Avi SecurityPolicy Object API
CLI ``` - configure securitypolicy - show securitypolicy ```
Version: 22.1.5
BasePath:/api
All rights reserved
http://apache.org/licenses/LICENSE-2.0.html
Access
- HTTP Basic Authentication
[ Jump to Models ]
Table of Contents
get /securitypolicy
post /securitypolicy
delete /securitypolicy/{uuid}
get /securitypolicy/{uuid}
patch /securitypolicy/{uuid}
put /securitypolicy/{uuid}
(securitypolicyGet)
Consumes
This API call consumes the following media types via the
Content-Type request header:
Query parameters
name (optional)
Query Parameter — object name
refers_to (optional)
Query Parameter — Filter to request all objects that refers to another Avi resource. Its syntax is refers_to=<obj_type>:<obj_uuid>. Eg. get all virtual services referring to pool p1 will be refers_to=pool:pool_p1_uuid
referred_by (optional)
Query Parameter — Filter to request all objects that are referred by another Avi resource. Its syntax is referred_by=<obj_type>:<obj_uuid>. Eg. get all pools referred_by virtual service vs1 - referred_by=virtualservice:vs_vs1_uuid
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.
Return type
Example data
Content-Type: application/json
{
"next" : "aeiou",
"count" : 123,
"results" : [ {
"network_security_policy_index" : 123,
"dns_attacks" : {
"attacks" : [ {
"mitigation_action" : {
"deny" : true
},
"threshold" : 123456789,
"attack_vector" : "aeiou",
"enabled" : true,
"max_mitigation_age" : 123
} ],
"oper_mode" : "aeiou"
},
"description" : "aeiou",
"dns_policy_index" : 123,
"uuid" : "aeiou",
"url" : "aeiou",
"_last_modified" : "aeiou",
"oper_mode" : "aeiou",
"tenant_ref" : "aeiou",
"name" : "aeiou",
"configpb_attributes" : {
"version" : 123
},
"dns_amplification_denyports" : {
"match_criteria" : "aeiou",
"ranges" : [ {
"start" : 123,
"end" : 123
} ],
"ports" : [ "" ]
},
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ]
} ]
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
SecurityPolicyApiResponse
401
log in failed
(securitypolicyPost)
Consumes
This API call consumes the following media types via the
Content-Type request header:
Request body
body (required)
Body Parameter — SecurityPolicy object creation
Return type
Example data
Content-Type: application/json
{
"network_security_policy_index" : 123,
"dns_attacks" : {
"attacks" : [ {
"mitigation_action" : {
"deny" : true
},
"threshold" : 123456789,
"attack_vector" : "aeiou",
"enabled" : true,
"max_mitigation_age" : 123
} ],
"oper_mode" : "aeiou"
},
"description" : "aeiou",
"dns_policy_index" : 123,
"uuid" : "aeiou",
"url" : "aeiou",
"_last_modified" : "aeiou",
"oper_mode" : "aeiou",
"tenant_ref" : "aeiou",
"name" : "aeiou",
"configpb_attributes" : {
"version" : 123
},
"dns_amplification_denyports" : {
"match_criteria" : "aeiou",
"ranges" : [ {
"start" : 123,
"end" : 123
} ],
"ports" : [ "" ]
},
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ]
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
SecurityPolicy
401
log in failed
Up
delete /securitypolicy/{uuid}
(securitypolicyUuidDelete)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Query parameters
name (optional)
Query Parameter — object name
Return type
String
Example data
Content-Type: application/json
"aeiou"
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
204
object deleted
String
404
not found
Up
get /securitypolicy/{uuid}
(securitypolicyUuidGet)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Query parameters
name (optional)
Query Parameter — object name
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.
