slb template client-ssl

Configure offload of SSL validation of clients from real servers by creating a client SSL template. The template can then be applied to a virtual port.

client-ssl Specification

Type Collection
Object Key(s) name
Collection Name client-ssl-list
Collection URI /axapi/v3/slb/template/client-ssl/
Element Name client-ssl
Element URI /axapi/v3/slb/template/client-ssl/{name}
Element Attributes client-ssl_attributes
Schema client-ssl schema

Operations Allowed:

Operation Method URI Payload

Create Object

POST

/axapi/v3/slb/template/client-ssl/

client-ssl Attributes

Create List

POST

/axapi/v3/slb/template/client-ssl/

client-ssl Attributes

Get Object

GET

/axapi/v3/slb/template/client-ssl/{name}

client-ssl Attributes

Get List

GET

/axapi/v3/slb/template/client-ssl/

client-ssl-list

Modify Object

POST

/axapi/v3/slb/template/client-ssl/{name}

client-ssl Attributes

Replace Object

PUT

/axapi/v3/slb/template/client-ssl/{name}

client-ssl Attributes

Replace List

PUT

/axapi/v3/slb/template/client-ssl/

client-ssl-list

Delete Object

DELETE

/axapi/v3/slb/template/client-ssl/{name}

client-ssl Attributes

client-ssl-list

client-ssl-list is JSON List of client-ssl Attributes

client-ssl-list : [

client-ssl Attributes

alert-type

Description: ‘fatal’: Log fatal alerts;

Type: string

Supported Values: fatal

auth-sg

Description: Specify authorization LDAP service group

Type: string

Format: string-rlx

Mutual Exclusion: auth-sg and authen-name are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/service-group

auth-sg-dn

Description: Use Subject DN as LDAP search base DN

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

auth-sg-filter

Description: Specify LDAP search filter

Type: string

Format: string-rlx

auth-username

Description: Specify the field to check in SSL certificates from clients, to find the client name.

Type: string

Format: string-rlx

auth-username-attribute

Description: Specify attribute name of username for client SSL authorization

Type: string

Format: string-rlx

authen-name

Description: Specify authorization LDAP server name

Type: string

Format: string-rlx

Mutual Exclusion: authen-name and auth-sg are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/server/ldap

authorization

Description: Specify LDAP server for client SSL authorizaiton

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ca-certs

Description: ca-certs is a JSON List . Please see below for ca-certs

Type: List

cache-persistence-list-name

Description: Class List Name

Type: string

case-insensitive

Description: Case insensitive forward proxy bypass

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cert

Description: Specify the name of the certificate to use for terminating or initiating an SSL connection. The certificate must be installed on the ACOS device.

Type: string

cert-revoke-action

Description: ‘bypass’: bypass SSLi processing; ‘continue’: continue the connection; ‘drop’: close the connection;

Type: string

Supported Values: bypass, continue, drop

Default: bypass

cert-unknown-action

Description: ‘bypass’: bypass SSLi processing; ‘continue’: continue the connection; ‘drop’: close the connection;

Type: string

Supported Values: bypass, continue, drop

Default: bypass

chain-cert

Description: Specify the name of a certificate-key chain.

Type: string

cipher-without-prio-list

Description: cipher-without-prio-list is a JSON List . Please see below for cipher-without-prio-list

Type: List

class-list-name

Description: Class List Name

Type: string

Mutual Exclusion: class-list-name and multi-clist-name are mutually exclusive

client-auth-case-insensitive

Description: Case insensitive forward proxy client auth bypass

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

client-auth-class-list

Description: Forward proxy client auth bypass if SNI string matches class-list (Class List Name)

Type: string

client-auth-contains-list

Description: client-auth-contains-list is a JSON List . Please see below for client-auth-contains-list

Type: List

client-auth-ends-with-list

Description: client-auth-ends-with-list is a JSON List . Please see below for client-auth-ends-with-list

Type: List

client-auth-equals-list

Description: client-auth-equals-list is a JSON List . Please see below for client-auth-equals-list

