ApplicationProfile
uuid
- Type
- string
- Category
- required
- Description
- UUID of the application profile.
name
- Type
- string
- Category
- required
- Description
- The name of the application profile.
type
- Type
- enum
- Category
- required
- Description
- Specifies which application layer proxy is enabled for the virtual service.
- Choices
- APPLICATION_PROFILE_TYPE_L4, APPLICATION_PROFILE_TYPE_HTTP, APPLICATION_PROFILE_TYPE_SYSLOG, APPLICATION_PROFILE_TYPE_DNS, APPLICATION_PROFILE_TYPE_SSL
http_profile
- Type
- HTTPApplicationProfile
- Category
- optional
- Description
- Specifies the HTTP application proxy profile parameters.
dos_rl_profile
- Type
- DosRateLimitProfile
- Category
- optional
- Description
- Specifies various security related controls for virtual service.
tcp_app_profile
- Type
- TCPApplicationProfile
- Category
- optional
- Description
- Specifies the TCP application proxy profile parameters.
dns_service_profile
- Type
- DnsServiceApplicationProfile
- Category
- optional
- Description
- Specifies various DNS service related controls for virtual service.
preserve_client_ip
- Type
- bool
- Category
- optional
- Description
- Specifies if client IP needs to be preserved for backend connection. Not compatible with Connection Multiplexing.
- Default
- False
description
- Type
- string
- Category
- optional
- Description
tenant_ref
- Type
- Reference to Tenant
- Category
- required
- Description
HTTPApplicationProfile
connection_multiplexing_enabled
- Type
- bool
- Category
- optional
- Description
- Allows HTTP requests, not just TCP connections, to be load balanced across servers. Proxied TCP connections to servers may be reused by multiple clients to improve performance. Not compatible with Preserve Client IP.
- Default
- True
xff_enabled
- Type
- bool
- Category
- optional
- Description
- The client's original IP address is inserted into an HTTP request header sent to the server. Servers may use this address for logging or other purposes, rather than Avi's source NAT address used in the Avi to server IP connection.
- Default
- True
xff_alternate_name
- Type
- string
- Category
- optional
- Description
- Provide a custom name for the X-Forwarded-For header sent to the servers.
- Default
- X-Forwarded-For
ssl_everywhere_enabled
- Type
- bool
- Category
- optional
- Description
- Enable common settings to increase the level of security for virtual services running HTTP and HTTPS. For sites that are HTTP only, these settings will have no effect.
- Default
- False
hsts_enabled
- Type
- bool
- Category
- optional
- Description
- Inserts HTTP Strict-Transport-Security header in the HTTPS response. HSTS can help mitigate man-in-the-middle attacks by telling browsers that support HSTS that they should only access this site via HTTPS.
- Default
- False
hsts_max_age
- Type
- uint64
- Category
- optional
- Description
- Number of days for which the client should regard this virtual service as a known HSTS host.
- Default
- 365
secure_cookie_enabled
- Type
- bool
- Category
- optional
- Description
- Mark server cookies with the 'Secure' attribute. Client browsers will not send a cookie marked as secure over an unencrypted connection. If Avi is terminating SSL from clients and passing it as HTTP to the server, the server may return cookies without the secure flag set.
- Default
- False
httponly_enabled
- Type
- bool
- Category
- optional
- Description
- Mark HTTP cookies as HTTPonly. This helps mitigate cross site scripting attacks as browsers will not allow these cookies to be read by third parties, such as javascript.
- Default
- False
http_to_https
- Type
- bool
- Category
- optional
- Description
- Client requests received via HTTP will be redirected to HTTPS.
- Default
- False
server_side_redirect_to_https
- Type
- bool
- Category
- optional
- Description
- When terminating client SSL sessions at Avi, servers may incorrectly send redirect to clients as HTTP. This option will rewrite the server's redirect responses for this virtual service from HTTP to HTTPS.
