-
Notifications
You must be signed in to change notification settings - Fork 6
/
config_virtual_server.go
1051 lines (851 loc) · 45.6 KB
/
config_virtual_server.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
// Copyright (C) 2018-2022, Pulse Secure, LLC.
// Licensed under the terms of the MPL 2.0. See LICENSE file for details.
// Go library for Pulse Virtual Traffic Manager REST version 6.1.
package vtm
import (
"encoding/json"
)
type VirtualServer struct {
connector *vtmConnector
VirtualServerProperties `json:"properties"`
}
func (vtm VirtualTrafficManager) GetVirtualServer(name string) (*VirtualServer, *vtmErrorResponse) {
if name == "" {
panic("Provided an empty \"name\" parameter to VirtualTrafficManager.GetVirtualServer(name)")
}
conn := vtm.connector.getChildConnector("/tm/6.1/config/active/virtual_servers/" + name)
data, ok := conn.get()
if ok != true {
object := new(vtmErrorResponse)
json.NewDecoder(data).Decode(object)
return nil, object
}
object := new(VirtualServer)
object.connector = conn
if err := json.NewDecoder(data).Decode(object); err != nil {
panic(err)
}
return object, nil
}
func (object VirtualServer) Apply() (*VirtualServer, *vtmErrorResponse) {
marshalled, err := json.Marshal(object)
if err != nil {
panic(err)
}
data, ok := object.connector.put(string(marshalled), STANDARD_OBJ)
if ok != true {
object := new(vtmErrorResponse)
json.NewDecoder(data).Decode(object)
return nil, object
}
if err := json.NewDecoder(data).Decode(&object); err != nil {
panic(err)
}
return &object, nil
}
func (vtm VirtualTrafficManager) NewVirtualServer(name string, pool string, port int) *VirtualServer {
object := new(VirtualServer)
object.Basic.Pool = &pool
object.Basic.Port = &port
conn := vtm.connector.getChildConnector("/tm/6.1/config/active/virtual_servers/" + name)
object.connector = conn
return object
}
func (vtm VirtualTrafficManager) DeleteVirtualServer(name string) *vtmErrorResponse {
conn := vtm.connector.getChildConnector("/tm/6.1/config/active/virtual_servers/" + name)
data, ok := conn.delete()
if ok != true {
object := new(vtmErrorResponse)
json.NewDecoder(data).Decode(object)
return object
}
return nil
}
func (vtm VirtualTrafficManager) ListVirtualServers() (*[]string, *vtmErrorResponse) {
conn := vtm.connector.getChildConnector("/tm/6.1/config/active/virtual_servers")
data, ok := conn.get()
if ok != true {
object := new(vtmErrorResponse)
json.NewDecoder(data).Decode(object)
return nil, object
}
objectList := new(vtmObjectChildren)
if err := json.NewDecoder(data).Decode(objectList); err != nil {
panic(err)
}
var stringList []string
for _, obj := range objectList.Children {
stringList = append(stringList, obj.Name)
}
return &stringList, nil
}
type VirtualServerProperties struct {
Aptimizer struct {
// Whether the virtual server should optimize web content.
Enabled *bool `json:"enabled,omitempty"`
// A table of Aptimizer profiles and the application scopes that
// apply to them.
Profile *VirtualServerProfileTable `json:"profile,omitempty"`
} `json:"aptimizer"`
Auth struct {
// Name of the Trusted Identity Provider configuration to use. To
// create Identity Providers, please visit section <a href="?section=SAML%3aTrusted%20Identity%20Providers">Trusted
// Identity Providers</a>
SamlIdp *string `json:"saml_idp,omitempty"`
// The NameID format to request and expect from the identity provider.
SamlNameidFormat *string `json:"saml_nameid_format,omitempty"`
// The 'Assertion Consumer Service' endpoint for the SAML service
// provider on this virtual server, ie the endpoint to which the
// identity provider will cause the user agent to send SAML assertions.
// This should be an HTTPS URL, must be in the same cookie domain
// as all hostnames used by the end user to access the virtual server
// (see cookie configuration) and the port must be the port on which
// this virtual server is listening. It must match the URI placed
// by the identity provider in the 'Recipient' attribute in the
// SAML assertion, if present.
SamlSpAcsUrl *string `json:"saml_sp_acs_url,omitempty"`
// The entity ID to be used by the SAML service provider function
// on this virtual server. This should usually be a URL, or a URN,
// however it may be any string. It must match the entity ID placed
// by the identity provider in the 'Audience' field in the SAML
// assertion.
SamlSpEntityId *string `json:"saml_sp_entity_id,omitempty"`
// Time tolerance on authentication checks. When checking time-stamps
// and expiry dates against the current time on the system, allow
// a tolerance of this many seconds. For example, if a SAML response
// contains a 'NotOnOrAfter' that is 4 seconds in the past according
// to the local time, and the tolerance is set to 5 seconds, it
// will still be accepted. This is to prevent a lack of clock synchronization
// from resulting in rejection of SAML responses.