Type: List

client-auth-starts-with-list

Description: client-auth-starts-with-list is a JSON List . Please see below for client-auth-starts-with-list

Type: List

client-certificate

Description: ‘Ignore’: Don’t request client certificate; ‘Require’: Require client certificate; ‘Request’: Request client certificate;

Type: string

Supported Values: Ignore, Require, Request

Default: Ignore

close-notify

Description: Send close notification when terminate connection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

contains-list

Description: contains-list is a JSON List . Please see below for contains-list

Type: List

crl-certs

Description: crl-certs is a JSON List . Please see below for crl-certs

Type: List

dh-type

Description: ‘1024’: 1024; ‘1024-dsa’: 1024-dsa; ‘2048’: 2048; ‘512’: 512;

Type: string

Supported Values: 1024, 1024-dsa, 2048, 512

disable-sslv3

Description: Reject Client requests for SSL version 3

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ec-list

Description: ec-list is a JSON List . Please see below for ec-list

Type: List

enable-tls-alert-logging

Description: Enable TLS alert logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ends-with-list

Description: ends-with-list is a JSON List . Please see below for ends-with-list

Type: List

equals-list

Description: equals-list is a JSON List . Please see below for equals-list

Type: List

expire-hours

Description: Certificate lifetime in hours

Type: number

Range: 1-168

forward-encrypted

Description: Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)

forward-passphrase

Description: Password Phrase

Type: string

Format: password

forward-proxy-alt-sign

Description: Forward proxy alternate signing cert and key

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-ca-cert

Description: CA Certificate for forward proxy (SSL forward proxy CA Certificate Name)

Type: string

forward-proxy-ca-key

Description: CA Private Key for forward proxy (SSL forward proxy CA Key Name)

Type: string

forward-proxy-cert-cache-limit

Description: Certificate cache size limit, default is 524288 (set to 0 for unlimited size)

Type: number

Range: 0-2147483647

Default: 524288

forward-proxy-cert-cache-timeout

Description: Certificate cache timeout, default is 1 hour (seconds, set to 0 for never timeout)

Type: number

Range: 0-2147483647

Default: 3600

forward-proxy-cert-expiry

Description: Adjust certificate expiry relative to the time when it is created on the device

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-cert-revoke-action

Description: Action taken if a certificate is irreversibly revoked, bypass SSLi processing by default

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-cert-unknown-action

Description: Action taken if a certificate revocation status is unknown, bypass SSLi processing by default

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-crl-disable

Description: Disable Certificate Revocation List checking for forward proxy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-enable

Description: Enable SSL forward proxy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-failsafe-disable

Description: Disable Failsafe for SSL forward proxy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-log-disable

Description: Disable SSL forward proxy logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-ocsp-disable

Description: Disable ocsp-stapling for forward proxy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-selfsign-redir

Description: Redirect connections to pages with self signed certs to a warning page

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-ssl-version

Description: TLS/SSL version, default is TLS1.2 (TLS/SSL version: 31-TLSv1.0, 32-TLSv1.1 and 33-TLSv1.2)

Type: number

Range: 31-33

Default: 33

forward-proxy-trusted-ca-lists

Description: forward-proxy-trusted-ca-lists is a JSON List . Please see below for forward-proxy-trusted-ca-lists

Type: List

forward-proxy-verify-cert-fail-action

Description: Action taken if certificate verification fails, close the connection by default

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

fp-alt-cert

Description: CA Certificate for forward proxy alternate signing (Certificate name)

Type: string

fp-alt-encrypted

Description: Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)

fp-alt-key

Description: CA Private Key for forward proxy alternate signing (Key name)

Type: string

fp-alt-passphrase

Description: Password Phrase

Type: string

Format: password

hsm-type

Description: ‘thales-embed’: Thales embed key; ‘thales-hwcrhk’: Thales hwcrhk Key;

Type: string

Supported Values: thales-embed, thales-hwcrhk

inspect-list-name

Description: Class List Name

Type: string

key

Description: Server Private Key (Key Name)

Type: string

key-encrypted

Description: Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)

key-passphrase

Description: Password Phrase

Type: string

Format: password

ldap-base-dn-from-cert

Description: Use Subject DN as LDAP search base DN

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ldap-search-filter

Description: Specify LDAP search filter

Type: string

Format: string-rlx

multi-class-list

Description: multi-class-list is a JSON List . Please see below for multi-class-list

Type: List

name

Description: Name of the template.