- Default
- False
x_forwarded_proto_enabled
- Type
- bool
- Category
- optional
- Description
- Insert an X-Forwarded-Proto header in the request sent to the server. When the client connects via SSL, Avi terminates the SSL, and then forwards the requests to the servers via HTTP, so the servers can determine the original protocol via this header. In this example, the value will be 'https'.
- Default
- False
compression_profile
- Type
- CompressionProfile
- Category
- optional
- Description
- HTTP Compression settings to use with this HTTP Profile.
spdy_enabled
- Type
- bool
- Category
- optional
- Description
- Enable SPDY proxy for traffic from clients to the virtual service. SPDY requires SSL from the clients to Avi. Avi ADC will proxy the SPDY protocol, and forward requests to servers as HTTP 1.1.
- Default
- False
spdy_fwd_proxy_mode
- Type
- bool
- Category
- optional
- Description
- Enable fwd proxy mode with SPDY. This makes the Proxy combine the :host and :uri spdy headers to create a fwd-proxy style request URI
- Default
- False
post_accept_timeout
- Type
- int32
- Category
- optional
- Description
- The max allowed length of time between a client establishing a TCP connection until Avi receives the first byte of the client's HTTP request.
- Default
- 30000
client_header_timeout
- Type
- int32
- Category
- optional
- Description
- The maximum length of time allowed for a client to transmit an entire request header. This helps mitigate various forms of SlowLoris attacks.
- Default
- 10000
client_body_timeout
- Type
- int32
- Category
- optional
- Description
- The maximum length of time allowed between consecutive read operations for a client request body. The value '0' specifies no timeout. This setting generally impacts the length of time allowed for a client to send a POST.
- Default
- 30000
keepalive_timeout
- Type
- int32
- Category
- optional
- Description
- The max idle time allowed between HTTP requests over a Keep-alive connection.
- Default
- 30000
client_max_header_size
- Type
- int32
- Category
- optional
- Description
- Maximum size in Kbytes of a single HTTP header in the client request.
- Units
- kb
- Default
- 12
client_max_request_size
- Type
- int32
- Category
- optional
- Description
- Maximum size in Kbytes of all the client HTTP request headers.
- Units
- kb
- Default
- 48
client_max_body_size
- Type
- Unknown
- Category
- optional
- Description
- Maximum size for the client request body. This limits the size of the client data that can be uploaded/posted as part of a single HTTP Request. Default 0 => Unlimited.
- Units
- kb
- Default
- 0
cache_config
- Type
- HttpCacheConfig
- Category
- optional
- Description
- HTTP Caching config to use with this HTTP Profile.
max_rps_unknown_uri
- Type
- uint32
- Category
- optional
- Description
- Maximum unknown URIs per second.
- Default
- 0
max_rps_cip
- Type
- uint32
- Category
- optional
- Description
- Maximum requests per second per client IP.
- Default
- 0
max_rps_uri
- Type
- uint32
- Category
- optional
- Description
- Maximum requests per second per URI.
- Default
- 0
max_rps_cip_uri
- Type
- uint32
- Category
- optional
- Description
- Maximum requests per second per client IP and URI.
- Default
- 0
ssl_client_certificate_action
- Type
- SSLClientCertificateAction
- Category
- optional
- Description
- Set of match/action rules that govern what happens when the client certificate request is enabled
ssl_client_certificate_mode
- Type
- enum
- Category
- optional
- Description
- Specifies whether the client side verification is set to none, request or require.
- Default
- SSL_CLIENT_CERTIFICATE_NONE
- Choices
- SSL_CLIENT_CERTIFICATE_NONE, SSL_CLIENT_CERTIFICATE_REQUEST, SSL_CLIENT_CERTIFICATE_REQUIRE
pki_profile_ref
- Type
- Reference to PKIProfile
- Category
- optional
- Description
- Select the PKI profile to be associated with the Virtual Service. This profile defines the Certificate Authority and Revocation List.
websockets_enabled
- Type
- bool
- Category
- optional
- Description
- Enable Websockets proxy for traffic from clients to the virtual service. Connections to this VS start in HTTP mode. If the client requests an Upgrade to Websockets, and the server responds back with success, then the connection is upgraded to WebSockets mode.
