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"IPV4 client class-list name" } } } ] }, "client-ipv6-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "client-ipv6-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"IPV6 client class-list name" } } } ] }, "server-ipv4-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "server-ipv4-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"IPV4 server class-list name" } } } ] }, "server-ipv6-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "server-ipv6-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"IPV6 server class-list name" } } } ] }, "exception-client-ipv4-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "exception-client-ipv4-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"IPV4 exception client class-list name" } } } ] }, "exception-client-ipv6-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "exception-client-ipv6-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"IPV6 exception client class-list name" } } } ] }, "exception-server-ipv4-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "exception-server-ipv4-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"IPV4 exception server class-list name" } } } ] }, "exception-server-ipv6-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "exception-server-ipv6-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"IPV6 exception server class-list name" } } } ] }, "local-cert-pin-list":{ "type":"object", "properties":{ "local-cert-pin-list-bypass-fail-count":{ "type":"number", "format":"number", "minimum":1, "maximum":65536, "partition-visibility":"shared", "description":"Set the connection fail count as bypass criteria (Bypass when connection failure count is greater than the criteria (1-65536))" } } }, "central-cert-pin-list":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Forward proxy bypass if SNI string is contained in central updated cert-pinning-candidate list", "optional":true }, "forward-proxy-require-sni-cert-matched":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'no-match-action-inspect': Inspected if not matched; 'no-match-action-drop': Dropped if not matched; ", "enum":[ "no-match-action-inspect", "no-match-action-drop" ], "optional":true }, "template-cipher":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "$ref":"/axapi/v3/slb/template/cipher", "not-list":[ "shared-partition-cipher-template", "cipher-wo-prio" ], "description":"Cipher Template Name", "optional":true }, "shared-partition-cipher-template":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "template-cipher", "cipher-wo-prio" ], "description":"Reference a cipher template from shared partition", "optional":true }, "template-cipher-shared":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "$ref":"/axapi/v3/slb/template/cipher", "description":"Cipher Template Name", "optional":true }, "template-hsm":{ "type":"string", "format":"string-rlx", "plat-neg-list":["tps"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/hsm/template", "description":"HSM Template (HSM Template Name)", "optional":true }, "hsm-type":{ "type":"string", "format":"enum", "plat-neg-list":["tps"], "partition-visibility":"shared", "description":"'thales-embed': Thales embed key; 'thales-hwcrhk': Thales hwcrhk Key; ", "enum":[ "thales-embed", "thales-hwcrhk" ], "optional":true }, "cipher-without-prio-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "cipher-wo-prio":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not-list":[ "template-cipher", "shared-partition-cipher-template" ], "description":"'SSL3_RSA_DES_192_CBC3_SHA': TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A); 'SSL3_RSA_RC4_128_MD5': TLS_RSA_WITH_RC4_128_MD5 (0x0004); 'SSL3_RSA_RC4_128_SHA': TLS_RSA_WITH_RC4_128_SHA (0x0005); 'TLS1_RSA_AES_128_SHA': TLS_RSA_WITH_AES_128_CBC_SHA (0x002F); 'TLS1_RSA_AES_256_SHA': TLS_RSA_WITH_AES_256_CBC_SHA (0x0035); 'TLS1_RSA_AES_128_SHA256': TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003C); 'TLS1_RSA_AES_256_SHA256': TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003D); 'TLS1_DHE_RSA_AES_128_GCM_SHA256': TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009E); 'TLS1_DHE_RSA_AES_128_SHA': TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033); 'TLS1_DHE_RSA_AES_128_SHA256': TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067); 'TLS1_DHE_RSA_AES_256_GCM_SHA384': TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009F); 'TLS1_DHE_RSA_AES_256_SHA': TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039); 'TLS1_DHE_RSA_AES_256_SHA256': TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006B); 'TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256': TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xC02B); 'TLS1_ECDHE_ECDSA_AES_128_SHA': TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xC009); 'TLS1_ECDHE_ECDSA_AES_128_SHA256': TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xC023); 'TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384': TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xC02C); 