Navigation :

Mitigation

Mitigation

Overview

CleanPipe Protection Mitigation API

Version information

Version : 1.0.0.BETA

License information

Terms of service : https://www.nexusguard.com/

URI scheme

Host : {your_basic_domain}
BasePath : /api
Schemes : HTTPS

Paths

Get mitigation policy options.

GET /specp/cp/mitigation/policy_options

Description

Returns available options for configuring mitigation policies, including collector IPs, IDC names, countries, ICMP filter types, IP protocols, TCP flags, and ICMP types.

Parameters

Type Name Description Schema
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 Mitigation policy options (collector IPs, IDC names, countries, filter types, protocols, TCP/ICMP options). result

result

Name Description Schema
collector_ip
optional		 Collector IP addresses available for router configuration. < string > array
countries
optional		 Key-value map of countries (key = code, value = country name),for both allow/block list policies. object
filter_icmp_type
optional		 Key-value map of ICMP types (key = id, value = type name).for ICMP Custom Filter. object
filter_tcp_flags
optional		 TCP flags: reserved and other (non-reserved). filter_tcp_flags
icmp_filter_types
optional		 Key-value map of ICMP filter types (key = id, value = type name). object
idc_name
optional		 IDC names available for tunnel configuration. < string > array
ip_protocol_number_list
optional		 Key-value map of IP protocols (key = number, value = protocol name). object

filter_tcp_flags

Name Description Schema
other
optional		 Key-value map of TCP other flags (key = id, value = flag name). object
reserved
optional		 Key-value map of TCP reserved flags (key = id, value = flag name). object

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Create IP set template for allow/block list policy.

POST /specp/cp/mitigation/template/ip_set

Description

Create IP set template for allow/block list policy.

Parameters

Type Name Description Schema
Query access_token
required		 API access token for authentication. string
Body body
optional		 IP set template for allow/block list policy. body

body

Name Description Schema
enable_country
required		 Source country enabled status, 0 = off, 1 = on. integer
ip_set_desc
optional		 Optional policy description. string
ip_set_name
required		 Policy name. string
ip_type
required		 IP address family for the template, ipv4 or ipv6. string
source_countries
required		 < string > array
source_ips
required		 < string > array

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Schema
result
optional		 result

result

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
ip_set_id
optional		 IP set ID. string
msg
optional		 Human-readable error or status message. string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get an IP set template for allow/block list policy.

GET /specp/cp/mitigation/template/ip_set/{ip_set_id}

Description

Get an IP set template for allow/block list policy.

Parameters

Type Name Description Schema
Path ip_set_id
required		 IP set ID. Can be obtained by invoking this API for ip_set_id. string
Query access_token
required		 API access token for authentication. string
Query ip_type
optional		 IP address family for the template, ipv4 or ipv6. Default, ipv4. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Schema
result
optional		 result

result

Name Description Schema
enable_country
optional		 Source country enabled status, 0 = off, 1 = on. integer
ip_set_desc
optional		 Optional policy description. string
ip_set_id
optional		 IP set ID. string
ip_set_name
optional		 Policy name. string
ip_type
optional		 IP address family for the template, ipv4 or ipv6. string
source_countries
optional		 < string > array
source_ips
optional		 < string > array

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Update an IP set template for allow/block list policy.

PUT /specp/cp/mitigation/template/ip_set/{ip_set_id}

Description

Update an IP set template for allow/block list policy.

Parameters

Type Name Description Schema
Path ip_set_id
required		 IP set ID. Can be obtained by invoking this API for ip_set_id. string
Query access_token
required		 API access token for authentication. string
Body body
optional		 IP set template for allow/block list policy. body

body

Name Description Schema
enable_country
required		 Source country enabled status, 0 = off, 1 = on. integer
ip_set_desc
optional		 Optional policy description. string
ip_set_name
required		 Policy name. string
ip_type
required		 IP address family for the template, ipv4 or ipv6. string
source_countries
required		 < string > array
source_ips
required		 < string > array

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Delete an IP set template for allow/block list policy.

DELETE /specp/cp/mitigation/template/ip_set/{ip_set_id}

Description

Delete an IP set template for allow/block list policy.

Parameters

Type Name Description Schema
Path ip_set_id
required		 IP set ID. Can be obtained by invoking this API for ip_set_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get IP set templates for allow/block list policy.

GET /specp/cp/mitigation/template/ip_sets

Description

Returns IP set templates for building allow list or block list policies. Supports ip_type: ipv4 or ipv6.

Parameters

Type Name Description Schema
Query access_token
required		 API access token for authentication. string
Query ip_type
optional		 IP address family for the template: ipv4 or ipv6. Default: ipv4. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 < result > array

result

Name Description Schema
enable_country
optional		 Source country enabled status, 0 = off, 1 = on. integer
ip_set_desc
optional		 Optional policy description. string
ip_set_id
optional		 IP set ID. Can be obtained by invoking this API for ip_set_id. string
ip_set_name
optional		 Policy name. string
ip_type
optional		 IP address family for the template, ipv4 or ipv6. string
source_countries
optional		 < string > array
source_ips
optional		 < string > array

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get FlexFilter or ACL Filter info for mitigation.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/acl-filter

Description

Get the info of FlexFilter/ACL Filter for mitigation.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 result

result

Name Description Schema
common_rule_sets
optional		 The filter sets. < common_rule_sets > array
custom_rule_set
optional		 Custom Filters. custom_rule_set
is_enabled
optional		 0 = disabled, 1 = enabled. integer

common_rule_sets

Name Description Schema
rule_set_desc
optional		 Optional policy description. string
rule_set_name
optional		 Policy name. string

custom_rule_set

Name Description Schema
action
optional		 Either rate limiting, dropping or letting the traffic pass are taken. string
bps_limit
optional		 ratelimit in bps. string
dst_ip
optional		 IP Address of the recipient. < string > array
dst_port
optional		 Port number to which the data packet is sent. < integer > array
is_enabled
optional		 0 means it is disabled and 1 means enabled. integer
package_length
optional		 The size of the data packet. string
pps_limit
optional		 ratelimit in pps. string
protocol
optional		 Protocol of the data packet. integer
rule_desc
optional		 Optional policy description. string
rule_id
optional		 Unique identifier of custom rule. integer
rule_name
optional		 The name of the policy string
src_ip
optional		 IP address of the sender, as it is shown in the data packet. < string > array
src_port
optional		 Port number from which the data packet is sent < integer > array
tcp_flags
optional		 In TCP connection, flags are used to indicate a particular state of connection or to provide some additional useful information. < string > array
ttl
optional		 Time-to-live (TTL) is a value in an IP packet that tells a network router whether or not the packet has been in the network too long and should be discarded. string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Add FlexFilter, ACL Filter, or custom filter rules.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/acl-filter/custom-filter

Description

Add rules for the FlexFilter/ACL Filter/ custom filters.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body body
required		 FlexFilter/Custom filter rule configuration. body

body

Name Description Schema
action
required		 You can select ‘pass’, ‘drop’ or ‘ratelimit’. Selecting the ratelimit can allow you to define the capacity of the bandwidth that data packets can consume. string
bps_limit
optional		 The rate limit whose must be a number or K, M, G format must be provided when the ratelimit is switched on. string
dst_ip
optional		 IP Address of the recipient. < string > array
dst_port
optional		 Port number to which the data packet is sent. < integer > array
icmp_code
optional		 When ICMP_type is required for ICMP-unreach, ICMP-Redirect or ICMP-Paramprob, when ICMP-unreach is 0-15, ICMP-redirect is 0-3, and ICMP-paramprob is 0-2. integer
icmp_type
optional		 When the protocols value is required for ICMP, the value can be custom or from the filter_ICMP_type field that returns the result from config options. When custom, the range is an integer between 0 and 255. string
package_length
optional		 The size of the data packet. string
pps_limit
optional		 The rate limit whose must be a number or K, M, G format must be provided when the ratelimit is switched on. string
protocol
required		 Protocol of the data packet. Currently, tcp, udp and icmp are supported. string
rule_desc
optional		 Optional policy description. string
rule_name
required		 The name of the policy created. string
src_ip
optional		 IP address of the sender, as it is shown in the data packet. < string > array
src_port
optional		 Port number from which the data packet is sent. < integer > array
tcp_flags
optional		 When the protocol is TCP, its value is retrieved from the filter_tcp_flags in the configuration options. < string > array
ttl
optional		 Time-to-live (TTL) is a value in an IP packet that tells a network router whether or not the packet has been in the network too long and should be discarded. It is set to a value between zero and 255. integer

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 result

result

Name Description Schema
rule_id
optional		 Rule ID, a unique identifier assigned to each FlexFilter Custom Filters. string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get FlexFilter, ACL Filter, and custom filters policy for mitigation.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/acl-filter/custom-filter/{rule_id}

Description

Returns the FlexFilter, ACL Filter, and custom filters policy for the host.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path rule_id
required		 Unique identifier of custom rule. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 result

result

Name Description Schema
action
optional		 Either rate limiting, dropping or letting the traffic pass are taken. string
bps_limit
optional		 ratelimit in bps. string
dst_ip
optional		 IP Address of the recipient. < string > array
dst_port
optional		 Port number to which the data packet is sent. < integer > array
icmp_code
optional		 ICMP Code. integer
icmp_type
optional		 The filters for ICMP. string
is_enabled
optional		 0 means it is disabled and 1 means enabled. integer
package_length
optional		 The size of the data packet. string
pps_limit
optional		 ratelimit in pps. string
protocol
optional		 Protocol of the data packet. integer
rule_desc
optional		 Optional policy description. string
rule_id
optional		 Unique identifier of a policy. string
rule_name
optional		 The name of the policy string
src_ip
optional		 IP address of the sender, as it is shown in the data packet. < string > array
src_port
optional		 Port number from which the data packet is sent < integer > array
tcp_flags
optional		 In TCP connection, flags are used to indicate a particular state of connection or to provide some additional useful information. < string > array
ttl
optional		 Time-to-live (TTL) is a value in an IP packet that tells a network router whether or not the packet has been in the network too long and should be discarded. string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Edit FlexFilter, ACL Filter, or custom filter rules.