- Default
- True
max_rps_unknown_cip
- Type
- uint32
- Category
- optional
- Description
- Maximum unknown client IPs per second.
- Default
- 0
max_bad_rps_cip
- Type
- uint32
- Category
- optional
- Description
- Maximum bad requests per second per client IP.
- Default
- 0
max_bad_rps_uri
- Type
- uint32
- Category
- optional
- Description
- Maximum bad requests per second per URI.
- Default
- 0
max_bad_rps_cip_uri
- Type
- uint32
- Category
- optional
- Description
- Maximum bad requests per second per client IP and URI.
- Default
- 0
keepalive_header
- Type
- bool
- Category
- optional
- Description
- Send HTTP 'Keep-Alive' header to the client. By default, the timeout specified in the 'Keep-Alive Timeout' field will be used unless the 'Use App Keepalive Timeout' flag is set, in which case the timeout sent by the application will be honored.
- Default
- False
use_app_keepalive_timeout
- Type
- bool
- Category
- optional
- Description
- Use 'Keep-Alive' header timeout sent by application instead of sending the HTTP Keep-Alive Timeout.
- Default
- False
allow_dots_in_header_name
- Type
- bool
- Category
- optional
- Description
- Allow use of dot (.) in HTTP header names, for instance Header.app.special: PickAppVersionX.
- Default
- False
disable_keepalive_posts_msie6
- Type
- bool
- Category
- optional
- Description
- Disable keep-alive client side connections for older browsers based off MS Internet Explorer 6.0 (MSIE6). For some applications, this might break NTLM authentication for older clients based off MSIE6. For such applications, set this option to false to allow keep-alive connections.
- Default
- True
enable_request_body_buffering
- Type
- bool
- Category
- optional
- Description
- Enable request body buffering for POST requests. If enabled, max buffer size is set to lower of 32M or the value (non-zero) configured in client_max_body_size.
- Default
- False
CompressionProfile
compression
- Type
- bool
- Category
- required
- Description
- Compress HTTP response content if it wasn't already compressed.
- Default
- False
remove_accept_encoding_header
- Type
- bool
- Category
- required
- Description
- Offload compression from the servers to AVI. Saves compute cycles on the servers.
- Default
- True
compressible_content_ref
- Type
- Reference to StringGroup
- Category
- optional
- Description
- Compress only content types listed in this string group. Content types not present in this list are not compressed.
- Default
- /api/stringgroup?name=System-Compressible-Content-Types
type
- Type
- enum
- Category
- required
- Description
- Compress content automatically or add custom filters to define compressible content and compression levels.
- Default
- AUTO_COMPRESSION
- Choices
- AUTO_COMPRESSION, CUSTOM_COMPRESSION
filter
- Type
- CompressionFilter
- Category
- repeated
- Description
- Custom filters used when auto compression is not selected.
CompressionFilter
name
- Type
- string
- Category
- required
- Description
index
- Type
- int32
- Category
- required
- Description
match
- Type
- enum
- Category
- optional
- Description
- Whether to apply Filter when group criteria is matched or not
- Default
- IS_IN
- Choices
- IS_IN, IS_NOT_IN
ip_addrs_ref
- Type
- Reference to IpAddrGroup
- Category
- optional
- Description
ip_addrs
- Type
- IpAddr
- Category
- repeated
- Description
ip_addr_ranges
- Type
- IpAddrRange
- Category
- repeated
- Description
ip_addr_prefixes
- Type
- IpAddrPrefix
- Category
- repeated
- Description
devices_ref
- Type
- Reference to StringGroup
- Category
- optional
- Description
user_agent
- Type
- string
- Category
- repeated
- Description
level
- Type
- enum
- Category
- required
- Description
- Default
- NORMAL_COMPRESSION
- Choices
- AGGRESSIVE_COMPRESSION, NORMAL_COMPRESSION, NO_COMPRESSION
IpAddr
addr
- Type
- string
- Category
- required
- Description
- IP address
type
- Type
- enum
- Category
- required
- Description
- Choices
- V4, DNS
IpAddrRange
begin
- Type
- IpAddr
- Category
- required
- Description
- Starting IP address of the range
end
- Type
- IpAddr
- Category
- required
- Description
- Ending IP address of the range
IpAddrPrefix
ip_addr
- Type
- IpAddr
- Category
- required
- Description
mask
- Type
- int32
- Category
- required
- Description
HttpCacheConfig
enabled
- Type
- bool
- Category
- optional
- Description
- Enable/disable HTTP object caching.