Type: string

Format: string-rlx

Required: Yes

non-ssl-bypass-service-group

Description: Service Group for Bypass non-ssl traffic (Service Group Name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/slb/service-group

ocsp-stapling

Description: Config OCSP stapling support

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ocspst-ca-cert

Description: CA certificate

Type: string

ocspst-ocsp

Description: Specify OCSP Authentication

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ocspst-sg

Description: Specify authentication service group

Type: string

Format: string-rlx

Mutual Exclusion: ocspst-sg and ocspst-srvr are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/service-group

ocspst-sg-days

Description: Specify update period, in days

Type: number

Range: 1-31

Mutual Exclusion: ocspst-sg-days ocspst-sg-hours and ocspst-sg-minutes are mutually exclusive

ocspst-sg-hours

Description: Specify update period, in hours

Type: number

Range: 1-23

Default: 1

Mutual Exclusion: ocspst-sg-hours ocspst-sg-days and ocspst-sg-minutes are mutually exclusive

ocspst-sg-minutes

Description: Specify update period, in minutes

Type: number

Range: 1-59

Mutual Exclusion: ocspst-sg-minutes ocspst-sg-days and ocspst-sg-hours are mutually exclusive

ocspst-sg-timeout

Description: Specify retry timeout (Default is 30 mins)

Type: number

Range: 1-44640

Default: 30

ocspst-srvr

Description: Specify OCSP authentication server

Type: string

Format: string-rlx

Mutual Exclusion: ocspst-srvr and ocspst-sg are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/server/ocsp

ocspst-srvr-days

Description: Specify update period, in days

Type: number

Range: 1-31

Mutual Exclusion: ocspst-srvr-days ocspst-srvr-hours and ocspst-srvr-minutes are mutually exclusive

ocspst-srvr-hours

Description: Specify update period, in hours

Type: number

Range: 1-23

Default: 1

Mutual Exclusion: ocspst-srvr-hours ocspst-srvr-days and ocspst-srvr-minutes are mutually exclusive

ocspst-srvr-minutes

Description: Specify update period, in minutes

Type: number

Range: 1-59

Mutual Exclusion: ocspst-srvr-minutes ocspst-srvr-days and ocspst-srvr-hours are mutually exclusive

ocspst-srvr-timeout

Description: Specify retry timeout (Default is 30 mins)

Type: number

Range: 1-44640

Default: 30

server-name-list

Description: server-name-list is a JSON List . Please see below for server-name-list

Type: List

session-cache-size

Description: Session Cache Size (Specify 0 to disable Session ID reuse.)

Type: number

session-cache-timeout

Description: Session Cache Timeout (Timeout value, in seconds)

Type: number

Range: 0-604800

session-ticket-lifetime

Description: Session ticket lieftime in seconds from stateless session resumption (Lifetime value in seconds)

Type: number

Range: 0-2147483647

ssl-false-start-disable

Description: disable SSL False Start

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sslv2-bypass-service-group

Description: Service Group for Bypass SSLV2 (Service Group Name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/slb/service-group

starts-with-list

Description: starts-with-list is a JSON List . Please see below for starts-with-list

Type: List

template-cipher

Description: Cipher Template (Cipher Config Name)

Type: string

Mutual Exclusion: template-cipher and cipher-wo-prio are mutually exclusive

Reference Object: /axapi/v3/slb/template/cipher

template-hsm

Description: HSM Template (HSM Template Name)

Type: string

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

verify-cert-fail-action

Description: ‘bypass’: bypass SSLi processing; ‘continue’: continue the connection; ‘drop’: close the connection;