PUT /specp/cp/site/{site_id}/host/{host_id}/mitigation/acl-filter/custom-filter/{rule_id}

Description

Edit the rules for FlexFilter/ACL Filter/custom filters.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path rule_id
required		 Unique identifier of a rule. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body body
required		 FlexFilter/ACL Custom filter rule configuration. body

body

Name Description Schema
action
required		 You can select “pass”, “drop” or “ratelimit”. Selecting the ratelimit can allow you to define the capacity of the bandwidth that data packets can consume. string
bps_limit
optional		 The rate limit whose must be a number or K, M, G format must be provided when the ratelimit is switched on. string
dst_ip
optional		 IP Address of the recipient. < string > array
dst_port
optional		 Port number to which the data packet is sent. < integer > array
icmp_code
optional		 When ICMP_type is required for ICMP-unreach, ICMP-Redirect or ICMP-Paramprob, when ICMP-unreach is 0-15, ICMP-redirect is 0-3, and ICMP-paramprob is 0-2. integer
icmp_type
optional		 When the protocols value is required for ICMP, the value can be custom or from the filter_ICMP_type field that returns the result from config options. When custom, the range is an integer between 0 and 255.Can be obtained by invoking this API for icmp types. string
package_length
optional		 The size of the data packet. string
pps_limit
optional		 The rate limit whose must be a number or K, M, G format must be provided when the ratelimit is switched on. string
protocol
required		 Protocol of the data packet. Currently, tcp, udp and icmp are supported. string
rule_desc
optional		 Optional policy description. string
rule_name
required		 Unique identifier of a policy created. string
src_ip
optional		 IP address of the sender, as it is shown in the data packet. < string > array
src_port
optional		 Port number from which the data packet is sent. < integer > array
tcp_flags
optional		 When the protocol is TCP, its value is retrieved from the filter_tcp_flags in the configuration options.Can be obtained by invoking this API for tcp flags. < string > array
ttl
optional		 Time-to-live (TTL) is a value in an IP packet that tells a network router whether or not the packet has been in the network too long and should be discarded. It is set to a value between zero and 255. integer

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Delete FlexFilter, ACL Filter, or custom filter rule.

DELETE /specp/cp/site/{site_id}/host/{host_id}/mitigation/acl-filter/custom-filter/{rule_id}

Description

Deletes FlexFilter/ ACL Filter/ custom filters.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path rule_id
required		 Unique identifier of custom rule. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Change FlexFilter, ACL Filter, or custom filters switch status.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/acl-filter/custom-filter/{rule_id}/switch

Description

Change the status of the switch of the FlexFilter/ ACL Filter/custom filters.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path rule_id
required		 Unique identifier of custom rule. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData is_enabled
required		 0 means the switch of ACL Filter is disabled whereas 1 means it is enabled. integer

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Edit FlexFilter filter sets for the host.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/acl-filter/filter-sets

Description

Edit the FlexFilter filter sets for the host.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData rule_set_id
required		 Enter the rule id you want to add.Can be obtained by invoking this API for rule_set_id. < string > array

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Change FlexFilter or ACL Filter policy switch status.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/acl-filter/switch

Description

Changes the status of the switch for the policies for FlexFilter/ACL Filter.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData is_enabled
required		 0 = disabled, 1 = enabled. integer

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Edit Allow/Blocklist content for host.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/allow-block-list

Description

Add or update source IPs and/or source countries for the host’s Allow/Blocklist.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body cp_mitigation_allow-block-list_service
optional		 Allow list or block list configuration (list type and enabled state). cp_mitigation_allow-block-list_service

cp_mitigation_allow-block-list_service

Name Description Schema
ip_set_id
optional		 ip set id for allow/blocklist. Can be obtained by invoking this API for ip set templates. string
source_countries
optional		 Country or region codes for allow/block list content, e.g. ISO country codes (US, CN). Can obtain from this API for country codes. < string > array
source_ips
optional		 IP addresses for allow/block list content. < string > array
type
required		 List type. One of: allow_list, block_list. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get allow list or block list content for host.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/allow-block-list

Description

Returns the current allow list or block list content (status, source IPs, source countries) for the host.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Query type
required		 Policy type: allow_list or block_list. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 result

result

Name Description Schema
is_enabled
optional		 Allow/block list status: 0 = disabled, 1 = enabled. integer
source_countries
optional		 Country or region codes for allow/block list content, e.g. ISO country codes (US, CN). < string > array
source_ips
optional		 Source IP addresses in the list. < string > array

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Change Allow/Blocklist mitigation policy status for host.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/allow-block-list/switch

Description

Update Allow/Blocklist mitigation policy status for host.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID.Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID.Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body cp_mitigation_allow-block-list_service
optional		 Allow list or block list configuration (list type and enabled state). cp_mitigation_allow-block-list_service

cp_mitigation_allow-block-list_service

Name Description Schema
is_enabled
required		 0 = off; 1 = custom; 2 = enabled with an IP set template. integer
type
required		 List type. One of: allow_list, block_list. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Change Bogons mitigation policy.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/bogons/switch

Description

Enables or disables Bogons mitigation for the site/host (e.g. martian_address, land_attack).

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData is_enabled
required		 0 = disabled, 1 = enabled. integer
FormData type
required		 Bogons type: martian_address or land_attack. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get Bogons mitigation switch status.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/bogons/switch

Description

Returns the current Bogons mitigation switch status for the site/host.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 result

result

Name Description Schema
land_attack
optional		 Land attack settings. land_attack
martian_address
optional		 Martian address settings. martian_address

land_attack

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = enabled. integer

martian_address

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = enabled. integer

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Edit traffic policies.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/filter-policing

Description

It is used to edit Traffic Policies.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData threshold_bps
required		 Threshold values in bps.must be a number or K, M, G format. string
FormData threshold_pps
required		 Threshold values in pps.must be a number or K, M, G format. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get traffic policing or filter policing info.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/filter-policing

Description

Get mitigation traffic policing info.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 result

result

Name Description Schema
is_enabled
optional		 0 means the mitigation policy for zombie is disabled whereas 1 means it is enabled. integer
threshold_bps
optional		 Threshold values in bps. string
threshold_pps
optional		 Threshold values in pps. string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Change traffic policing or filter policing switch status.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/filter-policing/switch

Description

It is a switch to change the status of Traffic Policing/Filter Policing.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData is_enabled
required		 0 means the filter policy is disabled whereas 1 means it is enabled. integer

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get ICMP flood policy info.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/icmp-flood

Description

Returns ICMP flood policy info for the host.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 result

result

Name Description Schema
custom_icmp_filter
optional		 Customizable ICMP filter settings. custom_icmp_filter
drop_large_ping_packets
optional		 Drop large ping packets settings. drop_large_ping_packets
icmp_fragmentation
optional		 ICMP fragmentation settings. icmp_fragmentation

custom_icmp_filter

Name Description Schema
default
optional		 Default ICMP filters. default
filters
optional		 List of customizable ICMP filters. < filters > array
is_enabled
optional		 0 = disabled, 1 = enabled. integer

default

Name Description Schema
action
optional		 pass or ratelimit. string
bps_limit
optional		 Rate limit in bits per second (bps). string
filter_name
optional		 Filter name. string
icmp_length
optional		 ICMP payload length to drop (1–1500 bytes). integer
icmp_type
optional		 ICMP filter type (from policy options). integer
pps_limit
optional		 Rate limit in packets per second (pps). string

filters

Name Description Schema
action
optional		 pass or ratelimit. string
bps_limit
optional		 Rate limit in bits per second (bps). string
filter_id
optional		 Custom filter ID. string
filter_name
optional		 Filter name. string
icmp_length
optional		 ICMP payload length to drop (bytes). integer
icmp_type
optional		 ICMP type (from policy options). integer
pps_limit
optional		 Rate limit in packets per second (pps). string

drop_large_ping_packets

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = enabled. integer

icmp_fragmentation

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = enabled. integer

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Add ICMP flood or customizable protocol filters.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/icmp-flood/icmp-filter