- Default
- False
xcache_header
- Type
- bool
- Category
- optional
- Description
- Add an X-Cache header to content served from cache, which indicates to the client that the object was server from an intermediate cache.
- Default
- True
age_header
- Type
- bool
- Category
- optional
- Description
- Add an Age header to content served from cache, which indicates to the client the number of seconds the object has been in the cache.
- Default
- True
date_header
- Type
- bool
- Category
- optional
- Description
- If a Date header was not added by the server, add a Date header to the object served from cache. This indicates to the client when the object was originally sent by the server to the cache.
- Default
- True
min_object_size
- Type
- uint32
- Category
- optional
- Description
- Minimum size of an object to store in the cache.
- Default
- 100
max_object_size
- Type
- uint32
- Category
- optional
- Description
- Maximum size of an object to store in the cache.
- Default
- 4194304
default_expire
- Type
- uint32
- Category
- optional
- Description
- Default expiration time of cache objects received from the server without a Cache-Control expiration header. This value may be overwritten by the Heuristic Expire setting.
- Default
- 600
heuristic_expire
- Type
- bool
- Category
- optional
- Description
- If a response object from the server does not include the Cache-Control header, but does include a Last-Modified header, the system will use this time to calculate the Cache-Control expiration. If unable to solicit an Last-Modified header, then the system will fall back to the Cache Expire Time value.
- Default
- False
max_cache_size
- Type
- uint64
- Category
- optional
- Description
- Max size, in bytes, of the cache. The default, zero, indicates auto configuration.
- Default
- 0
query_cacheable
- Type
- bool
- Category
- optional
- Description
- Allow caching of objects whose URI included a query argument. When disabled, these objects are not cached. When enabled, the request must match the URI query to be considered a hit.
- Default
- False
mime_types_list
- Type
- string
- Category
- repeated
- Description
- Whitelist of cacheable mime types. If both Cacheable Mime Types string list and string group are empty, this defaults to */*
mime_types_group_refs
- Type
- Reference to StringGroup
- Category
- repeated
- Description
- Whitelist string group of cacheable mime types. If both Cacheable Mime Types string list and string group are empty, this defaults to */*
aggressive
- Type
- bool
- Category
- optional
- Description
- Enable/disable caching objects without Cache-Control headers
- Default
- False
mime_types_black_list
- Type
- string
- Category
- repeated
- Description
- Blacklist of non-cacheable mime types
mime_types_black_group_refs
- Type
- Reference to StringGroup
- Category
- repeated
- Description
- Blacklist string group of non-cacheable mime types
SSLClientCertificateAction
headers
- Type
- SSLClientRequestHeader
- Category
- repeated
- Description
close_connection
- Type
- bool
- Category
- optional
- Description
- Default
- False
DosRateLimitProfile
rl_profile
- Type
- RateLimiterProfile
- Category
- optional
- Description
- Profile for Connections/Requests rate limiting.
dos_profile
- Type
- DosThresholdProfile
- Category
- optional
- Description
- Profile for DoS attack detection.