SamlTimeTolerance *int `json:"saml_time_tolerance,omitempty"`
// Attributes of cookie used for authentication session.
SessionCookieAttributes *string `json:"session_cookie_attributes,omitempty"`
// Name of cookie used for authentication session.
SessionCookieName *string `json:"session_cookie_name,omitempty"`
// Whether or not to include state of authentication sessions stored
// encrypted on the client as plaintext in the logs.
SessionLogExternalState *bool `json:"session_log_external_state,omitempty"`
// Timeout on authentication session.
SessionTimeout *int `json:"session_timeout,omitempty"`
// Type of authentication to apply to requests to the virtual server.
Type *string `json:"type,omitempty"`
// Whether or not detailed messages about virtual server authentication
// should be written to the error log.
Verbose *bool `json:"verbose,omitempty"`
} `json:"auth"`
Basic struct {
// The bandwidth management class that this server should use, if
// any.
BandwidthClass *string `json:"bandwidth_class,omitempty"`
// Rules that are run at the end of a transaction, in order, comma
// separated.
CompletionRules *[]string `json:"completion_rules,omitempty"`
// The time, in seconds, for which an established connection can
// remain idle waiting for some initial data to be received from
// the client. The initial data is defined as a complete set of
// request headers for HTTP, SIP and RTSP services, or the first
// byte of data for all other services. A value of "0" will disable
// the timeout.
ConnectTimeout *int `json:"connect_timeout,omitempty"`
// Whether the virtual server is enabled.
Enabled *bool `json:"enabled,omitempty"`
// The associated GLB services for this DNS virtual server.
GlbServices *[]string `json:"glb_services,omitempty"`
// Whether to listen on all IP addresses
ListenOnAny *bool `json:"listen_on_any,omitempty"`
// Hostnames and IP addresses to listen on
ListenOnHosts *[]string `json:"listen_on_hosts,omitempty"`
// Traffic IP Groups to listen on
ListenOnTrafficIps *[]string `json:"listen_on_traffic_ips,omitempty"`
// The maximum number of concurrent TCP connections that will be
// handled by this virtual server. If set to a non-zero value, the
// traffic manager will limit the number of concurrent TCP connections
// that this virtual server will accept to the value specified.
// When the limit is reached, new connections to this virtual server
// will not be accepted. If set to "0" the number of concurrent
// TCP connections will not be limited.
MaxConcurrentConnections *int `json:"max_concurrent_connections,omitempty"`
// A description for the virtual server.
Note *string `json:"note,omitempty"`
// The default pool to use for traffic.
Pool *string `json:"pool,omitempty"`
// The port on which to listen for incoming connections.
Port *int `json:"port,omitempty"`
// The service protection class that should be used to protect this
// server, if any.
ProtectionClass *string `json:"protection_class,omitempty"`
// The protocol that the virtual server is using.
Protocol *string `json:"protocol,omitempty"`
// Expect connections to the traffic manager to be prefixed with
// a PROXY protocol header. If enabled, the information contained
// in the PROXY header will be available in TrafficScript. Connections
// that are not prefixed with a valid PROXY protocol header will
// be discarded.
ProxyProtocol *bool `json:"proxy_protocol,omitempty"`
// Connections which do not include a PROXY protocol header are
// not rejected, but are treated as ordinary non-PROXY protocol
// connections.
ProxyProtocolOptional *bool `json:"proxy_protocol_optional,omitempty"`
// Rules to be applied to incoming requests, in order, comma separated.
RequestRules *[]string `json:"request_rules,omitempty"`
// Rules to be applied to responses, in order, comma separated.
ResponseRules *[]string `json:"response_rules,omitempty"`
// Only applicable for Client First Generic Protocol. Allows Virtual
// Traffic Manager to execute rules on a client connects without
// waiting for data from the client.
RulesOnConnect *bool `json:"rules_on_connect,omitempty"`
// The service level monitoring class that this server should use,
// if any.
SlmClass *string `json:"slm_class,omitempty"`
// Whether or not the virtual server should decrypt incoming SSL
// traffic.
SslDecrypt *bool `json:"ssl_decrypt,omitempty"`
// Whether or not bound sockets should be configured for transparent
// proxying.
Transparent *bool `json:"transparent,omitempty"`
} `json:"basic"`
Connection struct {
// Whether or not the virtual server should use keepalive connections
// with the remote clients.
Keepalive *bool `json:"keepalive,omitempty"`
// The length of time that the virtual server should keep an idle
// keepalive connection before discarding it. A value of "0" (zero)
// will mean that the keepalives are never closed by the traffic
// manager.
KeepaliveTimeout *int `json:"keepalive_timeout,omitempty"`
// The amount of memory, in bytes, that the virtual server should
// use to store data sent by the client. Larger values will use
// more memory, but will minimise the number of "read()" and "write()"
// system calls that the traffic manager must perform.