Description

Add filters for ICMP flood/Customizable protocol filters.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body body
required		 ICMP filter configuration. body

body

Name Description Schema
action
required		 Action when filter matches: pass or ratelimit. enum (pass, ratelimit)
bps_limit
optional		 Rate limit in bps must be 1-4000000000 or number with unit K/M/G (e.g. 1K, 2 M, 4 G). Required when action is ratelimit. string
filter_name
required		 Filter name. string
icmp_length
required		 Packet size in bytes (1–1500). integer
icmp_type
required		 ICMP type (from policy options icmp_filter_types). Can be obtained by invoking this API for ICMP types. integer
pps_limit
optional		 Rate limit in pps must be 1-4000000000 or number with unit K/M/G (e.g. 1K, 2 M, 4 G). Required when action is ratelimit. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 result

result

Name Description Schema
filter_id
optional		 Filter ID, a unique identifier assigned to each Custom ICMP Filter. string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get ICMP flood or customizable ICMP filter policies.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/icmp-flood/icmp-filter/{filter_id}

Description

Returns ICMP flood or customizable ICMP filter policies for the host.

Parameters

Type Name Description Schema
Path filter_id
required		 Custom filter ID. string
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 result

result

Name Description Schema
action
optional		 pass or ratelimit. string
bps_limit
optional		 Rate limit in bits per second (bps). string
filter_name
optional		 Filter name. string
icmp_length
optional		 ICMP payload length to drop (bytes). integer
icmp_type
optional		 ICMP type (from policy options). integer
pps_limit
optional		 Rate limit in packets per second (pps). string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Edit ICMP flood or customizable protocol filter policies.

PUT /specp/cp/site/{site_id}/host/{host_id}/mitigation/icmp-flood/icmp-filter/{filter_id}

Description

Edit the policies of the filters for ICMP flood/Customizable protocol.

Parameters

Type Name Description Schema
Path filter_id
required		 Custom filter ID. string
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body body
required		 ICMP filter configuration. body

body

Name Description Schema
action
optional		 Action when filter matches: pass or ratelimit. string
bps_limit
optional		 Rate limit in bps must be 1-4000000000 or number with unit K/M/G (e.g. 1K, 2 M, 4 G). Required when action is ratelimit. string
filter_name
optional		 Filter name. string
icmp_length
optional		 Packet size in bytes (1–1500). integer
icmp_type
optional		 The ICMP type number. Can be obtained by invoking this API for ICMP types. integer
pps_limit
optional		 Rate limit in pps must be 1-4000000000 or number with unit K/M/G (e.g. 1K, 2 M, 4 G). Required when action is ratelimit. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Delete ICMP flood or customizable protocol filter policy.

DELETE /specp/cp/site/{site_id}/host/{host_id}/mitigation/icmp-flood/icmp-filter/{filter_id}

Description

Delete the policies for the filter for ICMP flood/Customizable protocol.

Parameters

Type Name Description Schema
Path filter_id
required		 Custom filter ID. string
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Change ICMP flood policy status.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/icmp-flood/switch

Description

Enables or disables ICMP flood mitigation for the host.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData is_enabled
required		 0 = disabled, 1 = enabled. integer
FormData module
required		 ICMP flood module: icmp_fragmentation, custom_icmp_filter, or drop_large_ping_packets. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get IP Flood mitigation configuration.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/ip-flood

Description

Returns IP flood mitigation settings (e.g. IP fragmentation, customizable protocol filters).

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 result

result

Name Description Schema
custom_protocol_filter
optional		 Customizable protocol filter settings. custom_protocol_filter
drop_invalid_ip_packets
optional		 IP Invalid packets settings. drop_invalid_ip_packets
ip_fragmentation
optional		 IP fragmentation settings. ip_fragmentation

custom_protocol_filter

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = enabled. integer
protocol
optional		 List of protocol numbers. < integer > array

drop_invalid_ip_packets

Name Description Schema
is_enabled
optional		 Enable status.Values: 0 = off, 1 = drop. integer

ip_fragmentation

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = enabled. integer

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Edit customizable protocol filter policy.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/ip-flood/protocol

Description

Edit customizable protocol filter policy.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData protocols
required		 Protocol numbers (0–255) from configuration options.Can be obtained by invoking this API for protocol numbers. < integer > array

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Change IP Flood policy status.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/ip-flood/switch

Description

Enables or disables IP Flood mitigation for the site/host.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData is_enabled
required		 Enable status.Values: 0 = off, 1 = drop. integer
FormData module
required		 IP Flood type. in (drop_invalid_ip_packets, ip_fragmentation, custom_protocol_filter). drop_invalid_ip_packets = drop invalid IP packets, ip_fragmentation = IP fragmentation, custom_protocol_filter = Custom Protocol Filter. enum (drop_invalid_ip_packets, ip_fragmentation, custom_protocol_filter)

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Add a custom filter for L7 flood mitigation.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/custom-filter

Description

Add a custom filter for L7 flood mitigation.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body body
required		 Request body. body

body

Name Description Schema
filter_desc
optional		 Filter description string
filter_name
optional		 Filter name string
filter_port
optional		 Port list < string > array

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 Data result

result

Name Description Schema
filter_id
optional		 Filter ID string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get a single custom filter info for L7 flood mitigation.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/custom-filter/{filter_id}

Description

Get the info of a custom filter for L7 flood mitigation.

Parameters

Type Name Description Schema
Path filter_id
required		 Filter ID string
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 CustomFilter

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Update a custom filter for L7 flood mitigation.

PUT /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/custom-filter/{filter_id}

Description

Update the info of a custom filter for L7 flood mitigation.

Parameters

Type Name Description Schema
Path filter_id
required		 Unique identifier of filter. string
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body body
optional		 CustomFilter

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 Result data. object

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Delete a custom filter for L7 flood mitigation.

DELETE /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/custom-filter/{filter_id}

Description

Delete a custom filter for L7 flood mitigation.

Parameters

Type Name Description Schema
Path filter_id
required		 Filter ID string
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 < result > array

result

Name Description Schema
rule_set_desc
optional		 The description of the filter set. string
rule_set_name
optional		 The name of the filter set. string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get L7 flood custom filter info for mitigation.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/custom-filters

Description

Get the info of L7 flood custom filters for mitigation.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 Custom filters < CustomFilter > array

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Set L7 flood HTTP filters for mitigation.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/http-filter

Description

Set the info of L7 flood HTTP filters for mitigation.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body body
required		 body

body

Name Schema
filter_desc
optional		 string
filter_name
optional		 string
filter_port
optional		 < integer > array

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 Data result

result

Name Description Schema
filter_id
optional		 Filter ID string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get L7 flood HTTP filter info for mitigation.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/http-filter/{filter_id}

Description

Get the info of L7 flood HTTP filters for mitigation.

Parameters

Type Name Description Schema
Path filter_id
required		 Unique identifier of a L7 flood HTTP filter. string
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 HTTP filter configuration request HttpFilter

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Set L7 flood HTTP filters for mitigation.

PUT /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/http-filter/{filter_id}

Description

Set the info of L7 flood HTTP filters for mitigation.

Parameters

Type Name Description Schema
Path filter_id
required		 Unique identifier of a L7 flood HTTP filter. string
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body body
optional		 HttpFilter

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Delete L7 flood HTTP filters for mitigation.

DELETE /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/http-filter/{filter_id}

Description

Delete the info of L7 flood HTTP filters for mitigation.

Parameters

Type Name Description Schema
Path filter_id
required		 Unique identifier of a filter. string
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get L7 flood HTTP filters.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/http-filters

Description

Get the info of L7 flood HTTP filters for mitigation.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 HTTP filters < HttpFilter > array

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Add an L7 flood QUIC filter for mitigation.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/quic-filter

Description

Add a L7 flood QUIC filter for mitigation.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body body
required		 body

body

Name Schema
filter_desc
optional		 string
filter_name
optional		 string
filter_port
optional		 < integer > array

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 Data result

result

Name Description Schema
filter_id
optional		 Filter ID string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get L7 flood QUIC filter info for mitigation.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/quic-filter/{filter_id}

Description

Get the info of L7 flood QUIC filter for mitigation.

Parameters

Type Name Description Schema
Path filter_id
required		 Filter ID string
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 Quic filter info. QuicFilter

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Update L7 flood QUIC filter for mitigation.

PUT /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/quic-filter/{filter_id}

Description

Update the info of L7 flood QUIC filter for mitigation.

Parameters

Type Name Description Schema
Path filter_id
required		 Filter ID string
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body body
optional		 QuicFilter

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Delete L7 flood QUIC filters for mitigation.

