HTTPPolicySet

Description

API


    POST /api/httppolicyset
    PUT /api/httppolicyset/<key>
    DELETE /api/httppolicyset/<key>
    GET /api/httppolicyset
    GET /api/httppolicyset/<key>

CLI


    configure httppolicyset <key>
    show httppolicyset <key>

Data

HTTPPolicySet

uuid

Type
string
Category
required
Description
UUID of the HTTP Policy Set

name

Type
string
Category
required
Description
Name of the HTTP Policy Set

http_security_policy

Type
HTTPSecurityPolicy
Category
optional
Description
HTTP security policy for the virtual service.

http_request_policy

Type
HTTPRequestPolicy
Category
optional
Description
HTTP request policy for the virtual service.

http_response_policy

Type
HTTPResponsePolicy
Category
optional
Description
HTTP response policy for the virtual service.

created_by

Type
string
Category
optional
Description
Creator name

cloud_config_cksum

Type
string
Category
optional
Description
Checksum of cloud configuration for Pool. Internally set by cloud connector

is_internal_policy

Type
bool
Category
optional
Description
Default
False

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
required
Description

HTTPSecurityPolicy

rules

Type
HTTPSecurityRule
Category
repeated
Description
Add rules to the HTTP security policy

HTTPSecurityRule

name

Type
string
Category
required
Description
Name of the rule

index

Type
int32
Category
required
Description
Index of the rule

enable

Type
bool
Category
required
Description
Enable or disable the rule
Default
True

match

Type
MatchTarget
Category
optional
Description
Add match criteria to the rule

action

Type
HTTPSecurityAction
Category
optional
Description
Action to be performed upon successful matching

log

Type
bool
Category
optional
Description
Log HTTP request upon rule match

MatchTarget

client_ip

Type
IpAddrMatch
Category
optional
Description
Configure client ip addresses

vs_port

Type
PortMatch
Category
optional
Description
Configure virtual service ports

protocol

Type
ProtocolMatch
Category
optional
Description
Configure the type of HTTP protocol

method

Type
MethodMatch
Category
optional
Description
Configure HTTP methods

version

Type
HTTPVersionMatch
Category
optional
Description
Configure versions of the HTTP protocol

path

Type
PathMatch
Category
optional
Description
Configure request paths

query

Type
QueryMatch
Category
optional
Description
Configure request query

hdrs

Type
HdrMatch
Category
repeated
Description
Configure HTTP header(s)

cookie

Type
CookieMatch
Category
optional
Description
Configure HTTP cookie(s)

host_hdr

Type
HostHdrMatch
Category
optional
Description
Configure the host header

IpAddrMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for IP address matching the HTTP request
Choices
IS_IN, IS_NOT_IN

addrs

Type
IpAddr
Category
repeated
Description
IP address(es)

ranges

Type
IpAddrRange
Category
repeated
Description
IP address range(s)

prefixes

Type
IpAddrPrefix
Category
repeated
Description
IP address prefix(es)

group_refs

Type
Reference to IpAddrGroup
Category
repeated
Description
UUID of IP address group(s)

IpAddr

addr

Type
string
Category
required
Description
IP address

type

Type
enum
Category
required
Description
Choices
V4, DNS

IpAddrRange

begin

Type
IpAddr
Category
required
Description
Starting IP address of the range

end

Type
IpAddr
Category
required
Description
Ending IP address of the range

IpAddrPrefix

ip_addr

Type
IpAddr
Category
required
Description

mask

Type
int32
Category
required
Description

PortMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for port matching the HTTP request
Choices
IS_IN, IS_NOT_IN

ports

Type
uint32
Category
repeated
Description
Listening TCP port(s)

ProtocolMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for protocol matching the HTTP request
Choices
IS_IN, IS_NOT_IN

protocols

Type
enum
Category
required
Description
HTTP or HTTPS protocol
Choices
HTTP, HTTPS

MethodMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for HTTP method matching the method in the HTTP request
Choices
IS_IN, IS_NOT_IN

methods

Type
enum
Category
repeated
Description
Configure HTTP method(s)
Choices
HTTP_METHOD_GET, HTTP_METHOD_HEAD, HTTP_METHOD_PUT, HTTP_METHOD_DELETE, HTTP_METHOD_POST, HTTP_METHOD_OPTIONS, HTTP_METHOD_TRACE

HTTPVersionMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for HTTP version matching the version used in the HTTP request
Choices
IS_IN, IS_NOT_IN

versions

Type
enum
Category
repeated
Description
HTTP protocol version
Choices
ZERO_NINE, ONE_ZERO, ONE_ONE

PathMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for matching the path in the HTTP request URI
Choices
BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH

match_case

Type
enum
Category
optional
Description
Case sensitivity to use for the matching
Default
INSENSITIVE
Choices
SENSITIVE, INSENSITIVE

match_str

Type
string
Category
repeated
Description
String values

string_group_refs

Type
Reference to StringGroup
Category
repeated
Description
UUID of the string group(s)

QueryMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for matching the query in HTTP request URI
Choices
QUERY_MATCH_CONTAINS

match_case

Type
enum
Category
optional
Description
Case sensitivity to use for the match
Default
INSENSITIVE
Choices
SENSITIVE, INSENSITIVE

match_str

Type
string
Category
repeated
Description
String value(s)

string_group_refs

Type
Reference to StringGroup
Category
repeated
Description
UUID of the string group(s)

HdrMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for matching headers in the HTTP request
Choices
HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL

hdr

Type
string
Category
required
Description
Name of the HTTP header whose value is to be matched

match_case

Type
enum
Category
optional
Description
Case sensitivity to use for the match
Default
INSENSITIVE
Choices
SENSITIVE, INSENSITIVE

value

Type
string
Category
repeated
Description
String values to match in the HTTP header

CookieMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for matching the cookie in the HTTP request
Choices
HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL

name

Type
string
Category
required
Description
Name of the cookie

match_case

Type
enum
Category
optional
Description
Case sensitivity to use for the match
Default
INSENSITIVE
Choices
SENSITIVE, INSENSITIVE

value

Type
string
Category
optional
Description
String value in the cookie

HostHdrMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for the host header value match
Choices
HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL

match_case

Type
enum
Category
optional
Description
Case sensitivity to use for the match
Default
INSENSITIVE
Choices
SENSITIVE, INSENSITIVE

value

Type
string
Category
repeated
Description
String value(s) in the host header

HTTPSecurityAction

action

Type
enum
Category
required
Description
Type of the security action to perform
Choices
HTTP_SECURITY_ACTION_CLOSE_CONN, HTTP_SECURITY_ACTION_SEND_RESPONSE, HTTP_SECURITY_ACTION_ALLOW, HTTP_SECURITY_ACTION_REDIRECT_TO_HTTPS, HTTP_SECURITY_ACTION_RATE_LIMIT

status_code

Type
enum
Category
optional
Description
HTTP status code to use for local response
Choices
HTTP_LOCAL_RESPONSE_STATUS_CODE_200, HTTP_LOCAL_RESPONSE_STATUS_CODE_403, HTTP_LOCAL_RESPONSE_STATUS_CODE_404, HTTP_LOCAL_RESPONSE_STATUS_CODE_429

https_port

Type
uint32
Category
optional
Description
Secure SSL/TLS port to redirect the HTTP request to

file

Type
HTTPLocalFile
Category
optional
Description
File to be used for generating HTTP local response

rate_limit

Type
RateProfile
Category
optional
Description
Rate Limit profile to be used to rate-limit the flow

HTTPLocalFile

content_type

Type
string
Category
required
Description
Mime-type of the content in the file.

file_content

Type
string
Category
required
Description
File content to used in the local HTTP response body.

RateProfile

count

Type
int32
Category
optional
Description
Maximum number of connections or requests or packets
Default
0

burst_sz

Type
int32
Category
optional
Description
Maximum number of connections or requests or packets to be let through instantaneously
Default
0

period

Type
int32
Category
optional
Description
Time value in seconds to enforce rate count
Units
sec
Default
1

explicit_tracking

Type
bool
Category
optional
Description
Explicitly tracks an attacker across rate periods
Default
False

fine_grain

Type
bool
Category
optional
Description
Enable fine granularity
Default
False

action

Type
RateLimiterAction
Category
optional
Description
Action to perform upon rate limiting

http_header

Type
string
Category
optional
Description
HTTP header name.

http_cookie

Type
string
Category
optional
Description
HTTP cookie name.

RateLimiterAction

type

Type
enum
Category
optional
Description
Type of action to be enforced upon hitting the rate limit.
Default
RL_ACTION_NONE
Choices
RL_ACTION_NONE, RL_ACTION_DROP_CONN, RL_ACTION_RESET_CONN, RL_ACTION_CLOSE_CONN, RL_ACTION_LOCAL_RSP, RL_ACTION_REDIRECT

redirect

Type
HTTPRedirectAction
Category
optional
Description
Parameters for HTTP Redirect rate limit action.

status_code

Type
enum
Category
optional
Description
HTTP status code for Local Response rate limit action.
Default
HTTP_LOCAL_RESPONSE_STATUS_CODE_429
Choices
HTTP_LOCAL_RESPONSE_STATUS_CODE_200, HTTP_LOCAL_RESPONSE_STATUS_CODE_403, HTTP_LOCAL_RESPONSE_STATUS_CODE_404, HTTP_LOCAL_RESPONSE_STATUS_CODE_429

file

Type
HTTPLocalFile
Category
optional
Description
File to be used for HTTP Local response rate limit action.