MaxClientBuffer *int `json:"max_client_buffer,omitempty"`
// The amount of memory, in bytes, that the virtual server should
// use to store data returned by the server. Larger values will
// use more memory, but will minimise the number of "read()" and
// "write()" system calls that the traffic manager must perform.
MaxServerBuffer *int `json:"max_server_buffer,omitempty"`
// The total amount of time a transaction can take, counted from
// the first byte being received until the transaction is complete.
// For HTTP, this can mean all data has been written in both directions,
// or the connection has been closed; in most other cases it is
// the same as the connection being closed.<br> The default value
// of "0" means there is no maximum duration, i.e., transactions
// can take arbitrarily long if none of the other timeouts occur.
MaxTransactionDuration *int `json:"max_transaction_duration,omitempty"`
// If specified, the traffic manager will use the value as the banner
// to send for server-first protocols such as FTP, POP, SMTP and
// IMAP. This allows rules to use the first part of the client data
// (such as the username) to select a pool. The banner should be
// in the correct format for the protocol, e.g. for FTP it should
// start with "220 "
ServerFirstBanner *string `json:"server_first_banner,omitempty"`
// A connection should be closed if no additional data has been
// received for this period of time. A value of "0" (zero) will
// disable this timeout.
Timeout *int `json:"timeout,omitempty"`
} `json:"connection"`
ConnectionErrors struct {
// The error message to be sent to the client when the traffic manager
// detects an internal or backend error for the virtual server.
ErrorFile *string `json:"error_file,omitempty"`
} `json:"connection_errors"`
Cookie struct {
// The way in which the traffic manager should rewrite the domain
// portion of any cookies set by a back-end web server.
Domain *string `json:"domain,omitempty"`
// The domain to use when rewriting a cookie's domain to a named
// value.
NewDomain *string `json:"new_domain,omitempty"`
// If you wish to rewrite the path portion of any cookies set by
// a back-end web server, provide a regular expression to match
// the path:
PathRegex *string `json:"path_regex,omitempty"`
// If cookie path regular expression matches, it will be replaced
// by this substitution. Parameters $1-$9 can be used to represent
// bracketed parts of the regular expression.
PathReplace *string `json:"path_replace,omitempty"`
// Whether or not the traffic manager should modify the "secure"
// tag of any cookies set by a back-end web server.
Secure *string `json:"secure,omitempty"`
} `json:"cookie"`
Dns struct {
// Enable/Disable use of EDNS client subnet option
EdnsClientSubnet *bool `json:"edns_client_subnet,omitempty"`
// EDNS UDP size advertised in responses.
EdnsUdpsize *int `json:"edns_udpsize,omitempty"`
// Maximum UDP answer size.
MaxUdpsize *int `json:"max_udpsize,omitempty"`
// Response record ordering.
RrsetOrder *string `json:"rrset_order,omitempty"`
// Whether or not the DNS Server should emit verbose logging. This
// is useful for diagnosing problems.
Verbose *bool `json:"verbose,omitempty"`
// The DNS zones
Zones *[]string `json:"zones,omitempty"`
} `json:"dns"`
Ftp struct {
// The source port to be used for active-mode FTP data connections.
// If 0, a random high port will be used, otherwise the specified
// port will be used. If a port below 1024 is required you must
// first explicitly permit use of low ports with the "data_bind_low"
// global setting.
DataSourcePort *int `json:"data_source_port,omitempty"`
// Whether or not the virtual server should require that incoming
// FTP data connections from the client originate from the same
// IP address as the corresponding client control connection.
ForceClientSecure *bool `json:"force_client_secure,omitempty"`
// Whether or not the virtual server should require that incoming
// FTP data connections from the nodes originate from the same IP
// address as the node.
ForceServerSecure *bool `json:"force_server_secure,omitempty"`
// If non-zero, then this controls the upper bound of the port range
// to use for FTP data connections.
PortRangeHigh *int `json:"port_range_high,omitempty"`
// If non-zero, then this controls the lower bound of the port range
// to use for FTP data connections.
PortRangeLow *int `json:"port_range_low,omitempty"`
// Use SSL on the data connection as well as the control connection
// (if not enabled it is left to the client and server to negotiate
// this).
SslData *bool `json:"ssl_data,omitempty"`
} `json:"ftp"`
Gzip struct {
// Use HTTP chunking to deliver data to the client. If this is turned
// off, we won't use chunking when gzipping server data. This would
// mean that the response couldn't be kept-alive.
Chunk *bool `json:"chunk,omitempty"`
// Compression level (1-9, 1=low, 9=high).
CompressLevel *int `json:"compress_level,omitempty"`
// Compress web pages sent back by the server.
Enabled *bool `json:"enabled,omitempty"`
// How the ETag header should be manipulated when compressing content.
EtagRewrite *string `json:"etag_rewrite,omitempty"`
// MIME types to compress. Complete MIME types can be used, or a
// type can end in a '*' to match multiple types.
IncludeMime *[]string `json:"include_mime,omitempty"`
// Maximum document size to compress (0 means unlimited).