DELETE /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/quic-filter/{filter_id}

Description

Delete the info of L7 flood QUIC filters for mitigation.

Parameters

Type Name Description Schema
Path filter_id
required		 Filter ID string
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get L7 flood QUIC filters.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/quic-filters

Description

Get the info of L7 flood QUIC filters for mitigation.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 QUIC filters < QuicFilter > array

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Add an L7 flood SIP filter for mitigation.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/sip-filter

Description

Add a L7 flood SIP filter for mitigation.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body body
required		 Request body. body

body

Name Description Schema
filter_desc
optional		 Filter description string
filter_name
optional		 Filter name string
filter_tcp_port
optional		 TCP Port list < integer > array
filter_udp_port
optional		 UDP Port list < integer > array

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 Data result

result

Name Description Schema
filter_id
optional		 Filter ID string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get a single L7 flood SIP filter info for mitigation.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/sip-filter/{filter_id}

Description

Get the info of a L7 flood SIP filter for mitigation.

Parameters

Type Name Description Schema
Path filter_id
required		 Filter ID string
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 SipFilter

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Set L7 flood custom filters for mitigation.

PUT /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/sip-filter/{filter_id}

Description

Set the info of L7 flood custom filters for mitigation.

Parameters

Type Name Description Schema
Path filter_id
required		 Filter ID string
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body body
optional		 SipFilter

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Delete L7 flood custom filters for mitigation.

DELETE /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/sip-filter/{filter_id}

Description

Delete the info of L7 flood custom filters for mitigation.

Parameters

Type Name Description Schema
Path filter_id
required		 Filter ID integer
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get L7 flood SIP filter info for mitigation.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/sip-filters

Description

Get the info of L7 flood SIP filters for mitigation.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 SIP filters < SipFilter > array

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Set L7 flood TLS filters for mitigation.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/tls-filter

Description

Set the info of L7 flood TLS filters for mitigation.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body body
required		 body

body

Name Schema
filter_desc
optional		 string
filter_name
optional		 string
filter_port
optional		 < integer > array

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 Data result

result

Name Description Schema
filter_id
optional		 Filter ID string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get L7 flood TLS filter info for mitigation.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/tls-filter/{filter_id}

Description

Get the info of L7 flood TLS filters for mitigation.

Parameters

Type Name Description Schema
Path filter_id
required		 Unique identifier of a L7 flood HTTP filter. string
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 Tls filter info TlsFilter

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Set L7 flood QUIC filters for mitigation.

PUT /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/tls-filter/{filter_id}

Description

Set the info of L7 flood QUIC filters for mitigation.

Parameters

Type Name Description Schema
Path filter_id
required		 Unique identifier of a filter. string
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body body
required		 TlsFilter

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Delete L7 flood TLS filters for mitigation.

DELETE /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/tls-filter/{filter_id}

Description

Delete the info of L7 flood TLS filters for mitigation.

Parameters

Type Name Description Schema
Path filter_id
required		 Unique identifier of a L7 flood TLS filter. string
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get L7 flood HTTP filter info for mitigation.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/l7-flood/tls-filters

Description

Get the info of L7 flood HTTP filters for mitigation.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 < TlsFilter > array

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Change NTIF mitigation policy.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/ntif

Description

Edit NTIF mitigation policy for the host.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData is_enabled
required		 0 = disabled, 1 = monitor on trigger, 2 = drop on trigger. integer
FormData type
required		 NTIF type (e.g. proxy, tor, ddos, reputation, malware, scanner, dark_spider, spam). enum (proxy, tor, ddos, reputation, malware, scanner, dark_spider, spam)

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get NTIF mitigation configuration.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/ntif

Description

Returns the current NTIF mitigation switch status for the host.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 result

result

Name Description Schema
anonymizer
optional		 Anonymizer settings. anonymizer
botnet
optional		 Botnet settings. botnet
is_enabled
optional		 0 = disabled, 1 = enabled. integer

anonymizer

Name Description Schema
proxy
optional		 Proxy settings. proxy
tor
optional		 Tor settings. tor

proxy

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = monitor on trigger, 2 = block on trigger. integer

tor

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = monitor on trigger, 2 = block on trigger. integer

botnet

Name Description Schema
dark_spider
optional		 Dark spider settings. dark_spider
ddos
optional		 DDoS settings. ddos
malware
optional		 Malware settings. malware
reputation
optional		 Reputation settings. reputation
scanner
optional		 Scanner settings. scanner
spam
optional		 Spam settings. spam

dark_spider

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = monitor on trigger, 2 = block on trigger. integer

ddos

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = monitor on trigger, 2 = block on trigger. integer

malware

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = monitor on trigger, 2 = block on trigger. integer

reputation

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = monitor on trigger, 2 = block on trigger. integer

scanner

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = monitor on trigger, 2 = block on trigger. integer

spam

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = monitor on trigger, 2 = block on trigger. integer

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Change NTIF mitigation policy status.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/ntif/switch

Description

Enables or disables NTIF mitigation for the site/host.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData is_enabled
required		 0 = disabled, 1 = enabled. integer

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get FlexFilter or Payload Filter info for mitigation.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/payload-filter

Description

Returns info of FlexFilter/Payload Filter for mitigation.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 < result > array

result

Name Description Schema
action
optional		 An action will be taken when they match. string
bps_limit
optional		 ratelimit in bps. string
filter_id
optional		 Unique identifier of advanced rule. string
filter_name
optional		 The name of the policies. string
payload_string
optional		 The string of the payload. payload_string
port
optional		 The port number of the data packet. port
pps_limit
optional		 ratelimit in pps. string
protocol
optional		 The protocol of the data packet. protocol

payload_string

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = enabled. integer
string
optional		 Key word or phrase to look for in a payload. < string > array

port

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = enabled. integer
ports
optional		 The lists of the port numbers. < integer > array

protocol

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = enabled. integer
type
optional		 Currently, tcp, udp and ip supported protocol for the data packet can be used. string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Add FlexFilter or Payload Filter policy.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/payload-filter/filter

Description

Add the policies for the FlexFilter/Payload Filter.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body body
required		 Advanced payload filtering rule configuration. body

body

Name Description Schema
action
required		 Action to take when a match is found. You can choose pass, drop and rateLimit.Selecting Rate Limit allows to define a limit of bandwidth all such data packets can use. string
bps_limit
optional		 The rate limit whose must be a number or K, M, G format must be provided when the ratelimit is switched on. string
filter_name
required		 The name of the policies created. string
payload_string
optional		 If the “payload_string_enabled” is switched on, the key word or phrase must be provided to be looked for in a payload. < string > array
payload_string_enabled
optional		 0 means the switch of the payload string is disabled whereas 1 means it is enabled.At least one of the protocol_enabled, port_enabled, and payload_string_enabled must be enabled. integer
port
optional		 If the “port_enabled” is switched on, the port number either for the source or destination port of the data packet must be provided , with the exception of protocol is ‘ip’. < integer > array
port_enabled
optional		 0 means the port switch is disabled whereas 1 means it is enabled.At least one of the protocol_enabled, port_enabled, and payload_string_enabled must be enabled, with the exception of protocol is ‘ip’. integer
pps_limit
optional		 The rate limit whose must be a number or K, M, G format must be provided when the ratelimit is switched on. string
protocol
optional		 If protocol_enabled is switched on, the type of protocol must be provided. Currently, tcp, udp and ip supported protocol for the data packet can be used. string
protocol_enabled
optional		 0 means the switch of the protocol is disabled whereas 1 means it is enabled.At least one of the protocol_enabled, port_enabled, and payload_string_enabled must be enabled. integer

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 result

result

Name Description Schema
filter_id
optional		 Filter ID, a unique identifier assigned to each FlexFilter/Advanced Payload Filtering. string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get FlexFilter or Payload Filter policy list for mitigation.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/payload-filter/{filter_id}

Description

Returns info of policies for FlexFilter/Payload Filter for mitigation.

Parameters

Type Name Description Schema
Path filter_id
required		 Advanced payload filter ID. string
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 result

result

Name Description Schema
action
optional		 An action will be taken when they match. string
bps_limit
optional		 ratelimit in bps. string
filter_name
optional		 The name of the policies. string
payload_string
optional		 The payload of the string. payload_string
port
optional		 The port number of the data packet. port
pps_limit
optional		 ratelimit in pps. string
protocol
optional		 The protocol of the data packet. protocol

payload_string

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = enabled. integer
string
optional		 The key word or phase to be lookedfor in a payload. < string > array

port

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = enabled. integer
ports
optional		 The list of the port number. < integer > array

protocol

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = enabled. integer
type
optional		 Currently, tcp, udp and ip supported protocol for the data packet can be used. string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Edit FlexFilter/Advanced Payload Filtering.

PUT /specp/cp/site/{site_id}/host/{host_id}/mitigation/payload-filter/{filter_id}

Description

Edit FlexFilter/Advanced Payload Filtering.