Type: string

Supported Values: bypass, continue, drop

Default: drop

web-category

Description: web-category is a JSON Block . Please see below for web-category

Type: Object

equals-list

Specification
Type list
Block object keys

equals

Description: Forward proxy bypass if SNI string equals another string

Type: string

Format: string-rlx

forward-proxy-trusted-ca-lists

Specification
Type list
Block object keys

forward-proxy-trusted-ca

Description: Forward proxy trusted CA file (CA file name)

Type: string

ec-list

Specification
Type list
Block object keys

ec

Description: ‘secp256r1’: X9_62_prime256v1; ‘secp384r1’: secp384r1;

Type: string

Supported Values: secp256r1, secp384r1

contains-list

Specification
Type list
Block object keys

contains

Description: Forward proxy bypass if SNI string contains another string

Type: string

Format: string-rlx

ends-with-list

Specification
Type list
Block object keys

ends-with

Description: Forward proxy bypass if SNI string ends with another string

Type: string

Format: string-rlx

ca-certs

Specification
Type list
Block object keys

ca-cert

Description: CA Certificate (CA Certificate Name)

Type: string

client-ocsp

Description: Specify ocsp authentication server(s) for client certificate verification

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

client-ocsp-sg

Description: Specify service-group (Service group name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/aam/authentication/service-group

client-ocsp-srvr

Description: Specify authentication server

Type: string

Format: string-rlx

Reference Object: /axapi/v3/aam/authentication/server/ocsp

client-auth-contains-list

Specification
Type list
Block object keys

client-auth-contains

Description: Forward proxy bypass if SNI string contains another string

Type: string

Format: string-rlx

client-auth-equals-list

Specification
Type list
Block object keys

client-auth-equals

Description: Forward proxy bypass if SNI string equals another string

Type: string

Format: string-rlx

crl-certs

Specification
Type list
Block object keys

crl

Description: Certificate Revocation Lists (Certificate Revocation Lists file name)

Type: string

multi-class-list

Specification
Type list
Block object keys

multi-clist-name

Description: Class List Name

Type: string

Mutual Exclusion: multi-clist-name and class-list-name are mutually exclusive

web-category

Specification
Type object

abortion

Description: Category Abortion

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

adult-and-pornography

Description: Category Adult and Pornography

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

alochol-and-tobacco

Description: Category Alcohol and Tobacco

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

auctions

Description: Category Auctions

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

bot-nets

Description: Category Bot Nets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

business-and-economy

Description: Category Business and Economy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cdns

Description: Category CDNs

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cheating

Description: Category Cheating

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

computer-and-internet-info

Description: Category Computer and Internet Info

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

computer-and-internet-security

Description: Category Computer and Internet Security

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

confirmed-spam-sources

Description: Category Confirmed SPAM Sources

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cult-and-occult

Description: Category Cult and Occult

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dating

Description: Category Dating

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dead-sites

Description: Category Dead Sites (db Ops only)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drugs

Description: Category Abused Drugs

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-comment

Description: Category Dynamic Comment

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

educational-institutions

Description: Category Educational Institutions

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

entertainment-and-arts

Description: Category Entertainment and Arts

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

fashion-and-beauty

Description: Category Fashion and Beauty

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

financial-services

Description: Category Financial Services

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

food-and-dining

Description: Category Food and Dining

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

gambling

Description: Category Gambling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

games

Description: Category Games

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

government

Description: Category Government

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

gross

Description: Category Gross

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hacking

Description: Category Hacking

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hate-and-racism

Description: Category Hate and Racism

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

health-and-medicine

Description: Category Health and Medicine

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

home-and-garden

Description: Category Home and Garden

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hunting-and-fishing

Description: Category Hunting and Fishing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