MaxSize *int `json:"max_size,omitempty"`
// Minimum document size to compress.
MinSize *int `json:"min_size,omitempty"`
// Compress documents with no given size.
NoSize *bool `json:"no_size,omitempty"`
} `json:"gzip"`
Http struct {
// Whether or not the virtual server should add an "X-Cluster-Client-Ip"
// header to the request that contains the remote client's IP address.
AddClusterIp *bool `json:"add_cluster_ip,omitempty"`
// Whether or not the virtual server should append the remote client's
// IP address to the X-Forwarded-For header. If the header does
// not exist, it will be added.
AddXForwardedFor *bool `json:"add_x_forwarded_for,omitempty"`
// Whether or not the virtual server should add an "X-Forwarded-Proto"
// header to the request that contains the original protocol used
// by the client to connect to the traffic manager.
AddXForwardedProto *bool `json:"add_x_forwarded_proto,omitempty"`
// A case-insensitive list of HTTP "Upgrade" header values that
// will trigger the HTTP connection upgrade auto-detection.
AutoUpgradeProtocols *[]string `json:"auto_upgrade_protocols,omitempty"`
// Whether the traffic manager should check for HTTP responses that
// confirm an HTTP connection is transitioning to the WebSockets
// protocol. If that such a response is detected, the traffic manager
// will cease any protocol-specific processing on the connection
// and just pass incoming data to the client/server as appropriate.
AutodetectUpgradeHeaders *bool `json:"autodetect_upgrade_headers,omitempty"`
// Handling of HTTP chunk overhead. When vTM receives data from
// a server or client that consists purely of protocol overhead
// (contains no payload), forwarding of such segments is delayed
// until useful payload data arrives (setting "lazy"). Changing
// this key to "eager" will make vTM incur the overhead of immediately
// passing such data on; it should only be used with HTTP peers
// whose chunk handling requires it.
ChunkOverheadForwarding *string `json:"chunk_overhead_forwarding,omitempty"`
// If the 'Location' header matches this regular expression, rewrite
// the header using the 'location_replace' pattern.
LocationRegex *string `json:"location_regex,omitempty"`
// If the 'Location' header matches the 'location_regex' regular
// expression, rewrite the header with this pattern (parameters
// such as $1-$9 can be used to match parts of the regular expression):
LocationReplace *string `json:"location_replace,omitempty"`
// The action the virtual server should take if the "Location" header
// does not match the "location_regex" regular expression.
LocationRewrite *string `json:"location_rewrite,omitempty"`
// Auto-correct MIME types if the server sends the "default" MIME
// type for files.
MimeDefault *string `json:"mime_default,omitempty"`
// Auto-detect MIME types if the server does not provide them.
MimeDetect *bool `json:"mime_detect,omitempty"`
// Whether or not the virtual server should strip the 'X-Forwarded-Proto'
// header from incoming requests.
StripXForwardedProto *bool `json:"strip_x_forwarded_proto,omitempty"`
} `json:"http"`
Http2 struct {
// The time, in seconds, to wait for a request on a new HTTP/2 connection.
// If no request is received within this time, the connection will
// be closed. This setting overrides the "connect_timeout" setting.
// If set to "0" (zero), the value of "connect_timeout" will be
// used instead.
ConnectTimeout *int `json:"connect_timeout,omitempty"`
// This setting controls the preferred frame size used when sending
// body data to the client. If the client specifies a smaller maximum
// size than this setting, the client's maximum size will be used.
// Every data frame sent has at least a 9-byte header, in addition
// to this frame size, prepended to it.
DataFrameSize *int `json:"data_frame_size,omitempty"`
// This setting allows the HTTP/2 protocol to be used by a HTTP
// virtual server. Unless use of HTTP/2 is negotiated by the client,
// the virtual server will fall back to HTTP 1.x automatically.
Enabled *bool `json:"enabled,omitempty"`
// This setting controls the amount of memory allowed for header
// compression on each HTTP/2 connection.
HeaderTableSize *int `json:"header_table_size,omitempty"`
// A list of header names that should never be compressed using
// indexing.
HeadersIndexBlacklist *[]string `json:"headers_index_blacklist,omitempty"`
// The HTTP/2 HPACK compression scheme allows for HTTP headers to
// be compressed using indexing. Sensitive headers can be marked
// as "never index", which prevents them from being compressed using
// indexing. When this setting is "Yes", only headers included in
// "http2!headers_index_blacklist" are marked as "never index".
// When this setting is "No", all headers will be marked as "never
// index" unless they are included in "http2!headers_index_whitelist".
HeadersIndexDefault *bool `json:"headers_index_default,omitempty"`
// A list of header names that can be compressed using indexing
// when the value of "http2!headers_index_default" is set to "No".