Parameters

Type Name Description Schema
Path filter_id
required		 Unique identifier of advanced filter. string
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body body
required		 Advanced payload filtering rule configuration. body

body

Name Description Schema
action
required		 You can select “pass”, “drop” or “ratelimit”. Selecting the ratelimit can allow you to define the capacity of the bandwidth that data packets can consume. string
bps_limit
optional		 The rate limit whose must be a number or K, M, G format must be provided when the ratelimit is switched on. string
filter_name
required		 The name of the policies created. string
payload_string
optional		 If “payload_string_enabled” is switched on, the key word or phase must be provided to be looked for in a payload. < string > array
payload_string_enabled
optional		 0 means the switch for the payload string is disabled whereas 1 means it is enabled.At least one of the protocol_enabled, port_enabled, and payload_string_enabled must be enabled. integer
port
optional		 If the “port_enable” is switched on, the port number of the data packet must be provided. The port number can be either source or destination port < integer > array
port_enabled
optional		 0 means the port switch is disabled whereas 1 means it is enabled.At least one of the protocol_enabled, port_enabled, and payload_string_enabled must be enabled. integer
pps_limit
optional		 The rate limit whose must be a number or K, M, G format must be provided when the ratelimit is switched on. string
protocol
optional		 If the “port_enable” is switched on, the name of protocol of the data packet must be provided. Currently, this function supports TCP, UDP and IP protocol. string
protocol_enabled
optional		 0 means the switch for the protocol is disabled whereas 1 means it is enabled.At least one of the protocol_enabled, port_enabled, and payload_string_enabled must be enabled. integer

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Delete policies for FlexFilter/Payload Filter.

DELETE /specp/cp/site/{site_id}/host/{host_id}/mitigation/payload-filter/{filter_id}

Description

Delete policies for FlexFilter/Payload Filter.

Parameters

Type Name Description Schema
Path filter_id
required		 Unique identifier of advanced filter. string
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Edit smart filter policy.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/smart-filter/filter

Description

It is used to edit the policy for smart filter.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body body
required		 Body of the request. body

body

Name Description Schema
amplification
optional		 Amplification. integer
is_enabled
optional		 0 = disabled, 1 = enabled. integer
threat_intelligence
optional		 Threat intelligence. integer
traffic_generator
optional		 Traffic generator. integer

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 result

result

Name Description Schema
amplification
optional		 Amplification. integer
is_enabled
optional		 0 = disabled, 1 = enabled. integer
threat_intelligence
optional		 Threat intelligence. integer
traffic_generator
optional		 Traffic generator. integer

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get smart filter policy info.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/smart-filter/filter

Description

Returns the smart filter mitigation policy for the host.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 result

result

Name Description Schema
amplification
optional		 Amplification. integer
is_enabled
optional		 0 = disabled, 1 = enabled. integer
threat_intelligence
optional		 Threat intelligence. integer
traffic_generator
optional		 Traffic generator. integer

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get TCP Flood mitigation configuration.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/tcp-flood

Description

Get the info of mitigation for TCP Flood configuration.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 result

result

Name Description Schema
malformed_tcp_packets
optional		 The info of the malformed TCP packets. malformed_tcp_packets
tcp_fragmentation
optional		 The info of TCP fragmentation. tcp_fragmentation
tcp_rate_limit
optional		 The info of TCP rate limit. tcp_rate_limit
tcp_syn_flood
optional		 The info of TCP syn flood. tcp_syn_flood
tcp_syn_mss
optional		 The info of TCP syn mss. tcp_syn_mss

malformed_tcp_packets

Name Schema
invalid_tcp_flag
optional		 invalid_tcp_flag
invalid_tcp_reserved_flag
optional		 invalid_tcp_reserved_flag
invalid_tcp_syn_option
optional		 invalid_tcp_syn_option
invalid_tcp_syn_payload
optional		 invalid_tcp_syn_payload
tcp_syn
optional		 tcp_syn

invalid_tcp_flag

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = enabled. integer

invalid_tcp_reserved_flag

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = enabled. integer

invalid_tcp_syn_option

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = enabled. integer
size
optional		 The size of the TCP from the option. integer

invalid_tcp_syn_payload

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = enabled. integer
size
optional		 The size of the payload. integer

tcp_syn

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = enabled. integer

tcp_fragmentation

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = enabled. integer

tcp_rate_limit

Name Description Schema
bps_limit
optional		 Rate limit in bits per second (bps). string
is_enabled
optional		 0 = disabled, 1 = enabled. integer
pps_limit
optional		 Rate limit in packets per second (pps). string

tcp_syn_flood

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = enabled. integer
session_check
optional		 session_check
session_timeout
optional		 session_timeout
syn_authentication
optional		 syn_authentication

session_check

Name Description Schema
seconds
optional		 The amount of time, in seconds, to wait before checking an SYN session. integer

session_timeout

Name Description Schema
seconds
optional		 The minimum time, in seconds, for the SYN-packet retransmission to consider the retransmission to be valid. integer

syn_authentication

Name Description Schema
strict_mode
optional		 0 = disabled, 1 = enabled. integer
syn_auth
optional		 The model of TCP syn authentication. string

tcp_syn_mss

Name Description Schema
is_enabled
optional		 0 = disabled, 1 = enabled. integer
size
optional		 The size of the maximum segment. integer

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Change TCP flood or TCP Malformed Packets mitigation policy.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/tcp-flood/packets/switch

Description

Change the mitigation policy for TCP flood or TCP Malformed Packets.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData is_enabled
required		 Module enabled status. Values: 0 = disabled, 1 = enabled. integer
FormData module
required		 The type of TCP flood switch consists of invalid_tcp_flag,invalid_tcp_reserved_flag,tcp_syn,invalid_tcp_syn_payload,invalid_tcp_syn_option. enum (invalid_tcp_flag, invalid_tcp_reserved_flag, tcp_syn, invalid_tcp_syn_payload, invalid_tcp_syn_option)

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Edit TCP Flood/TCP rate limit.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/tcp-flood/rate-limit

Description

Edit TCP Flood/TCP rate limit.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData bps_limit
required		 The ratelimit in bps, must be 1-4000000000 or number with unit K/M/G (e.g. 1K, 2 M, 4 G) string
FormData pps_limit
required		 The ratelimit in pps, must be 1-4000000000 or number with unit K/M/G (e.g. 1K, 2 M, 4 G) string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Change TCP flood policy status.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/tcp-flood/switch

Description

Change the status of the policies for TCP flood.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData is_enabled
required		 0 = disabled, 1 = enabled. integer
FormData module
required		 The switch for the type of TCP flood mitigation includes tcp_rate_limit,tcp_fragmentation,tcp_syn_mss,tcp_syn_flood. enum (tcp_rate_limit, tcp_fragmentation, tcp_syn_mss, tcp_syn_flood)

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Edit TCP SYN Flood Module of TCP Flood policy.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/tcp-flood/syn-flood

Description

Edit TCP SYN Flood Module of TCP Flood policy.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData session_check_seconds
optional		 The amount of time, in seconds (10–255), to wait before checking an SYN session. integer
FormData session_timeout_seconds
optional		 The minimum time, in seconds (60–600), for the SYN-packet retransmission to consider the retransmission to be valid. integer
FormData strict_mode
optional		 0 = half, 1 = full. integer

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Edit TCP flood or TCP Rewrite MSS Size policy.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/tcp-flood/syn-mss

Description

Edit TCP Flood/TCP Rewrite MSS Size.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData size
required		 The size of string must range between 34 and 1500. integer

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get UDP Flood mitigation configuration.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/udp-flood

Description

Returns configuration of the mitigation of UDP Flood.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 result

result

Name Description Schema
dns_flood_amplification
optional		 DNS Flood & Amplification. dns_flood_amplification
no_data_payload
optional		 UDP Packet contain no Data Module in UDP Malformed. no_data_payload
ntp_amplification
optional		 NTP Amplification Module. ntp_amplification
snmp_amplification
optional		 SNMP Amplification Module. snmp_amplification
ssdp_flood
optional		 The info of SSDP Flood. ssdp_flood
udp_fragmentation
optional		 The info of UDP fragmentation. udp_fragmentation
udp_rate_limit
optional		 The info about the rate limit of UDP. udp_rate_limit
zero_data_payload
optional		 UDP Packet contain all ‘0’ Data. zero_data_payload

dns_flood_amplification

Name Schema
dns_query_length
optional		 dns_query_length
dns_query_rate_limit
optional		 dns_query_rate_limit
dns_response_length
optional		 dns_response_length
dns_response_rate_limit
optional		 dns_response_rate_limit

dns_query_length

Name Description Schema
is_enabled
optional		 0 means the switch is disabled whereas 1 mean it is enabled. integer
size
optional		 The size of the DNS query. integer

dns_query_rate_limit

Name Description Schema
bps_limit
optional		 ratelimit in bps. string
is_enabled
optional		 0 means the switch is disabled whereas 1 mean it is enabled. integer
pps_limit
optional		 ratelimit in pps. string