illegal

Description: Category Illegal

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

image-and-video-search

Description: Category Image and Video Search

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

internet-communications

Description: Category Internet Communications

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

internet-portals

Description: Category Internet Portals

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

job-search

Description: Category Job Search

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

keyloggers-and-monitoring

Description: Category Keyloggers and Monitoring

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

kids

Description: Category Kids

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

legal

Description: Category Legal

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

local-information

Description: Category Local Information

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

malware-sites

Description: Category Malware Sites

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

marijuana

Description: Category Marijuana

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

military

Description: Category Military

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

motor-vehicles

Description: Category Motor Vehicles

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

music

Description: Category Music

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

news-and-media

Description: Category News and Media

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

nudity

Description: Category Nudity

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

online-greeting-cards

Description: Category Online Greeting cards

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

open-http-proxies

Description: Category Open HTTP Proxies

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

parked-domains

Description: Category Parked Domains

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

pay-to-surf

Description: Category Pay to Surf

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

peer-to-peer

Description: Category Peer to Peer

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

personal-sites-and-blogs

Description: Category Personal sites and Blogs

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

personal-storage

Description: Category Personal Storage

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

philosophy-and-politics

Description: Category Philosophy and Political Advocacy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

phishing-and-other-fraud

Description: Category Phishing and Other Frauds

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

private-ip-addresses

Description: Category Private IP Addresses

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

proxy-avoid-and-anonymizers

Description: Category Proxy Avoid and Anonymizers

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

questionable

Description: Category Questionable

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

real-estate

Description: Category Real Estate

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

recreation-and-hobbies

Description: Category Recreation and Hobbies

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

reference-and-research

Description: Category Reference and Research

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

religion

Description: Category Religion

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

search-engines

Description: Category Search Engines

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sex-education

Description: Category Sex Education

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

shareware-and-freeware

Description: Category Shareware and Freeware

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

shopping

Description: Category Shopping

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

social-network

Description: Category Social Network

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

society

Description: Category Society

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

spam-urls

Description: Category SPAM URLs

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sports

Description: Category Sports

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

spyware-and-adware

Description: Category Spyware and Adware

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

stock-advice-and-tools

Description: Category Stock Advice and Tools

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

streaming-media

Description: Category Streaming Media

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

swimsuits-and-intimate-apparel

Description: Category Swimsuits and Intimate Apparel

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

training-and-tools

Description: Category Training and Tools

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

translation

Description: Category Translation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

travel

Description: Category Travel

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uncategorized

Description: Uncategorized URLs

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

unconfirmed-spam-sources

Description: Category Unconfirmed SPAM Sources

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

violence

Description: Category Violence

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

weapons

Description: Category Weapons

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

web-adertisements

Description: Category Web Advertisements

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

web-based-email

Description: Category Web based email

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

web-hosting-sites

Description: Category Web Hosting Sites

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

client-auth-starts-with-list

Specification
Type list
Block object keys

client-auth-starts-with

Description: Forward proxy bypass if SNI string starts with another string

Type: string

Format: string-rlx

server-name-list

Specification
Type list
Block object keys

server-cert

Description: Server Certificate associated to SNI (Server Certificate Name)

Type: string

server-encrypted

Description: Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)

server-key

Description: Server Private Key associated to SNI (Server Private Key Name)

Type: string

server-name

Description: Server name indication in Client hello extension (Server name String)