HTTPRedirectAction

protocol

Type
enum
Category
required
Description
Protocol type
Choices
HTTP, HTTPS

host

Type
URIParam
Category
optional
Description
Host config

port

Type
uint32
Category
optional
Description
Port to which redirect the request

path

Type
URIParam
Category
optional
Description
Path config

keep_query

Type
bool
Category
optional
Description
Keep or drop the query of the incoming request URI in the redirected URI
Default
True

status_code

Type
enum
Category
optional
Description
HTTP redirect status code
Default
HTTP_REDIRECT_STATUS_CODE_302
Choices
HTTP_REDIRECT_STATUS_CODE_301, HTTP_REDIRECT_STATUS_CODE_302, HTTP_REDIRECT_STATUS_CODE_307

URIParam

type

Type
enum
Category
required
Description
URI param type
Choices
URI_PARAM_TYPE_TOKENIZED

tokens

Type
URIParamToken
Category
repeated
Description
Token config either for the URI components or a constant string

URIParamToken

type

Type
enum
Category
required
Description
Token type for constructing the URI
Choices
URI_TOKEN_TYPE_HOST, URI_TOKEN_TYPE_PATH, URI_TOKEN_TYPE_STRING, URI_TOKEN_TYPE_STRING_GROUP, URI_TOKEN_TYPE_REGEX

start_index

Type
uint32
Category
optional
Description
Index of the starting token in the incoming URI

end_index

Type
uint32
Category
optional
Description
Index of the ending token in the incoming URI

str_value

Type
string
Category
optional
Description
Constant string to use as a token

HTTPRequestPolicy

rules

Type
HTTPRequestRule
Category
repeated
Description
Add rules to the HTTP request policy

HTTPRequestRule

name

Type
string
Category
required
Description
Name of the rule

index

Type
int32
Category
required
Description
Index of the rule

enable

Type
bool
Category
required
Description
Enable or disable the rule
Default
True

match

Type
MatchTarget
Category
optional
Description
Add match criteria to the rule

redirect_action

Type
HTTPRedirectAction
Category
optional
Description
HTTP redirect action

hdr_action

Type
HTTPHdrAction
Category
repeated
Description
HTTP header rewrite action

rewrite_url_action

Type
HTTPRewriteURLAction
Category
optional
Description
HTTP request URL rewrite action

switching_action

Type
HTTPSwitchingAction
Category
optional
Description
Content switching action

log

Type
bool
Category
optional
Description
Log HTTP request upon rule match

all_headers

Type
bool
Category
optional
Description
Log all HTTP headers upon rule match

HTTPHdrAction

action

Type
enum
Category
required
Description
ADD: A new header with the new value is added irrespective of the existence of an HTTP header of the given name. REPLACE: A new header with the new value is added if no header of the given name exists, else existing headers with the given name are removed and a new header with the new value is added. REMOVE: All the headers of the given name are removed.
Choices
HTTP_ADD_HDR, HTTP_REMOVE_HDR, HTTP_REPLACE_HDR

hdr

Type
HTTPHdrData
Category
optional
Description
HTTP header information

cookie

Type
HTTPCookieData
Category
optional
Description
Cookie information

HTTPHdrData

name

Type
string
Category
optional
Description
HTTP header name

value

Type
HTTPHdrValue
Category
optional
Description
HTTP header value

HTTPHdrValue

var

Type
enum
Category
optional
Description
Variable
Choices
HTTP_POLICY_VAR_CLIENT_IP, HTTP_POLICY_VAR_VS_PORT, HTTP_POLICY_VAR_VS_IP, HTTP_POLICY_VAR_HTTP_HDR, HTTP_POLICY_VAR_SSL_CLIENT_FINGERPRINT, HTTP_POLICY_VAR_SSL_CLIENT_SERIAL, HTTP_POLICY_VAR_SSL_CLIENT_ISSUER, HTTP_POLICY_VAR_SSL_CLIENT_SUBJECT, HTTP_POLICY_VAR_SSL_CLIENT_RAW, HTTP_POLICY_VAR_SSL_PROTOCOL, HTTP_POLICY_VAR_SSL_SERVER_NAME, HTTP_POLICY_VAR_USER_NAME, HTTP_POLICY_VAR_SSL_CIPHER

val

Type
string
Category
optional
Description
HTTP header value or variable representing an HTTP header

HTTPCookieData

name

Type
string
Category
optional
Description
Cookie name

value

Type
string
Category
optional
Description
Cookie value

HTTPRewriteURLAction

host_hdr

Type
URIParam
Category
optional
Description
Host config

path

Type
URIParam
Category
optional
Description
Path config

query

Type
URIParamQuery
Category
optional
Description
Query config

URIParamQuery

keep_query

Type
bool
Category
optional
Description
Use or drop the query of the incoming request URI in the request URI to the backend server
Default
True

add_string

Type
string
Category
optional
Description
Concatenate a string to the query of the incoming request URI and then use it in the request URI going to the backend server