dns_response_length

Name Description Schema
is_enabled
optional		 0 means the switch is disabled whereas 1 mean it is enabled. integer
size
optional		 The size of the DNS response. integer

dns_response_rate_limit

Name Description Schema
bps_limit
optional		 ratelimit in bps. string
is_enabled
optional		 0 means the switch is disabled whereas 1 mean it is enabled. integer
pps_limit
optional		 ratelimit in pps. string

no_data_payload

Name Description Schema
is_enabled
optional		 0 means the switch is disabled whereas 1 it is enabled. integer

ntp_amplification

Name Schema
ntp_response_length
optional		 ntp_response_length
ntp_response_rate_limit
optional		 ntp_response_rate_limit

ntp_response_length

Name Description Schema
is_enabled
optional		 0 means the switch is disabled whereas 1 mean it is enabled. integer
size
optional		 The size of the NTP response. integer

ntp_response_rate_limit

Name Description Schema
bps_limit
optional		 ratelimit in bps. string
is_enabled
optional		 State of the switch. 0 means the switch is disabled whereas 1 mean it is enabled. integer
pps_limit
optional		 ratelimit in pps. string

snmp_amplification

Name Schema
snmp_response_rate_limit
optional		 snmp_response_rate_limit

snmp_response_rate_limit

Name Description Schema
bps_limit
optional		 ratelimit in bps. string
is_enabled
optional		 0 means the switch is disabled whereas 1 mean it is enabled. integer
pps_limit
optional		 ratelimit in pps. string

ssdp_flood

Name Schema
drop_ssdp
optional		 drop_ssdp

drop_ssdp

Name Description Schema
is_enabled
optional		 0 means the switch is disabled whereas 1 mean it is enabled. integer

udp_fragmentation

Name Description Schema
is_enabled
optional		 0 means the switch is disabled whereas ‘1” means it is enabled. integer

udp_rate_limit

Name Description Schema
bps_limit
optional		 ratelimit in bps. string
is_enabled
optional		 0 means the switch is disabled whereas ‘1” means it is enabled. integer
pps_limit
optional		 ratelimit in pps. string

zero_data_payload

Name Schema
drop_ssdp
optional		 drop_ssdp

drop_ssdp

Name Description Schema
is_enabled
optional		 0 means the switch is disabled whereas 1 mean it is enabled. integer
zero_payload_length
optional		 The length of the zero payload. integer

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Edit UDP Flood Submodule Settings.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/udp-flood/policy

Description

Edit the info of submodule of the UDP flood including DNS Flood & Amplification, NTP Amplification, and SNMP Amplification.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData bps_limit
optional		 When the module is dns_query_rate_limit,udp_rate_limit or dns_response_rate_limit, must be 1-4000000000 or number with unit K/M/G (e.g. 1K, 2 M, 4 G). string
FormData module
required		 The switch for the type of UDP flood module includes dns_query_length,dns_query_rate_limit,dns_response_length,dns_response_rate_limit,ntp_response_length,ntp_response_rate_limit,snmp_response_rate_limit,udp_rate_limit. enum (dns_query_length, dns_query_rate_limit, dns_response_length, dns_response_rate_limit, ntp_response_length, ntp_response_rate_limit, snmp_response_rate_limit, udp_rate_limit)
FormData pps_limit
optional		 When the module is dns_query_rate_limit,udp_rate_limit or dns_response_rate_limit, must be 1-4000000000 or number with unit K/M/G (e.g. 1K, 2 M, 4 G). string
FormData size
optional		 When the module is selected as dns_query_length or dns_response_length, the size must range between 42 and 1500. integer

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Change UDP flood submodule mitigation policies.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/udp-flood/policy/switch

Description

Change the mitigation policies for UDP flood submodule.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData is_enabled
required		 0 means the sub switch for the policies for the UDP flood is disabled whereas 1 means it is enabled. integer
FormData module
required		 The switch for the type of UDP flood module includes dns_query_length,dns_query_rate_limit,dns_response_length,dns_response_rate_limit,ntp_response_length,ntp_response_rate_limit,snmp_response_rate_limit,drop_ssdp. enum (dns_query_length, dns_query_rate_limit, dns_response_length, dns_response_rate_limit, ntp_response_length, ntp_response_rate_limit, snmp_response_rate_limit, drop_ssdp)

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Change UDP Flood mitigation policies.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/udp-flood/switch

Description

Change the mitigation policies for UDP Flood.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData is_enabled
required		 0 means the switch for the policies of UDP flood is disabled whereas 1 means it is enabled. integer
FormData module
required		 The policies for UDP flood can handle udp_fragmentation,no_data_payload,udp_rate_limit,zero_data_payload. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Edit UDP Packet contain all ‘0’ Data .

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/udp-flood/zero-data-payload

Description

Edit the policies for UDP Packet contain all ‘0’ Data .

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData length
required		 Length of the zero payload.Max matched length of zero data payload is limited 42-128 bytes. integer

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Edit zombie policy.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/zombie

Description

It is used to edit the filter for Zombie

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData action
required		 ratelimit or blacklist. string
FormData blacklist_timeout
required		 Blocklist timeout.Blocklist timeout must be numeric with range 10-120. integer
FormData threshold_bps
required		 Threshold values in bps, must be 1-4000000000 or number with unit K/M/G (e.g. 1K, 2 M, 4 G) string
FormData threshold_pps
required		 Threshold values in pps, must be 1-4000000000 or number with unit K/M/G (e.g. 1K, 2 M, 4 G) string
FormData zombie_type
required		 Zombie level: zombie_host or zombie_network. enum (zombie_host, zombie_network)

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get zombie policy info.

GET /specp/cp/site/{site_id}/host/{host_id}/mitigation/zombie

Description

Returns the zombie mitigation policy for the host.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 result

result

Name Description Schema
zombie_host
optional		 Host level configuration. zombie_host
zombie_network
optional		 Network level configuration. zombie_network

zombie_host

Name Description Schema
action
optional		 ratelimit or blacklist. string
blacklist_timeout
optional		 Blacklist timeout (seconds). integer
is_enabled
optional		 0 = disabled, 1 = enabled. integer
threshold_bps
optional		 Threshold values in bps. string
threshold_pps
optional		 Threshold values in pps. string

zombie_network

Name Description Schema
action
optional		 ratelimit or blacklist. string
blacklist_timeout
optional		 Blacklist timeout (seconds). integer
is_enabled
optional		 State of the switch. 0 means it is disabled and 1 means enabled. integer
threshold_bps
optional		 Threshold values in bps. string
threshold_pps
optional		 Threshold values in pps. string

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Change zombie filter status.

POST /specp/cp/site/{site_id}/host/{host_id}/mitigation/zombie/switch

Description

It is used to change the status of Zombie.

Parameters

Type Name Description Schema
Path host_id
required		 Host ID. Can be obtained by invoking this API for host_id. string
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
FormData is_enabled
required		 0 means the mitigation policy for zombie is disabled whereas 1 means it is enabled. integer
FormData zombie_type
required		 Zombie level. zombie_host or zombie_network. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Edit Allow/Blocklist content for site.

POST /specp/cp/site/{site_id}/mitigation/allow-block-list

Description

Add or update source IPs and/or source countries for the site’s Allow/Blocklist content.

Parameters

Type Name Description Schema
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body cp_mitigation_allow-block-list_service
optional		 Allow/Blocklist configuration. cp_mitigation_allow-block-list_service

cp_mitigation_allow-block-list_service

Name Description Schema
ip_set_id
optional		 ip set id for allow/blocklist.Can be obtained by invoking this API for ip set template. string
source_countries
optional		 Country or region codes for allow/blocklist content, e.g. ISO country codes (US, CN).Can be obtained by invoking this API for country codes. < string > array
source_ips
optional		 IP addresses for allow/blocklist content. < string > array
type
required		 List type. One of: allow_list, block_list. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get Allow/Blocklist content for site.

GET /specp/cp/site/{site_id}/mitigation/allow-block-list

Description

Returns the current Allow/Blocklist configuration for the site.

Parameters

Type Name Description Schema
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Query type
required		 Policy type: allow_list or block_list. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 result

result

Name Description Schema
ip_set_id
optional		 ip set id for allow/blocklist. string
is_enabled
optional		 Allow/block list status: 0 = disabled, 1 = enabled. integer
source_countries
optional		 Country or region codes for allow/block list content, e.g. ISO country codes (US, CN). < string > array
source_ips
optional		 Source IP addresses in the list. < string > array

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Change Allow/Blocklist mitigation policy status for site.

POST /specp/cp/site/{site_id}/mitigation/allow-block-list/switch

Description

Update Allow/Blocklist mitigation policy status for site.