'TLS1_ECDHE_ECDSA_AES_256_SHA': TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xC00A); 'TLS1_ECDHE_RSA_AES_128_GCM_SHA256': TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC02F); 'TLS1_ECDHE_RSA_AES_128_SHA': TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013); 'TLS1_ECDHE_RSA_AES_128_SHA256': TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027); 'TLS1_ECDHE_RSA_AES_256_GCM_SHA384': TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030); 'TLS1_ECDHE_RSA_AES_256_SHA': TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014); 'TLS1_RSA_AES_128_GCM_SHA256': TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009C); 'TLS1_RSA_AES_256_GCM_SHA384': TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009D); 'TLS1_ECDHE_RSA_AES_256_SHA384': TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028); 'TLS1_ECDHE_ECDSA_AES_256_SHA384': TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xC024); 'TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256': TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA8); 'TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256': TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA9); 'TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256': TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCAA); ", "enum":[ "SSL3_RSA_DES_192_CBC3_SHA", "SSL3_RSA_RC4_128_MD5", "SSL3_RSA_RC4_128_SHA", "TLS1_RSA_AES_128_SHA", "TLS1_RSA_AES_256_SHA", "TLS1_RSA_AES_128_SHA256", "TLS1_RSA_AES_256_SHA256", "TLS1_DHE_RSA_AES_128_GCM_SHA256", "TLS1_DHE_RSA_AES_128_SHA", "TLS1_DHE_RSA_AES_128_SHA256", "TLS1_DHE_RSA_AES_256_GCM_SHA384", "TLS1_DHE_RSA_AES_256_SHA", "TLS1_DHE_RSA_AES_256_SHA256", "TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256", "TLS1_ECDHE_ECDSA_AES_128_SHA", "TLS1_ECDHE_ECDSA_AES_128_SHA256", "TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384", "TLS1_ECDHE_ECDSA_AES_256_SHA", "TLS1_ECDHE_RSA_AES_128_GCM_SHA256", "TLS1_ECDHE_RSA_AES_128_SHA", "TLS1_ECDHE_RSA_AES_128_SHA256", "TLS1_ECDHE_RSA_AES_256_GCM_SHA384", "TLS1_ECDHE_RSA_AES_256_SHA", "TLS1_RSA_AES_128_GCM_SHA256", "TLS1_RSA_AES_256_GCM_SHA384", "TLS1_ECDHE_RSA_AES_256_SHA384", "TLS1_ECDHE_ECDSA_AES_256_SHA384", "TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256", "TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256", "TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256" ] } } } ] }, "server-name-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "server-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Server name indication in Client hello extension (Server name String)" }, "server-cert":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":245, "partition-visibility":"shared", "description":"Server Certificate associated to SNI (Server Certificate Name)" }, "server-chain":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Server Certificate Chain associated to SNI (Server Certificate Chain Name)" }, "server-key":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":245, "partition-visibility":"shared", "description":"Server Private Key associated to SNI (Server Private Key Name)" }, "server-passphrase":{ "type":"string", "format":"password", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"help Password Phrase" }, "server-encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)" }, "server-name-alternate":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Specific the second certifcate" }, "server-shared":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"private", "description":"Server Name Partition Shared" }, "sni-template":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Template associated to SNI" }, "sni-template-client-ssl":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "$ref":"/axapi/v3/slb/template/client-ssl", "description":"Client SSL Template Name" }, "sni-shared-partition-client-ssl-template":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"private", "description":"Reference a Client SSL template from shared partition" }, "sni-template-client-ssl-shared-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"private", "$ref":"/axapi/v3/slb/template/client-ssl", "description":"Shared Partition Client SSL Template Name" }, "server-name-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Server name indication in Client hello extension with regular expression (Server name String with regex)" }, "server-cert-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":245, "partition-visibility":"shared", "description":"Server Certificate associated to SNI regex (Server Certificate Name)" }, "server-chain-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Server Certificate Chain associated to SNI regex (Server Certificate Chain Name)" }, "server-key-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":245, "partition-visibility":"shared", "description":"Server Private Key associated to SNI regex (Server Private Key Name)" }, "server-passphrase-regex":{ "type":"string", "format":"password", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"help Password