HeadersIndexWhitelist *[]string `json:"headers_index_whitelist,omitempty"`
// The maximum size, in bytes, of decompressed headers for an HTTP/2
// request. If the limit is exceeded, the connection on which the
// request was sent will be dropped. A value of 0 disables the limit
// check. If a service protection class with "http!max_header_length"
// configured is associated with this service then that setting
// will take precedence.
HeadersSizeLimit *int `json:"headers_size_limit,omitempty"`
// The time, in seconds, to wait for a new HTTP/2 request on a previously
// used HTTP/2 connection that has no open HTTP/2 streams. If an
// HTTP/2 request is not received within this time, the connection
// will be closed. A value of "0" (zero) will disable the timeout.
IdleTimeoutNoStreams *int `json:"idle_timeout_no_streams,omitempty"`
// The time, in seconds, to wait for data on an idle HTTP/2 connection,
// which has open streams, when no data has been sent recently (e.g.
// for long-polled requests). If data is not sent within this time,
// all open streams and the HTTP/2 connection will be closed. A
// value of "0" (zero) will disable the timeout.
IdleTimeoutOpenStreams *int `json:"idle_timeout_open_streams,omitempty"`
// This setting controls the number of streams a client is permitted
// to open concurrently on a single connection.
MaxConcurrentStreams *int `json:"max_concurrent_streams,omitempty"`
// This setting controls the maximum HTTP/2 frame size clients are
// permitted to send to the traffic manager.
MaxFrameSize *int `json:"max_frame_size,omitempty"`
// The maximum size, in bytes, of the random-length padding to add
// to HTTP/2 header frames. The padding, a random number of zero
// bytes up to the maximum specified.
MaxHeaderPadding *int `json:"max_header_padding,omitempty"`
// Whether Cookie headers received from an HTTP/2 client should
// be merged into a single Cookie header using RFC6265 rules before
// forwarding to an HTTP/1.1 server. Some web applications do not
// handle multiple Cookie headers correctly.
MergeCookieHeaders *bool `json:"merge_cookie_headers,omitempty"`
// This setting controls the flow control window for each HTTP/2
// stream. This will limit the memory used for buffering when the
// client is sending body data faster than the pool node is reading
// it.
StreamWindowSize *int `json:"stream_window_size,omitempty"`
} `json:"http2"`
KerberosProtocolTransition struct {
// Whether or not the virtual server should use Kerberos Protocol
// Transition.
Enabled *bool `json:"enabled,omitempty"`
// The Kerberos principal this virtual server should use to perform
// Kerberos Protocol Transition.
Principal *string `json:"principal,omitempty"`
// The Kerberos principal name of the service this virtual server
// targets.
Target *string `json:"target,omitempty"`
} `json:"kerberos_protocol_transition"`
Log struct {
// Write log data to disk immediately, rather than buffering data.
AlwaysFlush *bool `json:"always_flush,omitempty"`
// Should the virtual server log failures occurring on connections
// to clients.
ClientConnectionFailures *bool `json:"client_connection_failures,omitempty"`
// Whether or not to log connections to the virtual server to a
// disk on the file system.
Enabled *bool `json:"enabled,omitempty"`
// The name of the file in which to store the request logs. The
// filename can contain macros which will be expanded by the traffic
// manager to generate the full filename.
Filename *string `json:"filename,omitempty"`
// The log file format. This specifies the line of text that will
// be written to the log file when a connection to the traffic manager
// is completed. Many parameters from the connection can be recorded
// using macros.
Format *string `json:"format,omitempty"`
// Whether to log all connections by default, or log no connections
// by default. Specific connections can be selected for addition
// to or exclusion from the log using the TrafficScript function
// "requestlog.include()".
SaveAll *bool `json:"save_all,omitempty"`
// Should the virtual server log failures occurring on connections
// to nodes.
ServerConnectionFailures *bool `json:"server_connection_failures,omitempty"`
// Should the virtual server log session persistence events.
SessionPersistenceVerbose *bool `json:"session_persistence_verbose,omitempty"`
// Should the virtual server log failures occurring on SSL secure
// negotiation.
SslFailures *bool `json:"ssl_failures,omitempty"`
// Should the virtual server log messages when attempts to resume
// SSL sessions (either from the session cache or a session ticket)
// fail. Note that failure to resume an SSL session does not result
// in the SSL connection being closed, but it does cause a full
// SSL handshake to take place.
SslResumptionFailures *bool `json:"ssl_resumption_failures,omitempty"`
} `json:"log"`
RecentConnections struct {
// Whether or not connections handled by this virtual server should
// be shown on the Activity > Connections page.
Enabled *bool `json:"enabled,omitempty"`
// Whether or not all connections handled by this virtual server
// should be shown on the Connections page. Individual connections
// can be selectively shown on the Connections page using the "recentconns.include()"
// TrafficScript function.
SaveAll *bool `json:"save_all,omitempty"`
} `json:"recent_connections"`
RequestTracing struct {
// Record a trace of major connection processing events for each
// request and response.
Enabled *bool `json:"enabled,omitempty"`
// Include details of individual I/O events in request and response
// traces. Requires request tracing to be enabled.