HTTPSwitchingAction

action

Type
enum
Category
required
Description
Content switching action type
Choices
HTTP_SWITCHING_SELECT_POOL, HTTP_SWITCHING_SELECT_LOCAL, HTTP_SWITCHING_SELECT_POOLGROUP

pool_ref

Type
Reference to Pool
Category
optional
Description
UUID of the pool of servers to serve the request

status_code

Type
enum
Category
optional
Description
HTTP status code to use when serving local response
Choices
HTTP_LOCAL_RESPONSE_STATUS_CODE_200, HTTP_LOCAL_RESPONSE_STATUS_CODE_403, HTTP_LOCAL_RESPONSE_STATUS_CODE_404, HTTP_LOCAL_RESPONSE_STATUS_CODE_429

file

Type
HTTPLocalFile
Category
optional
Description
File from which to serve local response to the request

server

Type
PoolServer
Category
optional
Description
Specific pool server to select

pool_group_ref

Type
Reference to PoolGroup
Category
optional
Description
UUID of the pool group to serve the request

PoolServer

ip

Type
IpAddr
Category
required
Description
IP address of the server in the poool

hostname

Type
string
Category
optional
Description
DNS resolvable name of the server. May be used in place of the IP address.

port

Type
uint32
Category
optional
Description
Port of the pool server listening for HTTP/HTTPS. Default value is the default port in the pool.

HTTPResponsePolicy

rules

Type
HTTPResponseRule
Category
repeated
Description
Add rules to the HTTP response policy

HTTPResponseRule

name

Type
string
Category
required
Description
Name of the rule

index

Type
int32
Category
required
Description
Index of the rule

enable

Type
bool
Category
required
Description
Enable or disable the rule
Default
True

match

Type
ResponseMatchTarget
Category
optional
Description
Add match criteria to the rule

hdr_action

Type
HTTPHdrAction
Category
repeated
Description
HTTP header rewrite action

loc_hdr_action

Type
HTTPRewriteLocHdrAction
Category
optional
Description
Location header rewrite action

log

Type
bool
Category
optional
Description
Log HTTP request upon rule match

all_headers

Type
bool
Category
optional
Description
Log all HTTP headers upon rule match

ResponseMatchTarget

client_ip

Type
IpAddrMatch
Category
optional
Description
Configure client ip addresses

vs_port

Type
PortMatch
Category
optional
Description
Configure virtual service ports

protocol

Type
ProtocolMatch
Category
optional
Description
Configure the type of HTTP protocol

method

Type
MethodMatch
Category
optional
Description
Configure HTTP methods

version

Type
HTTPVersionMatch
Category
optional
Description
Configure versions of the HTTP protocol

path

Type
PathMatch
Category
optional
Description
Configure request paths

query

Type
QueryMatch
Category
optional
Description
Configure request query

hdrs

Type
HdrMatch
Category
repeated
Description
Configure HTTP headers

cookie

Type
CookieMatch
Category
optional
Description
Configure HTTP cookie(s)

host_hdr

Type
HostHdrMatch
Category
optional
Description
Configure the host header

loc_hdr

Type
LocationHdrMatch
Category
optional
Description
Configure the location header

status

Type
HTTPStatusMatch
Category
optional
Description
Configure the HTTP status code(s)

rsp_hdrs

Type
HdrMatch
Category
repeated
Description
Configure the HTTP headers in response

LocationHdrMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for matching location header value in the HTTP response
Choices
HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL

match_case

Type
enum
Category
optional
Description
Case sensitivity to use for the match
Default
INSENSITIVE
Choices
SENSITIVE, INSENSITIVE

value

Type
string
Category
repeated
Description
String value(s) in the location header

HTTPStatusMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for matching the HTTP response status code(s)
Choices
IS_IN, IS_NOT_IN

status_codes

Type
int32
Category
repeated
Description
HTTP response status code(s)

ranges

Type
HTTPStatusRange
Category
repeated
Description
HTTP response status code range(s)

HTTPStatusRange

begin

Type
int32
Category
required
Description
Starting HTTP response status code

end

Type
int32
Category
required
Description
Ending HTTP response status code

HTTPRewriteLocHdrAction

protocol

Type
enum
Category
required
Description
HTTP protocol type
Choices
HTTP, HTTPS

port

Type
uint32
Category
optional
Description
Port to use in the redirected URI

host

Type
URIParam
Category
optional
Description
Host config

path

Type
URIParam
Category
optional
Description
Path config

keep_query

Type
bool
Category
optional
Description
Keep or drop the query from the server side redirect URI
Default
True

References

PoolGroup IpAddrGroup Pool StringGroup Tenant

Sub Objects