Phrase" }, "server-encrypted-regex":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)" }, "server-name-regex-alternate":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Specific the second certifcate" }, "server-shared-regex":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"private", "description":"Server Name Partition Shared" }, "sni-regex-template":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Template associated to SNI regex" }, "sni-regex-template-client-ssl":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "$ref":"/axapi/v3/slb/template/client-ssl", "description":"Client SSL Template Name" }, "sni-regex-shared-partition-client-ssl-template":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"private", "description":"Reference a Client SSL template from shared partition" }, "sni-regex-template-client-ssl-shared-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"private", "$ref":"/axapi/v3/slb/template/client-ssl", "description":"Shared Partition Client SSL Template Name" } } } ] }, "server-name-auto-map":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable automatic mapping of server name indication in Client hello extension", "optional":true }, "sni-enable-log":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging of sni-auto-map failures. Disable by default", "optional":true }, "sni-bypass-missing-cert":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Bypass when missing cert/key", "optional":true }, "sni-bypass-expired-cert":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Bypass when certificate expired", "optional":true }, "sni-bypass-explicit-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"Bypass when matched explicit bypass list (Specify class list name)", "optional":true }, "sni-bypass-enable-log":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging when bypass event happens, disabled by default", "optional":true }, "direct-client-server-auth":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Let backend server does SSL client authentication directly", "optional":true }, "session-cache-size":{ "type":"number", "format":"number", "platform-specific-range":1, "platform-specific-default":1, "partition-visibility":"shared", "description":"Session Cache Size (Maximum cache size. Default value 0 (Session ID reuse disabled))", "optional":true }, "session-cache-timeout":{ "type":"number", "format":"number", "minimum":0, "maximum":604800, "default":0, "partition-visibility":"shared", "description":"Session Cache Timeout (Timeout value, in seconds. Default value 0 (Session cache timeout disabled))", "optional":true }, "session-ticket-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable client side session ticket support", "optional":true }, "session-ticket-lifetime":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "default":0, "partition-visibility":"shared", "description":"Session ticket lifetime in seconds from stateless session resumption (Lifetime value in seconds. Default value 0 (Session ticket lifetime is 7200 seconds))", "optional":true }, "ssl-false-start-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"disable SSL False Start", "optional":true }, "disable-sslv3":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Reject Client requests for SSL version 3", "optional":true }, "version":{ "type":"number", "format":"number", "minimum":1, "maximum":34, "platform-specific-default":1, "partition-visibility":"shared", "description":"TLS/SSL version, default is the highest number supported (TLS/SSL version: 30-SSLv3.0, 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3)", "optional":true }, "dgversion":{ "type":"number", "format":"number", "minimum":30, "maximum":34, "default":31, "partition-visibility":"shared", "description":"Lower TLS/SSL version can be downgraded", "optional":true }, "renegotiation-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable SSL renegotiation", "optional":true }, "sslv2-bypass-service-group":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "$ref":"/axapi/v3/slb/service-group", "description":"Service Group for Bypass SSLV2 (Service Group Name)", "optional":true }, "authorization":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Specify LDAP server for client SSL authorizaiton", "optional":true }, "authen-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/server/ldap", "not":"auth-sg", "description":"Specify authorization LDAP server name", "optional":true }, "ldap-base-dn-from-cert":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use Subject DN as LDAP search base DN", "optional":true }, "ldap-search-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Specify LDAP search filter", "optional":true }, "auth-sg":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/service-group", "not":"authen-name", "description":"Specify authorization LDAP service group", "optional":true }, "auth-sg-dn":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use Subject DN as LDAP search base DN", "optional":true }, "auth-sg-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Specify LDAP search