RateLimiterProfile
client_ip_connections_rate_limit
- Type
- RateProfile
- Category
- optional
- Description
- Rate Limit all connections made from any single client IP address to the Virtual Service.
client_ip_requests_rate_limit
- Type
- RateProfile
- Category
- optional
- Description
- Rate Limit all HTTP requests from any single client IP address to all URLs of the Virtual Service.
uri_requests_rate_limit
- Type
- RateProfile
- Category
- optional
- Description
- Rate Limit all HTTP requests from all client IP addresses to any single URL.
client_ip_to_uri_requests_rate_limit
- Type
- RateProfile
- Category
- optional
- Description
- Rate Limit all HTTP requests from any single client IP address to any single URL.
client_ip_failed_requests_rate_limit
- Type
- RateProfile
- Category
- optional
- Description
- Rate Limit all requests from a client for a specified period of time once the count of failed requests from that client crosses a threshold for that period. Clients are tracked based on their IP address. Count and time period are specified through the RateProfile. Requests are deemed failed based on client or server side error status codes, consistent with how Avi Logs and Metrics subsystems mark failed requests.
uri_failed_requests_rate_limit
- Type
- RateProfile
- Category
- optional
- Description
- Rate Limit all requests to a URI for a specified period of time once the count of failed requests to that URI crosses a threshold for that period. Count and time period are specified through the RateProfile. Requests are deemed failed based on client or server side error status codes, consistent with how Avi Logs and Metrics subsystems mark failed requests.
client_ip_to_uri_failed_requests_rate_limit
- Type
- RateProfile
- Category
- optional
- Description
- Rate Limit all requests from a client to a URI for a specified period of time once the count of failed requests from that client to the URI crosses a threshold for that period. Clients are tracked based on their IP address. Count and time period are specified through the RateProfile. Requests are deemed failed based on client or server side error status codes, consistent with how Avi Logs and Metrics subsystems mark failed requests.
client_ip_scanners_requests_rate_limit
- Type
- RateProfile
- Category
- optional
- Description
- Automatically track clients and classify them into 3 groups - Good, Bad, Unknown. Clients are tracked based on their IP Address. Clients are added to the Good group when the Avi Scan Detection system builds history of requests from them that complete successfully. Clients are added to Unknown group when there is insufficient history about them. Requests from such clients are rate limited to the rate specified in the RateProfile. Finally, Clients with history of failed requests are added to Bad group and their requests are rate limited with stricter thresholds than the Unknown Clients group. The Avi Scan Detection system automatically tunes itself so that the Good, Bad, and Unknown client IPs group membership changes dynamically with the changes in traffic patterns through the ADC.
uri_scanners_requests_rate_limit
- Type
- RateProfile
- Category
- optional
- Description
- Automatically track URIs and classify them into 3 groups - Good, Bad, Unknown. URIs are added to the Good group when the Avi Scan Detection system builds history of requests to URIs that complete successfully. URIs are added to Unknown group when there is insufficient history about them. Requests for such URIs are rate limited to the rate specified in the RateProfile. Finally, URIs with history of failed requests are added to Bad group and requests to them are rate limited with stricter thresholds than the Unknown URIs group. The Avi Scan Detection system automatically tunes itself so that the Good, Bad, and Unknown URIs group membership changes dynamically with the changes in traffic patterns through the ADC.
http_header_rate_limits
- Type
- RateProfile
- Category
- repeated
- Description
- Rate Limit all HTTP requests from all client IP addresses that contain any single HTTP header value.
RateProfile
count
- Type
- int32
- Category
- optional
- Description
- Maximum number of connections or requests or packets
- Default
- 0
burst_sz
- Type
- int32
- Category
- optional
- Description
- Maximum number of connections or requests or packets to be let through instantaneously
- Default
- 0
period
- Type
- int32
- Category
- optional
- Description
- Time value in seconds to enforce rate count
- Units
- sec
- Default
- 1
explicit_tracking
- Type
- bool
- Category
- optional
- Description
- Explicitly tracks an attacker across rate periods
- Default
- False
fine_grain
- Type
- bool
- Category
- optional
- Description
- Enable fine granularity
- Default
- False
action
- Type
- RateLimiterAction
- Category
- optional
- Description
- Action to perform upon rate limiting
http_header
- Type
- string
- Category
- optional
- Description
- HTTP header name.
http_cookie
- Type
- string
- Category
- optional
- Description
- HTTP cookie name.