TraceIo *bool `json:"trace_io,omitempty"`
} `json:"request_tracing"`
Rtsp struct {
// If non-zero this controls the upper bound of the port range to
// use for streaming data connections.
StreamingPortRangeHigh *int `json:"streaming_port_range_high,omitempty"`
// If non-zero this controls the lower bound of the port range to
// use for streaming data connections.
StreamingPortRangeLow *int `json:"streaming_port_range_low,omitempty"`
// If non-zero data-streams associated with RTSP connections will
// timeout if no data is transmitted for this many seconds.
StreamingTimeout *int `json:"streaming_timeout,omitempty"`
} `json:"rtsp"`
Sip struct {
// The action to take when a SIP request with body data arrives
// that should be routed to an external IP.
DangerousRequests *string `json:"dangerous_requests,omitempty"`
// Should the virtual server follow routing information contained
// in SIP requests. If set to "No" requests will be routed to the
// chosen back-end node regardless of their URI or Route header.
FollowRoute *bool `json:"follow_route,omitempty"`
// SIP clients can have several pending requests at one time. To
// protect the traffic manager against DoS attacks, this setting
// limits the amount of memory each client can use. When the limit
// is reached new requests will be sent a 413 response. If the value
// is set to "0" (zero) the memory limit is disabled.
MaxConnectionMem *int `json:"max_connection_mem,omitempty"`
// The mode that this SIP virtual server should operate in.
Mode *string `json:"mode,omitempty"`
// Replace the Request-URI of SIP requests with the address of the
// selected back-end node.
RewriteUri *bool `json:"rewrite_uri,omitempty"`
// If non-zero this controls the upper bound of the port range to
// use for streaming data connections.
StreamingPortRangeHigh *int `json:"streaming_port_range_high,omitempty"`
// If non-zero, then this controls the lower bound of the port range
// to use for streaming data connections.
StreamingPortRangeLow *int `json:"streaming_port_range_low,omitempty"`
// If non-zero a UDP stream will timeout when no data has been seen
// within this time.
StreamingTimeout *int `json:"streaming_timeout,omitempty"`
// When timing out a SIP transaction, send a 'timed out' response
// to the client and, in the case of an INVITE transaction, a CANCEL
// request to the server.
TimeoutMessages *bool `json:"timeout_messages,omitempty"`
// The virtual server should discard a SIP transaction when no further
// messages have been seen within this time.
TransactionTimeout *int `json:"transaction_timeout,omitempty"`
} `json:"sip"`
Smtp struct {
// Whether or not the traffic manager should expect the connection
// to start off in plain text and then upgrade to SSL using STARTTLS
// when handling SMTP traffic.
ExpectStarttls *bool `json:"expect_starttls,omitempty"`
} `json:"smtp"`
Ssl struct {
// Whether or not the virtual server should add HTTP headers to
// each request to show the SSL connection parameters.
AddHttpHeaders *bool `json:"add_http_headers,omitempty"`
// The SSL/TLS cipher suites to allow for connections to this virtual
// server. Leaving this empty will make the virtual server use
// the globally configured cipher suites, see configuration key
// <a href="?fold_open=SSL%20Configuration§ion=Global%20Settings#a_ssl!cipher_suites">
// "ssl!cipher_suites"</a> in the Global Settings section of the
// System tab. See there for how to specify SSL/TLS cipher suites.
CipherSuites *string `json:"cipher_suites,omitempty"`
// The certificate authorities that this virtual server should trust
// to validate client certificates. If no certificate authorities
// are selected, and client certificates are requested, then all
// client certificates will be accepted.
ClientCertCas *[]string `json:"client_cert_cas,omitempty"`
// What HTTP headers the virtual server should add to each request
// to show the data in the client certificate.
ClientCertHeaders *string `json:"client_cert_headers,omitempty"`
// The SSL elliptic curve preference list for SSL connections to
// this virtual server using TLS version 1.0 or higher. Leaving
// this empty will make the virtual server use the globally configured
// curve preference list. The named curves P256, P384 and P521 may
// be configured.
EllipticCurves *[]string `json:"elliptic_curves,omitempty"`
// Whether or not the Fallback SCSV sent by TLS clients is honored
// by this virtual server. Choosing the global setting means the
// value of configuration key <a href="?fold_open=SSL%20Configuration§ion=Global%20Settings#a_ssl!honor_fallback_scsv">
// "ssl!honor_fallback_scsv"</a> from the Global Settings section
// of the System tab will be enforced.
HonorFallbackScsv *string `json:"honor_fallback_scsv,omitempty"`
// When the virtual server verifies certificates signed by these
// certificate authorities, it doesn't check the 'not after' date,
// i.e., they are considered valid even after their expiration date
// has passed (but not if they have been revoked).
