APIRef_tm_security_dos_profile_protocol-dns

mgmt/tm/security/dos/profile/protocol-dns

/tm/security/dos

REST Endpoints

Collection URI
/mgmt/tm/security/dos/profile/protocol-dns
Collection Methods
OPTIONS, GET
Resource URI
/mgmt/tm/security/dos/profile/protocol-dns/~resource id
Resource Methods
OPTIONS, GET, PUT, PATCH, DELETE, POST
Resource Natural Key
name, partition, subPath

Properties

Name Type Default Value Required Access Description
appService string   optional read/write  
protErrAtckRateIncr integer 500 optional read/write (Deprecated) Sets the protocol error attack rate increase value.
protErrAtckRateLimit integer 10000 optional read/write (Deprecated) Sets the protocol error attack rate limit.
protErrAtckRateThreshold integer 1000 optional read/write (Deprecated) Sets the protocol error attack rate threshold.
protErrAttackDetection string disabled optional read/write (Deprecated) Enables or disables DNS protocol error detection (eg: Malformed or Malicious DNS packets)

Array Structures

Name Type Default Value Required Access Description
/dns-query-vector array_structure   optional read/write  
/dns-query-vector/allow-advertisement string disabled optional read/write  
/dns-query-vector/app-service string   optional read/write The application service that the object belongs to.
/dns-query-vector/auto-blacklisting string disabled optional read/write Enables automatic blacklisting of offending IPs
/dns-query-vector/auto-threshold string disabled optional read/write Enables the auto mode for dos detection and mitigation
/dns-query-vector/bad-actor string disabled optional read/write Enables bad actor detection and mitigation
/dns-query-vector/blacklist-category string   optional read/write Blacklist category (of IP intelligence) to which this IP should be added.
/dns-query-vector/blacklist-detection-seconds integer 60 optional read/write Duration in seconds for which the IP has been offending.
/dns-query-vector/blacklist-duration integer 14400 optional read/write Duration in seconds for which this IP should be blocked.
/dns-query-vector/ceiling string 2147483647 optional read/write Option to set a max value(default = default-internal-rate-threshold * 2) for default-internal-rate-threshold for the vector
/dns-query-vector/enforce string enabled optional read/write Enable or disable the packet drop action and DOS detection for this attack type
/dns-query-vector/floor string 100 optional read/write Option to set a min value(default = detection-threshold-pps/2) for Detection Threshold for the vector
/dns-query-vector/per-source-ip-detection-pps string 2147483647 optional read/write Attack detection threshold (pps) per source IP
/dns-query-vector/per-source-ip-limit-pps string 2147483647 optional read/write Attack mitigation threshold (pps) per source IP
/dns-query-vector/rate-increase integer 500 optional read/write Rate increase for DoS attack detection for the specified DNS query
/dns-query-vector/rate-limit integer 2147483647 optional read/write Rate limit for the specified DNS query (packets per-second)
/dns-query-vector/rate-threshold integer 2147483647 optional read/write Rate threshold for DoS attack detection for the specified DNS query
/dns-query-vector/simulate-auto-threshold string disabled optional read/write Option to enable/disable auto-threshold simulation by generating logs
iControl Reference Index
Copyright (c) 2016, F5 Networks Inc. All Rights Reserved.

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.