RateLimiterAction
type
- Type
- enum
- Category
- optional
- Description
- Type of action to be enforced upon hitting the rate limit.
- Default
- RL_ACTION_NONE
- Choices
- RL_ACTION_NONE, RL_ACTION_DROP_CONN, RL_ACTION_RESET_CONN, RL_ACTION_CLOSE_CONN, RL_ACTION_LOCAL_RSP, RL_ACTION_REDIRECT
redirect
- Type
- HTTPRedirectAction
- Category
- optional
- Description
- Parameters for HTTP Redirect rate limit action.
status_code
- Type
- enum
- Category
- optional
- Description
- HTTP status code for Local Response rate limit action.
- Default
- HTTP_LOCAL_RESPONSE_STATUS_CODE_429
- Choices
- HTTP_LOCAL_RESPONSE_STATUS_CODE_200, HTTP_LOCAL_RESPONSE_STATUS_CODE_403, HTTP_LOCAL_RESPONSE_STATUS_CODE_404, HTTP_LOCAL_RESPONSE_STATUS_CODE_429
file
- Type
- HTTPLocalFile
- Category
- optional
- Description
- File to be used for HTTP Local response rate limit action.
HTTPRedirectAction
protocol
- Type
- enum
- Category
- required
- Description
- Protocol type
- Choices
- HTTP, HTTPS
host
- Type
- URIParam
- Category
- optional
- Description
- Host config
port
- Type
- uint32
- Category
- optional
- Description
- Port to which redirect the request
path
- Type
- URIParam
- Category
- optional
- Description
- Path config
keep_query
- Type
- bool
- Category
- optional
- Description
- Keep or drop the query of the incoming request URI in the redirected URI
- Default
- True
status_code
- Type
- enum
- Category
- optional
- Description
- HTTP redirect status code
- Default
- HTTP_REDIRECT_STATUS_CODE_302
- Choices
- HTTP_REDIRECT_STATUS_CODE_301, HTTP_REDIRECT_STATUS_CODE_302, HTTP_REDIRECT_STATUS_CODE_307
URIParam
type
- Type
- enum
- Category
- required
- Description
- URI param type
- Choices
- URI_PARAM_TYPE_TOKENIZED
tokens
- Type
- URIParamToken
- Category
- repeated
- Description
- Token config either for the URI components or a constant string
URIParamToken
type
- Type
- enum
- Category
- required
- Description
- Token type for constructing the URI
- Choices
- URI_TOKEN_TYPE_HOST, URI_TOKEN_TYPE_PATH, URI_TOKEN_TYPE_STRING, URI_TOKEN_TYPE_STRING_GROUP, URI_TOKEN_TYPE_REGEX
start_index
- Type
- uint32
- Category
- optional
- Description
- Index of the starting token in the incoming URI
end_index
- Type
- uint32
- Category
- optional
- Description
- Index of the ending token in the incoming URI
str_value
- Type
- string
- Category
- optional
- Description
- Constant string to use as a token
HTTPLocalFile
content_type
- Type
- string
- Category
- required
- Description
- Mime-type of the content in the file.
file_content
- Type
- string
- Category
- required
- Description
- File content to used in the local HTTP response body.
DosThresholdProfile
thresh_period
- Type
- int32
- Category
- required
- Description
- Timer value in seconds to collect DoS attack metrics based on threshold on the Service Engine for this Virtual Service.
- Units
- sec
- Default
- 5
thresh_info
- Type
- DosThreshold
- Category
- repeated
- Description
- Attack type, min and max values for DoS attack detection.
DosThreshold
attack
- Type
- enum
- Category
- required
- Description
- Attack type.