Return type
Example data
Content-Type: application/json
{
"network_security_policy_index" : 123,
"dns_attacks" : {
"attacks" : [ {
"mitigation_action" : {
"deny" : true
},
"threshold" : 123456789,
"attack_vector" : "aeiou",
"enabled" : true,
"max_mitigation_age" : 123
} ],
"oper_mode" : "aeiou"
},
"description" : "aeiou",
"dns_policy_index" : 123,
"uuid" : "aeiou",
"url" : "aeiou",
"_last_modified" : "aeiou",
"oper_mode" : "aeiou",
"tenant_ref" : "aeiou",
"name" : "aeiou",
"configpb_attributes" : {
"version" : 123
},
"dns_amplification_denyports" : {
"match_criteria" : "aeiou",
"ranges" : [ {
"start" : 123,
"end" : 123
} ],
"ports" : [ "" ]
},
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ]
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
SecurityPolicy
401
log in failed
Up
patch /securitypolicy/{uuid}
(securitypolicyUuidPatch)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Request body
body (required)
Body Parameter — SecurityPolicy object creation
Query parameters
name (optional)
Query Parameter — object name
Return type
Example data
Content-Type: application/json
{
"network_security_policy_index" : 123,
"dns_attacks" : {
"attacks" : [ {
"mitigation_action" : {
"deny" : true
},
"threshold" : 123456789,
"attack_vector" : "aeiou",
"enabled" : true,
"max_mitigation_age" : 123
} ],
"oper_mode" : "aeiou"
},
"description" : "aeiou",
"dns_policy_index" : 123,
"uuid" : "aeiou",
"url" : "aeiou",
"_last_modified" : "aeiou",
"oper_mode" : "aeiou",
"tenant_ref" : "aeiou",
"name" : "aeiou",
"configpb_attributes" : {
"version" : 123
},
"dns_amplification_denyports" : {
"match_criteria" : "aeiou",
"ranges" : [ {
"start" : 123,
"end" : 123
} ],
"ports" : [ "" ]
},
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ]
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
SecurityPolicy
401
log in failed
Up
put /securitypolicy/{uuid}
(securitypolicyUuidPut)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Request body
body (required)
Body Parameter — SecurityPolicy object creation
Query parameters
name (optional)
Query Parameter — object name
Return type
Example data
Content-Type: application/json
{
"network_security_policy_index" : 123,
"dns_attacks" : {
"attacks" : [ {
"mitigation_action" : {
"deny" : true
},
"threshold" : 123456789,
"attack_vector" : "aeiou",
"enabled" : true,
"max_mitigation_age" : 123
} ],
"oper_mode" : "aeiou"
},
"description" : "aeiou",
"dns_policy_index" : 123,
"uuid" : "aeiou",
"url" : "aeiou",
"_last_modified" : "aeiou",
"oper_mode" : "aeiou",
"tenant_ref" : "aeiou",
"name" : "aeiou",
"configpb_attributes" : {
"version" : 123
},
"dns_amplification_denyports" : {
"match_criteria" : "aeiou",
"ranges" : [ {
"start" : 123,
"end" : 123
} ],
"ports" : [ "" ]
},
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ]
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
SecurityPolicy
401
log in failed
[ Jump to Methods ]
Table of Contents
AttackMitigationAction
ConfigPbAttributes
DnsAttack
DnsAttacks
KeyValue
PortMatchGeneric
PortRange
RoleFilterMatchLabel
SecurityPolicy
SecurityPolicyApiResponse
deny (optional)
Boolean Deny the attack packets further processing and drop them. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
version (optional)
Integer Protobuf version number. Gets incremented if there is se Diff of federated diff in config pbs.This field will be a monotonically increasing number indicating the number of Config Update operations. Field introduced in 21.1.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition. format: int32
attack_vector
String The DNS attack vector. Enum options - DNS_REFLECTION, DNS_NXDOMAIN, DNS_AMPLIFICATION_EGRESS. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
enabled (optional)
Boolean Enable or disable the mitigation of the attack vector. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
max_mitigation_age (optional)
Integer Time in minutes after which mitigation will be deactivated. Allowed values are 1-4294967295. Special values are 0- blocked for ever. Field introduced in 18.2.1. Unit is MIN. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
mitigation_action (optional)
AttackMitigationAction Mitigation action to perform for this DNS attack vector. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
threshold (optional)
Long Threshold, in terms of DNS packet per second, for the DNS attack vector. Field introduced in 18.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int64
attacks (optional)
array[DnsAttack] Mode of dealing with the attacks - perform detection only, or detect and mitigate the attacks. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
oper_mode (optional)
String Mode of dealing with the attacks - perform detection only, or detect and mitigate the attacks. Enum options - DETECTION, MITIGATION. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
key
String Key. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
value (optional)
String Value. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
match_criteria
String Criterion to use for src/dest port in a TCP/UDP packet. Enum options - IS_IN, IS_NOT_IN. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
ports (optional)
array[Integer] Listening TCP port(s). Allowed values are 1-65535. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
ranges (optional)
array[PortRange] A port range defined by a start and end, including both. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
end
Integer TCP/UDP port range end (inclusive). Allowed values are 1-65535. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
start
Integer TCP/UDP port range start (inclusive). Allowed values are 1-65535. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
key
String Key for filter match. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
values (optional)
array[String] Values for filter match. Multiple values will be evaluated as OR. Example key = value1 OR key = value2. Behavior for match is key = * if this field is empty. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
_last_modified (optional)
String UNIX time since epoch in microseconds. Units(MICROSECONDS).
configpb_attributes (optional)
ConfigPbAttributes Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.
description (optional)
String Security policy is used to specify various configuration information used to perform Distributed Denial of Service (DDoS) attacks detection and mitigation. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
dns_amplification_denyports (optional)
PortMatchGeneric Source ports and port ranges to deny in DNS Amplification attacks. Field introduced in 21.1.1. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
dns_attacks (optional)
DnsAttacks Attacks utilizing the DNS protocol operations. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
dns_policy_index
Integer Index of the dns policy to use for the mitigation rules applied to the dns attacks. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
markers (optional)
array[RoleFilterMatchLabel] List of labels to be used for granular RBAC. Field introduced in 20.1.5. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.
name
String The name of the security policy. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
network_security_policy_index
Integer Index of the network security policy to use for the mitigation rules applied to the attacks. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
oper_mode (optional)
String Mode of dealing with the attacks - perform detection only, or detect and mitigate the attacks. Enum options - DETECTION, MITIGATION. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
tenant_ref (optional)
String Tenancy of the security policy. It is a reference to an object of type Tenant. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
url (optional)
uuid (optional)
String The UUID of the security policy. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
count
results
next (optional)