filter", "optional":true }, "auth-username-attribute":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":31, "partition-visibility":"shared", "description":"Specify attribute name of username for client SSL authorization", "optional":true }, "non-ssl-bypass-service-group":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "$ref":"/axapi/v3/slb/service-group", "description":"Service Group for Bypass non-ssl traffic (Service Group Name)", "optional":true }, "non-ssl-bypass-l4session":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Handle the non-ssl session as L4 for performance optimization", "optional":true }, "enable-ssli-ftp-alg":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Enable SSLi FTP over TLS support at which port", "optional":true }, "early-data":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable TLS 1.3 early data (0-RTT)", "optional":true }, "no-anti-replay":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable anti-replay protection for TLS 1.3 early data (0-RTT data)", "optional":true }, "ja3-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable JA3 features", "optional":true }, "ja3-insert-http-header":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Insert the JA3 hash into this request as a HTTP header (HTTP Header Name)", "optional":true }, "ja3-reject-class-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"Drop request if the JA3 hash matches this class-list (type string-case-insensitive) (Class-List Name)", "optional":true }, "ja3-reject-max-number-per-host":{ "type":"number", "format":"number", "minimum":1, "maximum":256, "partition-visibility":"shared", "description":"Drop request if numbers of JA3 of this client address exceeded", "optional":true }, "ja3-ttl":{ "type":"number", "format":"number", "minimum":1, "maximum":86400, "default":600, "partition-visibility":"shared", "description":"seconds to keep each JA3 record", "optional":true }, "ja4-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable JA4 features", "optional":true }, "ja4-insert-http-header":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Insert the JA4 hash into this request as a HTTP header (HTTP Header Name)", "optional":true }, "ja4-reject-class-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"Drop request if the JA4 hash matches this class-list (type string-case-insensitive) (Class-List Name)", "optional":true }, "ja4-reject-max-number-per-host":{ "type":"number", "format":"number", "minimum":1, "maximum":256, "partition-visibility":"shared", "description":"Drop request if numbers of JA4 of this client address exceeded", "optional":true }, "ja4-ttl":{ "type":"number", "format":"number", "minimum":1, "maximum":86400, "default":600, "partition-visibility":"shared", "description":"seconds to keep each JA4 record", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'real-estate': real estate category; 'computer-and-internet-security': computer and internet security category; 'financial-services': financial services category; 'business-and-economy': business and economy category; 'computer-and-internet-info': computer and internet info category; 'auctions': auctions category; 'shopping': shopping category; 'cult-and-occult': cult and occult category; 'travel': travel category; 'drugs': drugs category; 'adult-and-pornography': adult and pornography category; 'home-and-garden': home and garden category; 'military': military category; 'social-network': social network category; 'dead-sites': dead sites category; 'stock-advice-and-tools': stock advice and tools category; 'training-and-tools': training and tools category; 'dating': dating category; 'sex-education': sex education category; 'religion': religion category; 'entertainment-and-arts': entertainment and arts category; 'personal-sites-and-blogs': personal sites and blogs category; 'legal': legal category; 'local-information': local information category; 'streaming-media': streaming media category; 'job-search': job search category; 'gambling': gambling category; 'translation': translation category; 'reference-and-research': reference and research category; 'shareware-and-freeware': shareware and freeware category; 'peer-to-peer': peer to peer category; 'marijuana': marijuana category; 'hacking': hacking category; 'games': games category; 'philosophy-and-politics': philosophy and politics category; 'weapons': weapons category; 'pay-to-surf': pay to surf category; 'hunting-and-fishing': hunting and fishing category; 'society': society category; 'educational-institutions': educational institutions category; 'online-greeting-cards': online greeting cards category; 'sports': sports category; 'swimsuits-and-intimate-apparel': swimsuits and intimate apparel category; 'questionable': questionable category; 'kids': kids category; 'hate-and-racism': hate and racism category; 'personal-storage': personal storage category; 'violence': violence category; 'keyloggers-and-monitoring': keyloggers and monitoring category; 'search-engines': search engines category; 'internet-portals': internet portals category; 