- Choices
- LAND, SMURF, ICMP_PING_FLOOD, UNKOWN_PROTOCOL, TEARDROP, IP_FRAG_OVERRUN, IP_FRAG_TOOSMALL, IP_FRAG_FULL, IP_FRAG_INCOMPLETE, PORT_SCAN, TCP_NON_SYN_FLOOD_OLD, SYN_FLOOD, BAD_RST_FLOOD, MALFORMED_FLOOD, FAKE_SESSION, ZERO_WINDOW_STRESS, SMALL_WINDOW_STRESS, DOS_HTTP_TIMEOUT, DOS_HTTP_ERROR, DOS_HTTP_ABORT, DOS_SSL_ERROR, DOS_APP_ERROR, DOS_REQ_IP_RL_DROP, DOS_REQ_URI_RL_DROP, DOS_REQ_URI_SCAN_BAD_RL_DROP, DOS_REQ_URI_SCAN_UNKNOWN_RL_DROP, DOS_REQ_IP_URI_RL_DROP, DOS_CONN_IP_RL_DROP, DOS_SLOW_URL, TCP_NON_SYN_FLOOD, DOS_REQ_CIP_SCAN_BAD_RL_DROP, DOS_REQ_CIP_SCAN_UNKNOWN_RL_DROP, DOS_REQ_IP_RL_DROP_BAD, DOS_REQ_URI_RL_DROP_BAD, DOS_REQ_IP_URI_RL_DROP_BAD, POLICY_DROPS, DOS_CONN_RL_DROP, DOS_REQ_RL_DROP
min_value
- Type
- int32
- Category
- required
- Description
- Minimum number of packets or connections or requests in a given interval of time to be deemed as attack.
max_value
- Type
- int32
- Category
- required
- Description
- Maximum number of packets or connections or requests in a given interval of time to be deemed as attack.
TCPApplicationProfile
proxy_protocol_enabled
- Type
- bool
- Category
- optional
- Description
- Enable/Disable the usage of proxy protocol to convey client connection information to the back-end servers. Valid only for L4 application profiles and TCP proxy.
- Default
- False
proxy_protocol_version
- Type
- enum
- Category
- optional
- Description
- Version of proxy protocol to be used to convey client connection information to the back-end servers.
- Default
- PROXY_PROTOCOL_VERSION_1
- Choices
- PROXY_PROTOCOL_VERSION_1, PROXY_PROTOCOL_VERSION_2
DnsServiceApplicationProfile
num_dns_ip
- Type
- uint32
- Category
- optional
- Description
- Specifies the number of IP addresses returned by the DNS Service. Enter 0 to return all IP addresses
- Default
- 1
ttl
- Type
- uint32
- Category
- optional
- Description
- Specifies the TTL value (in seconds) for records served by DNS Service
- Units
- sec
- Default
- 30
error_response
- Type
- enum
- Category
- optional
- Description
- Drop or respond to client when the DNS service encounters an error processing a client query. By default, such a request is dropped without any response, or passed through to a passthrough pool, if configured. When set to respond, an appropriate response is sent to client, e.g. NXDOMAIN response for non-existent records, empty NOERROR response for unsupported queries, etc.
- Default
- DNS_ERROR_RESPONSE_NONE
- Choices
- DNS_ERROR_RESPONSE_ERROR, DNS_ERROR_RESPONSE_NONE
domain_names
- Type
- string
- Category
- repeated
- Description
- Subdomain names serviced by this Virtual Service. These are configured as Ends-With semantics
edns
- Type
- bool
- Category
- optional
- Description
- Enable DNS service to be aware of EDNS (Extension mechanism for DNS). EDNS extensions are parsed and shown in logs. For GSLB services, the EDNS subnet option can be used to influence Load Balancing.
- Default
- False
dns_over_tcp_enabled
- Type
- bool
- Category
- optional
- Description
- Enable DNS query/response over TCP. This enables analytics for pass-through queries as well.
- Default
- True
aaaa_empty_response
- Type
- bool
- Category
- optional
- Description
- Respond to AAAA queries with empty response when there are only IPV4 records
- Default
- True