APIRef_tm_security_dos_profile_dos-network¶
mgmt/tm/security/dos/profile/dos-network
REST Endpoints
- Collection URI
/mgmt/tm/security/dos/profile/dos-network- Collection Methods
OPTIONS, GET- Resource URI
/mgmt/tm/security/dos/profile/dos-network/~resource id- Resource Methods
OPTIONS, GET, PUT, PATCH, DELETE, POST- Resource Natural Key
name, partition, subPath
Properties
| Name | Type | Default Value | Required | Access | Description |
|---|---|---|---|---|---|
appService |
string | optional | read/write | ||
behavioralAnalysis |
string | disabled | optional | read/write | Enables/Disables Behavioral DoS Analysis. |
Structures
| Name | Type | Default Value | Required | Access | Description |
|---|---|---|---|---|---|
/dynamic-signatures |
array_structure | optional | read/write | ||
/dynamic-signatures/detection |
string | disabled | optional | read/write | Specifies the detection mode for dynamic signatures feature at virtual server level where this profile is attached. |
/dynamic-signatures/mitigation |
string | none | optional | read/write | Specifies the mitigation mode for dynamic signatures feature at virtual server level where this profile is attached. |
/dynamic-signatures/scrubber-advertisement-period |
integer | 300 | optional | read/write | Specifies the advertisement period for which the attack traffic is scrubbed. Default is 300 seconds. |
/dynamic-signatures/scrubber-category |
string | optional | read/write | Specifies the IP Intelligence category used for scrubbing the attack traffic upon dynamic signature match that constitutes destination IP address component. Default category is ‘attacked_ips’. | |
/dynamic-signatures/scrubber-enable |
string | no | optional | read/write | Enables scrubbing the attack traffic feature upon dynamic signature match. Default is ‘no’ (disabled). |
/dynamic-signatures/detection |
string | disabled | optional | read/write | Specifies the detection mode for dynamic signatures feature at virtual server level where this profile is attached. |
/dynamic-signatures/mitigation |
string | none | optional | read/write | Specifies the mitigation mode for dynamic signatures feature at virtual server level where this profile is attached. |
/dynamic-signatures/scrubber-advertisement-period |
integer | 300 | optional | read/write | Specifies the advertisement period for which the attack traffic is scrubbed. Default is 300 seconds. |
/dynamic-signatures/scrubber-category |
string | optional | read/write | Specifies the IP Intelligence category used for scrubbing the attack traffic upon dynamic signature match that constitutes destination IP address component. Default category is ‘attacked_ips’. | |
/dynamic-signatures/scrubber-enable |
string | no | optional | read/write | Enables scrubbing the attack traffic feature upon dynamic signature match. Default is ‘no’ (disabled). |
Array Structures
| Name | Type | Default Value | Required | Access | Description |
|---|---|---|---|---|---|
/network-attack-vector |
array_structure | optional | read/write | ||
/network-attack-vector/allow-advertisement |
string | disabled | optional | read/write | |
/network-attack-vector/app-service |
string | optional | read/write | The application service that the object belongs to. | |
/network-attack-vector/auto-blacklisting |
string | disabled | optional | read/write | Enables automatic blacklisting of offending IPs |
/network-attack-vector/auto-threshold |
string | disabled | optional | read/write | Enables the auto mode for dos detection and mitigation |
/network-attack-vector/bad-actor |
string | disabled | optional | read/write | Enables bad actor detection and mitigation |
/network-attack-vector/blacklist-category |
string | optional | read/write | Blacklist category (of IP intelligence) to which this IP should be added. | |
/network-attack-vector/blacklist-detection-seconds |
integer | 60 | optional | read/write | Duration in seconds for which the IP has been offending. |
/network-attack-vector/blacklist-duration |
integer | 14400 | optional | read/write | Duration in seconds for which this IP should be blocked. |
/network-attack-vector/ceiling |
string | 2147483647 | optional | read/write | Option to set a max value(default = default-internal-rate-threshold * 2) for default-internal-rate-threshold for the vector |
/network-attack-vector/enforce |
string | enabled | optional | read/write | Enable or disable packet drop action and DOS detection for this attack type |
/network-attack-vector/floor |
string | 100 | optional | read/write | Option to set a min value(default = detection-threshold-pps/2) for Detection Threshold for the vector |
/network-attack-vector/packet-types |
string | optional | read/write | Type of packets that will be classified as Sweep attack | |
/network-attack-vector/per-source-ip-detection-pps |
string | 2147483647 | optional | read/write | Attack detection threshold (pps) per source IP |
/network-attack-vector/per-source-ip-limit-pps |
string | 2147483647 | optional | read/write | Attack mitigation threshold (pps) per source IP |
/network-attack-vector/rate-increase |
integer | 500 | optional | read/write | Rate increase (percent increase) for DoS attack detection for the specified Network DoS Attack Type |
/network-attack-vector/rate-limit |
integer | 2147483647 | optional | read/write | Rate limit for the specified Network DoS Attack Type |
/network-attack-vector/rate-threshold |
integer | 2147483647 | optional | read/write | Rate threshold for DoS attack detection for the specified Network DoS Attack Type |
/network-attack-vector/simulate-auto-threshold |
string | disabled | optional | read/write | Option to enable/disable auto-threshold simulation by generating logs |
Copyright (c) 2016, F5 Networks Inc. All Rights Reserved.
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.