ddos template tcp progression-tracking mitigation¶
Configure and enable TCP Progression Tracking Mitigation
mitigation Specification¶
Parameter Value Type Intermediate Resource Element Name mitigation Element URI /axapi/v3/ddos/template/tcp/{name}/progression-tracking/mitigation Element Attributes mitigation_attributes Partition Visibility shared Schema mitigation schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Get Object | GET | /axapi/v3/ddos/template/tcp/{name}/progression-tracking/mitigation | mitigation_attributes | |
mitigation attributes¶
connection-tracking
Description: connection-tracking is a JSON Block. Please see below for connection-tracking
Type: Object
Reference Object: /axapi/v3/ddos/template/tcp/{name}/progression-tracking/mitigation/connection-tracking
request-tracking
Description: request-tracking is a JSON Block. Please see below for request-tracking
Type: Object
Reference Object: /axapi/v3/ddos/template/tcp/{name}/progression-tracking/mitigation/request-tracking
slow-attack
Description: slow-attack is a JSON Block. Please see below for slow-attack
Type: Object
Reference Object: /axapi/v3/ddos/template/tcp/{name}/progression-tracking/mitigation/slow-attack
time-window-tracking
Description: time-window-tracking is a JSON Block. Please see below for time-window-tracking
Type: Object
Reference Object: /axapi/v3/ddos/template/tcp/{name}/progression-tracking/mitigation/time-window-tracking
time-window-tracking¶
Specification Value Type object progression-tracking-win-enabled
Description ‘enable-check’: Enable Progression Tracking per Time Window;
Type: string
Supported Values: enable-check
Default: enable-check
progression-tracking-windows-action
Description ‘drop’: Drop packets for progression tracking violation exceed (Default); ‘blacklist-src’: Blacklist-src for progression tracking violation exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
Mutual Exclusion: progression-tracking-windows-action and progression-tracking-windows-action-list-name are mutually exclusive
progression-tracking-windows-action-list-name
Description Configure action-list to take when progression tracking violation exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: progression-tracking-windows-action-list-name and progression-tracking-windows-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
window-rcvd-max
Description Set the maximum total received byte
Type: number
Range: 1-65535
window-rcvd-min
Description Set the minimum total received byte
Type: number
Range: 1-65535
window-rcvd-sent-ratio-max
Description Set the maximum received to sent ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
window-rcvd-sent-ratio-min
Description Set the minimum received to sent ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
window-sent-max
Description Set the maximum total sent byte
Type: number
Range: 1-65535
window-sent-min
Description Set the minimum total sent byte
Type: number
Range: 1-65535
window-violation
Description Set the violation threshold
Type: number
Range: 1-255
slow-attack¶
Specification Value Type object init-request-max-time
Description Set client query time (in unit of 100ms). Suggested value larger than 30 secs
Type: number
Range: 2-6000
init-response-max-time
Description Set server think time (in unit of 100ms). Suggested value larger than 45 secs
Type: number
Range: 2-6000
progression-tracking-slow-action
Description ‘drop’: Drop packets for progression tracking violation exceed (Default); ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src for progression tracking violation exceed;
Type: string
Supported Values: drop, reset, blacklist-src
Default: drop
Mutual Exclusion: progression-tracking-slow-action and progression-tracking-slow-action-list-name are mutually exclusive
progression-tracking-slow-action-list-name
Description Configure action-list to take when progression tracking violation exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: progression-tracking-slow-action-list-name and progression-tracking-slow-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
response-pkt-rate-max
Description Set the transferred packets per response
Type: number
Range: 1-255
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
connection-tracking¶
Specification Value Type object conn-duration-max
Description Set the maximum duration time (in unit of 100ms, up to 24 hours)
Type: number
Range: 1-864000
conn-duration-min
Description Set the minimum duration time (in unit of 100ms, up to 24 hours)
Type: number
Range: 1-864000
conn-rcvd-max
Description Set the maximum total received byte
Type: number
Range: 1-65535
conn-rcvd-min
Description Set the minimum total received byte
Type: number
Range: 1-65535
conn-rcvd-sent-ratio-max
Description Set the maximum received to sent ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
conn-rcvd-sent-ratio-min
Description Set the minimum received to sent ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
conn-sent-max
Description Set the maximum total sent byte
Type: number
Range: 1-65535
conn-sent-min
Description Set the minimum total sent byte
Type: number
Range: 1-65535
conn-violation
Description Set the violation threshold
Type: number
Range: 1-255
progression-tracking-conn-action
Description ‘drop’: Drop packets for progression tracking violation exceed (Default); ‘blacklist-src’: Blacklist-src for progression tracking violation exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
Mutual Exclusion: progression-tracking-conn-action and progression-tracking-conn-action-list-name are mutually exclusive
progression-tracking-conn-action-list-name
Description Configure action-list to take when progression tracking violation exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: progression-tracking-conn-action-list-name and progression-tracking-conn-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
progression-tracking-conn-enabled
Description ‘enable-check’: Enable General Progression Tracking per Connection;
Type: string
Supported Values: enable-check
Default: enable-check
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
request-tracking¶
Specification Value Type object first-request-max-time
Description Set the maximum idle time before the first request (in unit of 100ms)
Type: number
Range: 1-65535
progression-tracking-req-action
Description ‘drop’: Drop packets for progression tracking violation exceed (Default); ‘blacklist-src’: Blacklist-src for progression tracking violation exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
Mutual Exclusion: progression-tracking-req-action and progression-tracking-req-action-list-name are mutually exclusive
progression-tracking-req-action-list-name
Description Configure action-list to take when progression tracking violation exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: progression-tracking-req-action-list-name and progression-tracking-req-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
progression-tracking-req-enabled
Description ‘enable-check’: Enable General Progression Tracking per Request Response;
Type: string
Supported Values: enable-check
Default: enable-check
request-length-max
Description Set the maximum request length
Type: number
Range: 1-65535
request-length-min
Description Set the minimum request length
Type: number
Range: 1-65535
request-response-model
Description ‘enable’: Enable Request Response Model; ‘disable’: Disable Request Response Model;
Type: string
Supported Values: enable, disable
Default: enable
request-to-response-max-time
Description Set the maximum request to response time (in unit of 100ms)
Type: number
Range: 1-65535
response-length-max
Description Set the maximum response length
Type: number
Range: 1-4294967295
response-length-min
Description Set the minimum response length
Type: number
Range: 1-65535
response-to-request-max-time
Description Set the maximum response to request time (in unit of 100ms)
Type: number
Range: 1-65535
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
violation
Description Set the violation threshold
Type: number
Range: 1-255