IssuedCertsNeverExpire *[]string `json:"issued_certs_never_expire,omitempty"`
// This setting gives the number of certificates in a certificate
// chain beyond those listed as issued_certs_never_expire whose
// certificate expiry will not be checked. For example "0" will
// result in the expiry checks being made for certificates issued
// by issued_certs_never_expire certificates, "1" will result in
// no expiry checks being performed for the certificates directly
// issued by issued_certs_never_expire certificates, "2" will avoid
// checking expiry for certificates issued by certificates issued
// by the issued_certs_never_expire certificates as well, and so
// on.
IssuedCertsNeverExpireDepth *int `json:"issued_certs_never_expire_depth,omitempty"`
// The maximum client RSA/DSA certificate key size that the virtual
// server should accept.
MaxKeySize *int `json:"max_key_size,omitempty"`
// The minimum client RSA/DSA certificate key size that the virtual
// server should accept.
MinKeySize *int `json:"min_key_size,omitempty"`
// Whether or not the traffic manager should use OCSP to check the
// revocation status of client certificates.
OcspEnable *bool `json:"ocsp_enable,omitempty"`
// A table of certificate issuer specific OCSP settings.
OcspIssuers *VirtualServerOcspIssuersTable `json:"ocsp_issuers,omitempty"`
// The number of seconds for which an OCSP response is considered
// valid if it has not yet exceeded the time specified in the 'nextUpdate'
// field. If set to "0" (zero) then OCSP responses are considered
// valid until the time specified in their 'nextUpdate' field.
OcspMaxResponseAge *int `json:"ocsp_max_response_age,omitempty"`
// If OCSP URIs are present in certificates used by this virtual
// server, then enabling this option will allow the traffic manager
// to provide OCSP responses for these certificates as part of the
// handshake, if the client sends a TLS status_request extension
// in the ClientHello.
OcspStapling *bool `json:"ocsp_stapling,omitempty"`
// The number of seconds outside the permitted range for which the
// 'thisUpdate' and 'nextUpdate' fields of an OCSP response are
// still considered valid.
OcspTimeTolerance *int `json:"ocsp_time_tolerance,omitempty"`
// The number of seconds after which OCSP requests will be timed
// out.
OcspTimeout *int `json:"ocsp_timeout,omitempty"`
// Whether or not the virtual server should request an identifying
// SSL certificate from each client.
RequestClientCert *string `json:"request_client_cert,omitempty"`
// Whether or not to send an SSL/TLS "close alert" when the traffic
// manager is initiating an SSL socket disconnection.
SendCloseAlerts *bool `json:"send_close_alerts,omitempty"`
// The SSL certificates and corresponding private keys.
ServerCertAltCertificates *[]string `json:"server_cert_alt_certificates,omitempty"`
// The default SSL certificate to use for this virtual server.
ServerCertDefault *string `json:"server_cert_default,omitempty"`
// Host specific SSL server certificate mappings.
ServerCertHostMapping *VirtualServerServerCertHostMappingTable `json:"server_cert_host_mapping,omitempty"`
// Whether or not use of the session cache is enabled for this virtual
// server. Choosing the global setting means the value of configuration
// key <a href="?fold_open=SSL%20Configuration§ion=Global%20Settings#a_ssl!cache!enabled">
// "ssl!session_cache_enabled"</a> from the Global Settings section
// of the System tab will be enforced.
SessionCacheEnabled *string `json:"session_cache_enabled,omitempty"`
// Whether or not use of session tickets is enabled for this virtual
// server. Choosing the global setting means the value of configuration
// key <a href="?fold_open=SSL%20Configuration§ion=Global%20Settings#a_ssl!tickets!enabled">
// "ssl!tickets!enabled"</a> from the Global Settings section of
// the System tab will be enforced.
SessionTicketsEnabled *string `json:"session_tickets_enabled,omitempty"`
// The SSL signature algorithms preference list for SSL connections
// to this virtual server using TLS version 1.2 or higher. Leaving
// this empty will make the virtual server use the globally configured
// preference list, "signature_algorithms" in the "ssl" section
// of the "global_settings" resource. See there and in the online
// help for how to specify SSL signature algorithms.
SignatureAlgorithms *string `json:"signature_algorithms,omitempty"`
// Whether or not SSLv3 is enabled for this virtual server. Choosing
// the global setting means the value of configuration key <a href="?fold_open=SSL%20Configuration§ion=Global%20Settings#a_ssl!support_ssl3">
// "ssl!support_ssl3"</a> from the Global Settings section of the
// System tab will be enforced.
SupportSsl3 *string `json:"support_ssl3,omitempty"`
// Whether or not TLSv1.0 is enabled for this virtual server. Choosing
// the global setting means the value of configuration key <a href="?fold_open=SSL%20Configuration§ion=Global%20Settings#a_ssl!support_tls1">
// "ssl!support_tls1"</a> from the Global Settings section of the
// System tab will be enforced.
SupportTls1 *string `json:"support_tls1,omitempty"`
// Whether or not TLSv1.1 is enabled for this virtual server. Choosing
// the global setting means the value of configuration key <a href="?fold_open=SSL%20Configuration§ion=Global%20Settings#a_ssl!support_tls1_1">
// "ssl!support_tls1_1"</a> from the Global Settings section of
// the System tab will be enforced.