'web-advertisements': web advertisements category; 'cheating': cheating category; 'gross': gross category; 'web-based-email': web based email category; 'malware-sites': malware sites category; 'phishing-and-other-fraud': phishing and other fraud category; 'proxy-avoid-and-anonymizers': proxy avoid and anonymizers category; 'spyware-and-adware': spyware and adware category; 'music': music category; 'government': government category; 'nudity': nudity category; 'news-and-media': news and media category; 'illegal': illegal category; 'CDNs': content delivery networks category; 'internet-communications': internet communications category; 'bot-nets': bot nets category; 'abortion': abortion category; 'health-and-medicine': health and medicine category; 'confirmed-SPAM-sources': confirmed SPAM sources category; 'SPAM-URLs': SPAM URLs category; 'unconfirmed-SPAM-sources': unconfirmed SPAM sources category; 'open-HTTP-proxies': open HTTP proxies category; 'dynamically-generated-content': dynamically generated content category; 'parked-domains': parked domains category; 'alcohol-and-tobacco': alcohol and tobacco category; 'private-IP-addresses': private IP addresses category; 'image-and-video-search': image and video search category; 'fashion-and-beauty': fashion and beauty category; 'recreation-and-hobbies': recreation and hobbies category; 'motor-vehicles': motor vehicles category; 'web-hosting-sites': web hosting sites category; 'food-and-dining': food and dining category; 'dummy-item': dummy item category; 'self-harm': self harm category; 'dns-over-https': dns over https category; 'low-thc-cannabis-products': low-thc cannabis products; 'generative-ai': generative ai category; 'nudity-artistic': artistic nudity; 'illegal-pornography': illegal pornography eg. child sexual abuse; 'uncategorised': uncategorised; 'other-category': other category; 'trustworthy': Trustworthy level(81-100); 'low-risk': Low-risk level(61-80); 'moderate-risk': Moderate-risk level(41-60); 'suspicious': Suspicious level(21-40); 'malicious': Malicious level(1-20); ", "enum":[ "all", "real-estate", "computer-and-internet-security", "financial-services", "business-and-economy", "computer-and-internet-info", "auctions", "shopping", "cult-and-occult", "travel", "drugs", "adult-and-pornography", "home-and-garden", "military", "social-network", "dead-sites", "stock-advice-and-tools", "training-and-tools", "dating", "sex-education", "religion", "entertainment-and-arts", "personal-sites-and-blogs", "legal", "local-information", "streaming-media", "job-search", "gambling", "translation", "reference-and-research", "shareware-and-freeware", "peer-to-peer", "marijuana", "hacking", "games", "philosophy-and-politics", "weapons", "pay-to-surf", "hunting-and-fishing", "society", "educational-institutions", "online-greeting-cards", "sports", "swimsuits-and-intimate-apparel", "questionable", "kids", "hate-and-racism", "personal-storage", "violence", "keyloggers-and-monitoring", "search-engines", "internet-portals", "web-advertisements", "cheating", "gross", "web-based-email", "malware-sites", "phishing-and-other-fraud", "proxy-avoid-and-anonymizers", "spyware-and-adware", "music", "government", "nudity", "news-and-media", "illegal", "CDNs", "internet-communications", "bot-nets", "abortion", "health-and-medicine", "confirmed-SPAM-sources", "SPAM-URLs", "unconfirmed-SPAM-sources", "open-HTTP-proxies", "dynamically-generated-content", "parked-domains", "alcohol-and-tobacco", "private-IP-addresses", "image-and-video-search", "fashion-and-beauty", "recreation-and-hobbies", "motor-vehicles", "web-hosting-sites", "food-and-dining", "dummy-item", "self-harm", "dns-over-https", "low-thc-cannabis-products", "generative-ai", "nudity-artistic", "illegal-pornography", "uncategorised", "other-category", "trustworthy", "low-risk", "moderate-risk", "suspicious", "malicious" ] } } } ] }, "certificate-list":{ "type":"array", "minItems":1, "items":{ "type":"certificate" }, "uniqueItems":true, "$ref":"/axapi/v3/slb/template/client-ssl/{name}/certificate/{cert}", "array":[ { "properties":{ "cert":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":245, "partition-visibility":"shared", "description":"Certificate Name", "optional":false }, "key":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":245, "partition-visibility":"shared", "description":"Server Private Key (Key Name)", "optional":true }, "passphrase":{ "type":"string", "format":"password", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Password Phrase", "optional":true }, "key-encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)", "optional":true }, "chain-cert":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":245, "partition-visibility":"shared", "description":"Chain Certificate (Chain Certificate Name)", "optional":true }, "shared":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"private", "description":"Server Certificate and Key Partition Shared", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "cert" ] } ] } }, "object-keys":[ "name" ], "required":[ "name" ] }