Type: string

server-passphrase

Description: help Password Phrase

Type: string

Format: password

client-auth-ends-with-list

Specification
Type list
Block object keys

client-auth-ends-with

Description: Forward proxy bypass if SNI string ends with another string

Type: string

Format: string-rlx

cipher-without-prio-list

Specification
Type list
Block object keys

cipher-wo-prio

Description: ‘SSL3_RSA_DES_192_CBC3_SHA’: SSL3_RSA_DES_192_CBC3_SHA; ‘SSL3_RSA_DES_40_CBC_SHA’: SSL3_RSA_DES_40_CBC_SHA; ‘SSL3_RSA_DES_64_CBC_SHA’: SSL3_RSA_DES_64_CBC_SHA; ‘SSL3_RSA_RC4_128_MD5’: SSL3_RSA_RC4_128_MD5; ‘SSL3_RSA_RC4_128_SHA’: SSL3_RSA_RC4_128_SHA; ‘SSL3_RSA_RC4_40_MD5’: SSL3_RSA_RC4_40_MD5; ‘TLS1_RSA_AES_128_SHA’: TLS1_RSA_AES_128_SHA; ‘TLS1_RSA_AES_256_SHA’: TLS1_RSA_AES_256_SHA; ‘TLS1_RSA_EXPORT1024_RC4_56_MD5’: TLS1_RSA_EXPORT1024_RC4_56_MD5; ‘TLS1_RSA_EXPORT1024_RC4_56_SHA’: TLS1_RSA_EXPORT1024_RC4_56_SHA; ‘TLS1_RSA_AES_128_SHA256’: TLS1_RSA_AES_128_SHA256; ‘TLS1_RSA_AES_256_SHA256’: TLS1_RSA_AES_256_SHA256; ‘TLS1_DHE_RSA_AES_128_GCM_SHA256’: TLS1_DHE_RSA_AES_128_GCM_SHA256; ‘TLS1_DHE_RSA_AES_128_SHA’: TLS1_DHE_RSA_AES_128_SHA; ‘TLS1_DHE_RSA_AES_128_SHA256’: TLS1_DHE_RSA_AES_128_SHA256; ‘TLS1_DHE_RSA_AES_256_GCM_SHA384’: TLS1_DHE_RSA_AES_256_GCM_SHA384; ‘TLS1_DHE_RSA_AES_256_SHA’: TLS1_DHE_RSA_AES_256_SHA; ‘TLS1_DHE_RSA_AES_256_SHA256’: TLS1_DHE_RSA_AES_256_SHA256; ‘TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256’: TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256; ‘TLS1_ECDHE_ECDSA_AES_128_SHA’: TLS1_ECDHE_ECDSA_AES_128_SHA; ‘TLS1_ECDHE_ECDSA_AES_128_SHA256’: TLS1_ECDHE_ECDSA_AES_128_SHA256; ‘TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384’: TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_ECDSA_AES_256_SHA’: TLS1_ECDHE_ECDSA_AES_256_SHA; ‘TLS1_ECDHE_RSA_AES_128_GCM_SHA256’: TLS1_ECDHE_RSA_AES_128_GCM_SHA256; ‘TLS1_ECDHE_RSA_AES_128_SHA’: TLS1_ECDHE_RSA_AES_128_SHA; ‘TLS1_ECDHE_RSA_AES_128_SHA256’: TLS1_ECDHE_RSA_AES_128_SHA256; ‘TLS1_ECDHE_RSA_AES_256_GCM_SHA384’: TLS1_ECDHE_RSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_RSA_AES_256_SHA’: TLS1_ECDHE_RSA_AES_256_SHA; ‘TLS1_RSA_AES_128_GCM_SHA256’: TLS1_RSA_AES_128_GCM_SHA256; ‘TLS1_RSA_AES_256_GCM_SHA384’: TLS1_RSA_AES_256_GCM_SHA384;

Type: string

Supported Values: SSL3_RSA_DES_192_CBC3_SHA, SSL3_RSA_DES_40_CBC_SHA, SSL3_RSA_DES_64_CBC_SHA, SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, SSL3_RSA_RC4_40_MD5, TLS1_RSA_AES_128_SHA, TLS1_RSA_AES_256_SHA, TLS1_RSA_EXPORT1024_RC4_56_MD5, TLS1_RSA_EXPORT1024_RC4_56_SHA, TLS1_RSA_AES_128_SHA256, TLS1_RSA_AES_256_SHA256, TLS1_DHE_RSA_AES_128_GCM_SHA256, TLS1_DHE_RSA_AES_128_SHA, TLS1_DHE_RSA_AES_128_SHA256, TLS1_DHE_RSA_AES_256_GCM_SHA384, TLS1_DHE_RSA_AES_256_SHA, TLS1_DHE_RSA_AES_256_SHA256, TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256, TLS1_ECDHE_ECDSA_AES_128_SHA, TLS1_ECDHE_ECDSA_AES_128_SHA256, TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA, TLS1_ECDHE_RSA_AES_128_GCM_SHA256, TLS1_ECDHE_RSA_AES_128_SHA, TLS1_ECDHE_RSA_AES_128_SHA256, TLS1_ECDHE_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA, TLS1_RSA_AES_128_GCM_SHA256, TLS1_RSA_AES_256_GCM_SHA384