Parameters

Type Name Description Schema
Path site_id
required		 Site ID.Can be obtained by invoking this API for site_id. string
Query access_token
required		 API access token for authentication. string
Body cp_mitigation_allow-block-list_service
optional		 Allow/Blocklist configuration (list type and enabled state). cp_mitigation_allow-block-list_service

cp_mitigation_allow-block-list_service

Name Description Schema
is_enabled
required		 0 = off; 1 = custom; 2 = enabled with an IP set template. integer
type
required		 Policy type. One of: allow_list, block_list. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Result

Consumes

Produces

Security

Type Name
apiKey ApiKeyAuth

Get ACL filter set for ACL filter policy.

GET /specp/cp/site/{site_id}/mitigation/template/acl_sets

Description

Get the acl filter set for acl filter policy.

Parameters

Type Name Description Schema
Path site_id
required		 Site ID. Can be obtained by invoking this API for site_id. string
Query access_token
required		 Access token used to authenticate your access to the API.Can be obtained by invoking this API. string

Responses

HTTP Code Description Schema
200 Response body with result data or error information. Response 200

Response 200

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 < result > array

result

Name Description Schema
rule_set_desc
optional		 The description of the filter set. string
rule_set_name
optional		 The name of the filter set. string

Consumes

Produces

Definitions

CustomFilter

Custom Filter configuration.

Name Description Schema
connection_protect
optional		 TCP Connection Module configuration. connection_protect
filter_desc
optional		 Filter description, length 0-100 characters. string
filter_id
optional		 Filter Profile ID. string
filter_name
optional		 Filter name,contain only letters, digits, underscore and hyphen, length 1-40 characters. string
filter_port
optional		 TCP Port list. < integer > array
is_enabled
optional		 Enable status. Values: 0 = off, 1 = on. integer

connection_protect

Name Description Schema
is_enabled
optional		 Enable status. Values: 0 = off, 1 = on. integer
src_ip_avg_window_size_threshold
optional		 Slow Rate Connection Module configuration. src_ip_avg_window_size_threshold
src_ip_connection_rate
optional		 Source IP New Connection Module configuration. src_ip_connection_rate
src_ip_half_open_rate
optional		 Source IP Half Open Connection Module configuration. src_ip_half_open_rate
src_ip_idle_connection_rate
optional		 Source IP Idle Connection Module configuration. src_ip_idle_connection_rate
total_connection_rate
optional		 Total Connection Moudle configuration. total_connection_rate

src_ip_avg_window_size_threshold

Name Description Schema
banned_period
optional		 Block duration (seconds), range in (10-600). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = monitor, 2 = block. integer
session_per_second
optional		 Sessions per second,range in (1-65535). integer

src_ip_connection_rate

Name Description Schema
banned_period
optional		 Block duration (seconds), range in (10-600). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = monitor, 2 = rate limit, 3 = block. integer
session_per_second
optional		 New connections per second,range in (5-1000). integer

src_ip_half_open_rate

Name Description Schema
banned_period
optional		 Block duration (seconds), range in (10-600). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = monitor, 2 = rate limit, 3 = block. integer
session_per_second
optional		 Half-open connections per second,range in (5-1000). integer

src_ip_idle_connection_rate

Name Description Schema
banned_period
optional		 Block duration (seconds), range in (10-600). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = monitor, 2 = rate limit, 3 = block. integer
session_per_second
optional		 Idle connections per second,range in (5-1000). integer

total_connection_rate

Name Description Schema
is_enabled
optional		 Enable status. Values: 0 = off, 1 = monitor, 2 = rate limit. integer
session_per_second
optional		 Sessions per second,range in (100-4294967295). integer

HttpFilter

HTTP Filter configuration.

Name Description Schema
authentication
optional		 HTTP Authentication Module configuration. authentication
connection_protect
optional		 TCP Connection Module configuration. connection_protect
filter_description
optional		 Filter description, length 0-100 characters. string
filter_id
optional		 Filter Profile ID. string
filter_name
optional		 Filter name,contain only letters, digits, underscore and hyphen, length 1-40 characters. string
filter_port
optional		 TCP Port list. < integer > array
is_enabled
optional		 Filter status. Values: 0 = on, 1 = off. integer
slow_attack
optional		 HTTP Slow Rate Module configuration. slow_attack

authentication

Name Description Schema
is_enabled
optional		 Enable status. Values: 0 = off, 1 = on. integer
model
optional		 Authentication mode. Values: 1 = HTTP ‘HTTP 302307 Redirect’, 2 = HTTP ‘HTTP Meta Refresh’, 3 = JavaScript ‘JavaScript’. integer

connection_protect

Name Description Schema
is_enabled
optional		 Enable status. Values: 0 = off, 1 = on. integer
src_ip_avg_window_size_threshold
optional		 Slow Rate Connection Module configuration. src_ip_avg_window_size_threshold
src_ip_connection_rate
optional		 Source IP New Connection Module configuration. src_ip_connection_rate
src_ip_half_open_rate
optional		 Source IP Half Open Connection Module configuration. src_ip_half_open_rate
src_ip_idle_connection_rate
optional		 Source IP Idle Connection Module configuration. src_ip_idle_connection_rate
total_connection_rate
optional		 Total Connection Moudle configuration. total_connection_rate

src_ip_avg_window_size_threshold

Name Description Schema
banned_period
optional		 Block duration(seconds), range in (10-60). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = monitor, 2 = block. integer
session_per_second
optional		 Sessions per second,range in (1-65535). integer

src_ip_connection_rate

Name Description Schema
banned_period
optional		 Block duration(seconds) range in (10-600). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = monitor, 2 = rate limit, 3 = block. integer
session_per_second
optional		 New connections per second,range in (5-1000). integer

src_ip_half_open_rate

Name Description Schema
banned_period
optional		 Block duration(seconds) range in (10-600). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = monitor, 2 = rate limit, 3 = block. integer
session_per_second
optional		 Half-open connections per second,range in (5-1000). integer

src_ip_idle_connection_rate

Name Description Schema
banned_period
optional		 Block duration(seconds), range in (10-600). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = monitor, 2 = rate limit, 3 = block. integer
session_per_second
optional		 Idle connections per second,range in (5-1000). integer

total_connection_rate

Name Description Schema
is_enabled
optional		 Enable status. Values: 0 = off, 1 = monitor, 2 = rate limit. integer
session_per_second
optional		 Total Connection per second,range in (100 - 4294967295). integer

slow_attack

Name Description Schema
block_duration
optional		 Block duration (seconds), range in (1-86400). integer
body
optional		 HTTP Slow Body Module configuration. body
header
optional		 HTTP Slow Header Module configuration. header
session_threshold
optional		 New Session per minute,range in (1-65535). integer

body

Name Description Schema
calc_avg_packet
optional		 Number of TCP packets to carry a single HTTP request,range in (3-20). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = on. integer
min_avg_length
optional		 Smallest allowed TCP packet size of a splited HTTP request,range in (1-1500). integer
timeout_interval
optional		 Time interval between two packets (milliseconds),range in (1000-10000). integer

header

Name Description Schema
is_enabled
optional		 Enable status. Values: 0 = off, 1 = on. integer
packet_size
optional		 Packet length(bytes),range in (64-1500). integer

QuicFilter

QUIC Filter configuration.

Name Description Schema
filter_description
optional		 Filter description, length 0-100 characters. string
filter_id
optional		 Filter Profile ID. string
filter_name
optional		 Filter name,contain only letters, digits, underscore and hyphen, length 1-40 characters. string
filter_port
optional		 TCP Port list. < integer > array
is_enabled
optional		 Enable status. Values: 0 = off, 1 = on. integer
malformed
optional		 QUIC Malformed Packet Detection configuration. malformed
protect
optional		 QUIC Session Protection configuration. protect
traffic_rate_limit
optional		 QUIC Ratelimit Module configuration traffic_rate_limit

malformed

Name Description Schema
handshake_min_len
optional		 Minimum length (bytes) for handshake packets, range in (12-65535). integer
initial_min_len
optional		 Minimum length (bytes) for initial packets, range in (1200-65535). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = drop. integer
support_version
optional		 Supported QUIC versions:[‘v1’, ‘v2’, ‘draft27’,‘draft28’,‘draft29’,‘draft30’,‘draft31’,‘draft32’,‘draft33’,‘draft34’] < string > array
version_negotiation_min_len
optional		 Minimum length (bytes) for version negotiation packets, range in (12-65535). integer
zero_rtt_min_len
optional		 Minimum length (bytes) for 0-RTT packets, range in (12-65535). integer

protect

Name Description Schema
0rtt_replay_attack_protection
optional		 0-RTT replay attack protection configuration 0rtt_replay_attack_protection
authentication
optional		 Authentication configuration. authentication
five_tuple_session
optional		 Ratelimit (Per Session) Module configuration. five_tuple_session
is_enabled
optional		 Enable status. Values: 0 = off, 1 = on. integer
new_session_limit
optional		 Session (Per source IP) Module configuration. new_session_limit

0rtt_replay_attack_protection

Name Description Schema
block_duration
optional		 Block duration (seconds), range in (1-300). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = rate limit, 2 = block. integer
packet_per_second
optional		 Packets per second threshold, range in (1-65535). integer

authentication

Name Description Schema
mode
optional		 Authentication mode. Values: 0 = ‘Retransmission’, 1 = ‘Retry + Token’. integer
session_scope
optional		 Session scope. 0 means ‘New Session Only’, 1 means ‘New andExisting Session’. integer

five_tuple_session

Name Description Schema
check_time
optional		 Session check interval (seconds), range in (20-40). integer
idle_session_timeout
optional		 Idle session timeout (seconds), range in (60-600). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = low level, 2 = medium level, 3 = high level. integer

new_session_limit

Name Description Schema
action_duration
optional		 Block duration (seconds), range in (1-300). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = on. integer
max_new_session
optional		 Maximum new sessions per time range, range in (1-65535). integer
max_new_session_time_range
optional		 Time range (seconds), range in (1-65535). integer

traffic_rate_limit

Name Description Schema
bandwidth
optional		 Bandwidth limit (Mbps), range in (1-4095). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = on. integer
packets
optional		 Packet rate limit (pps), range in (1-1000000). integer

Result

The returned result.