Mutual Exclusion: cipher-wo-prio and template-cipher are mutually exclusive

starts-with-list

Specification
Type list
Block object keys

starts-with

Description: Forward proxy bypass if SNI string starts with another string

Type: string

Format: string-rlx

stats data

Counter Size Description
stock-advice-and-tools 8 stock advice and tools category
news-and-media 8 news and media category
business-and-economy 8 business and economy category
phishing-and-other-fraud 8 phishing and other fraud category
nudity 8 nudity category
CDNs 8 content delivery networks category
marijuana 8 marijuana category
home-and-garden 8 home and garden category
cult-and-occult 8 cult and occult category
society 8 society category
unconfirmed-SPAM-sources 8 unconfirmed SPAM sources category
personal-storage 8 personal storage category
dynamic-comment 8 dynamic comment category
web-based-email 8 web based email category
motor-vehicles 8 motor vehicles category
shopping 8 shopping category
swimsuits-and-intimate-apparel 8 swimsuits and intimate apparel category
dead-sites 8 dead sites category
image-and-video-search 8 image and video search category
other-category 8 other category
web-hosting-sites 8 web hosting sites category
proxy-avoid-and-anonymizers 8 proxy avoid and anonymizers category
streaming-media 8 streaming media category
gross 8 gross category
uncategorised 8 uncategorised
cheating 8 cheating category
entertainment-and-arts 8 entertainment and arts category
illegal 8 illegal category
travel 8 travel category
bot-nets 8 bot nets category
music 8 music category
local-information 8 local information category
legal 8 legal category
sports 8 sports category
weapons 8 weapons category
religion 8 religion category
private-IP-addresses 8 private IP addresses category
shareware-and-freeware 8 shareware and freeware category
hate-and-racism 8 hate and racism category
open-HTTP-proxies 8 open HTTP proxies category
internet-communications 8 internet communications category
gambling 8 gambling category
dating 8 dating category
spyware-and-adware 8 spyware and adware category
confirmed-SPAM-sources 8 confirmed SPAM sources category
questionable 8 questionable category
malware-sites 8 malware sites category
financial-services 8 financial services category
kids 8 kids category
social-network 8 social network category
government 8 government category
drugs 8 drugs category
health-and-medicine 8 health and medicine category
abortion 8 abortion category
personal-sites-and-blogs 8 personal sites and blogs category
pay-to-surf 8 pay to surf category
alochol-and-tobacco 8 alcohol and tobacco category
educational-institutions 8 educational institutions category
web-adertisements 8 web adertisements category
recreation-and-hobbies 8 recreation and hobbies category
online-greeting-cards 8 online greeting cards category
translation 8 translation category
SPAM-URLs 8 SPAM URLs category
job-search 8 job search category
reference-and-research 8 reference and research category
keyloggers-and-monitoring 8 keyloggers and monitoring category
hunting-and-fishing 8 hunting and fishing category
search-engines 8 search engines category
peer-to-peer 8 peer to peer category
computer-and-internet-security 8 computer and internet security category
real-estate 8 real estate category
computer-and-internet-info 8 computer and internet info category
internet-portals 8 internet portals category
violence 8 violence category
philosophy-and-politics 8 philosophy and politics category
training-and-tools 8 training and tools category
sex-education 8 sex education category
games 8 games category
parked-domains 8 parked domains category
auctions 8 auctions category
military 8 military category
hacking 8 hacking category
fashion-and-beauty 8 fashion and beauty category
adult-and-pornography 8 adult and pornography category
food-and-dining 8 food and dining category