Name Description Schema
code
optional		 Numeric error code; 0 indicates success. integer
msg
optional		 Human-readable error or status message. string
result
optional		 Result data. object

SipFilter

SIP Filter configuration.

Name Description Schema
connection_protect
optional		 SIP Connection protection configuration. connection_protect
filter_description
optional		 Filter description, length 0-100 characters. string
filter_id
optional		 Filter Profile ID. string
filter_name
optional		 Filter name,contain only letters, digits, underscore and hyphen, length 1-40 characters. string
filter_tcp_port
optional		 TCP Port list. < integer > array
filter_udp_port
optional		 UDP Port list. < integer > array
invite
optional		 SIP INVITE message configuration invite
is_enabled
optional		 Enable status. Values: 0 = off, 1 = on. integer
malformed_is_enabled
optional		 SIP Malformed enable status. Values: 0 = off, 1 = drop. integer
register
optional		 SIP REGISTER Requst message configuration register
retransmission_is_enabled
optional		 UDP Retransmission Authentication enable status. Values: 0 = off, 1 = drop. integer

connection_protect

Name Description Schema
is_enabled
optional		 Enable status. Values: 0 = off, 1 = on. integer
src_ip_avg_window_size_threshold
optional		 Source IP average window size threshold. src_ip_avg_window_size_threshold
src_ip_connection_rate
optional		 Source IP connection rate limiting src_ip_connection_rate
src_ip_half_open_rate
optional		 Source IP half-open connection rate limiting. src_ip_half_open_rate
src_ip_idle_connection_rate
optional		 Source IP idle connection rate limiting. src_ip_idle_connection_rate
total_connection_rate
optional		 Total connection rate limiting. total_connection_rate

src_ip_avg_window_size_threshold

Name Description Schema
banned_period
optional		 Block duration (seconds), range in (10-60). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = monitor, 2 = block. integer
session_per_second
optional		 Sessions per second,range in (1-65535). integer

src_ip_connection_rate

Name Description Schema
banned_period
optional		 Block duration (seconds), range in (10-600). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = monitor, 2 = rate limit, 3 = block. integer
session_per_second
optional		 New connections per second,range in (5-1000). integer

src_ip_half_open_rate

Name Description Schema
banned_period
optional		 Block duration (seconds), range in (10-600). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = monitor, 2 = rate limit, 3 = block. integer
session_per_second
optional		 Half-open connections per second,range in (5-1000). integer

src_ip_idle_connection_rate

Name Description Schema
banned_period
optional		 Block duration (seconds), range in (10-600). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = monitor, 2 = rate limit, 3 = block. integer
session_per_second
optional		 Idle connections per second,range in (5-1000). integer

total_connection_rate

Name Description Schema
is_enabled
optional		 Enable status. Values: 0 = off, 1 = monitor, 2 = rate limit. integer
session_per_second
optional		 Sessions per second,range in (100-4294967295). integer

invite

Name Description Schema
is_enabled
optional		 Enable status. Values: 0 = off, 1 = rate limit. integer
tcp
optional		 TCP message size limit, range in (1-1000000). integer
udp
optional		 UDP message size limit, range in (1-1000000). integer

register

Name Description Schema
is_enabled
optional		 Enable status. Values: 0 = off, 1 = rate limit. integer
tcp
optional		 TCP message size limit, range in (1-1000000). integer
udp
optional		 UDP message size limit, range in (1-1000000). integer

TlsFilter

SSL/TLS Filter configuration.

Name Description Schema
connection_protect
optional		 Connection protection configuration. connection_protect
filter_description
optional		 Filter description, length 0-100 characters. string
filter_id
optional		 Filter Profile ID. string
filter_name
optional		 Filter name,contain only letters, digits, underscore and hyphen, length 1-40 characters. string
filter_port
optional		 TCP Port list < integer > array
is_enabled
optional		 Enable status. Values: 0 = off, 1 = on. integer
malformed
optional		 SSL/TLS Malformed Packet Detection configuration. malformed
renegotiation
optional		 SSL/TLS Renegotiation configuration. renegotiation
session
optional		 SSL/TLS Session configuration. session
traffic_shaping
optional		 SSL/TLS Ratelimit (Per Profile) configuration. traffic_shaping

connection_protect

Name Description Schema
is_enabled
optional		 Connection protection enable status. Values: 0 = off, 1 = on. integer
src_ip_avg_window_size_threshold
optional		 Source IP average window size threshold. src_ip_avg_window_size_threshold
src_ip_connection_rate
optional		 Source IP connection rate limiting. src_ip_connection_rate
src_ip_half_open_rate
optional		 Source IP half-open connection rate limiting. src_ip_half_open_rate
src_ip_idle_connection_rate
optional		 Source IP idle connection rate limiting. src_ip_idle_connection_rate
total_connection_rate
optional		 Total connection rate limiting. total_connection_rate

src_ip_avg_window_size_threshold

Name Description Schema
banned_period
optional		 Ban duration (seconds), range in (10-60). integer
is_enabled
optional		 Source IP average window size threshold enable status. Values: 0 = off, 1 = monitor, 2 = block. integer
session_per_second
optional		 Sessions per second,range in (1-65535). integer

src_ip_connection_rate

Name Description Schema
banned_period
optional		 Ban duration (seconds), range in (10-600). integer
is_enabled
optional		 Source IP connection rate limiting enable status. Values: 0 = off, 1 = on. integer
session_per_second
optional		 Sessions per second,range in (5-1000). integer

src_ip_half_open_rate

Name Description Schema
banned_period
optional		 Ban duration (seconds), range in (10-600). integer
is_enabled
optional		 Source IP half-open connection rate limiting enable status. Values: 0 = off, 1 = monitor, 2 = rate limit, 3 = block. integer
session_per_second
optional		 Sessions per second,range in (5-1000). integer

src_ip_idle_connection_rate

Name Description Schema
banned_period
optional		 Ban duration (seconds), range in (10-600). integer
is_enabled
optional		 Source IP idle connection rate limiting enable status. Values: 0 = off, 1 = monitor, 2 = rate limit, 3 = block. integer
session_per_second
optional		 Sessions per second,range in (5-1000). integer

total_connection_rate

Name Description Schema
is_enabled
optional		 Total connection rate limiting enable status. Values: 0 = off, 1 = monitor, 2 = rate limit. integer
session_per_second
optional		 Sessions per second,range in (100-4294967295). integer

malformed

Name Description Schema
clienthello_length_limit_non_v_1_3
optional		 ClientHello length (bytes) limit for non-TLS 1.3, range in (64-1400). integer
clienthello_length_limit_v_1_3
optional		 ClientHello length (bytes) limit for TLS 1.3, range in (64-1400). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = on. integer

renegotiation

Name Description Schema
blocklist_duration
optional		 Blocklist duration (seconds), range in (1-65535). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = drop. integer

session

Name Description Schema
build_banned_period
optional		 Block duration (seconds), range in (1-300). integer
build_threshold
optional		 New session per second, range in (1-65535). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = block. integer

traffic_shaping

Name Description Schema
non_tls
optional		 Ratelimit for non TLS1.2 and TLS1.3 traffic. non_tls
tls
optional		 Ratelimit for TLS1.2 and TLS1.3 traffic. tls

non_tls

Name Description Schema
bandwidth
optional		 Bandwidth limit (Mbps), range in (1-4095). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = on. integer
packet
optional		 Packet rate limit (pps), range in (1-1000000). integer

tls

Name Description Schema
bandwidth
optional		 Bandwidth limit (Mbps), range in (1-4095). integer
is_enabled
optional		 Enable status. Values: 0 = off, 1 = on. integer
packet
optional		 Packet rate limit (pps), range in (1-1000000). integer

Security

ApiKeyAuth

Type : apiKey
Name : access_token
In : QUERY