SupportTls11 *string `json:"support_tls1_1,omitempty"`
// Whether or not TLSv1.2 is enabled for this virtual server. Choosing
// the global setting means the value of configuration key <a href="?fold_open=SSL%20Configuration§ion=Global%20Settings#a_ssl!support_tls1_2">
// "ssl!support_tls1_2"</a> from the Global Settings section of
// the System tab will be enforced.
SupportTls12 *string `json:"support_tls1_2,omitempty"`
// Whether or not TLSv1.3 is enabled for this virtual server. Choosing
// the global setting means the value of configuration key <a href="?fold_open=SSL%20Configuration§ion=Global%20Settings#a_ssl!support_tls1_3">
// "ssl!support_tls1_3"</a> from the Global Settings section of
// the System tab will be enforced.
SupportTls13 *string `json:"support_tls1_3,omitempty"`
// If the traffic manager is receiving traffic sent from another
// traffic manager, then enabling this option will allow it to decode
// extra information on the true origin of the SSL connection. This
// information is supplied by the first traffic manager.
TrustMagic *bool `json:"trust_magic,omitempty"`
} `json:"ssl"`
Syslog struct {
// Whether or not to log connections to the virtual server to a
// remote syslog host.
Enabled *bool `json:"enabled,omitempty"`
// The log format for the remote syslog. This specifies the line
// of text that will be sent to the remote syslog when a connection
// to the traffic manager is completed. Many parameters from the
// connection can be recorded using macros.
Format *string `json:"format,omitempty"`
// The remote host and port (default is 514) to send request log
// lines to.
IpEndPoint *string `json:"ip_end_point,omitempty"`
// Maximum length in bytes of a message sent to the remote syslog.
// Messages longer than this will be truncated before they are sent.
MsgLenLimit *int `json:"msg_len_limit,omitempty"`
} `json:"syslog"`
Tcp struct {
// Whether or not connections from clients should be closed with
// a RST packet, rather than a FIN packet. This avoids the TIME_WAIT
// state, which on rare occasions allows wandering duplicate packets
// to be safely ignored.
CloseWithRst *bool `json:"close_with_rst,omitempty"`
// The maximum TCP segment size. This will place a maximum on the
// size of TCP segments that are sent by this machine, and will
// advertise to the client this value as the maximum size of TCP
// segment to send to this machine. Setting this to zero causes
// the default maximum TCP segment size to be advertised and used.
Mss *int `json:"mss,omitempty"`
// Whether or not Nagle's algorithm should be used for TCP connections.
Nagle *bool `json:"nagle,omitempty"`
// If set to "Yes" the traffic manager will send the client FIN
// to the back-end server and wait for a server response instead
// of closing the connection immediately. This is only necessary
// for protocols that require half-close support to function correctly,
// such as "rsh". If the traffic manager is responding to the request
// itself, setting this key to Yes will cause the traffic manager
// to continue writing the response even after it has received a
// FIN from the client.
ProxyClose *bool `json:"proxy_close,omitempty"`
} `json:"tcp"`
TransactionExport struct {
// Whether to export a restricted set of metadata about transactions
// processed by this virtual server. If enabled, more verbose information
// such as client and server headers and request tracing events
// will be omitted from the exported data.
Brief *bool `json:"brief,omitempty"`
// Export metadata about transactions handled by this service to
// the globally configured endpoint. Data will be exported only
// if the global "transaction_export!enabled" setting is enabled.
Enabled *bool `json:"enabled,omitempty"`
// Whether the transaction processing timeline included in the metadata
// export is recorded with a high, microsecond, resolution. If set
// to "No", timestamps will be recorded with a resolution of milliseconds.
HiRes *bool `json:"hi_res,omitempty"`
// The set of HTTP header names for which corresponding values should
// be redacted from the metadata exported by this virtual server.
HttpHeaderBlacklist *[]string `json:"http_header_blacklist,omitempty"`
} `json:"transaction_export"`
Udp struct {
// Whether UDP datagrams received from the same IP address and port
// are sent to the same pool node if they match an existing UDP
// session. Sessions are defined by the protocol being handled,
// for example SIP datagrams are grouped based on the value of the
// Call-ID header.
EndPointPersistence *bool `json:"end_point_persistence,omitempty"`
// Whether or not UDP datagrams should be distributed across all
// traffic manager processes. This setting is not recommended if
// the traffic manager will be handling connection-based UDP protocols.
PortSmp *bool `json:"port_smp,omitempty"`
// The virtual server should discard any UDP connection and reclaim
// resources when the node has responded with this number of datagrams.
// For simple request/response protocols this can be often set
// to "1". If set to "-1", the connection will not be discarded
// until the "timeout" is reached.
ResponseDatagramsExpected *int `json:"response_datagrams_expected,omitempty"`
// The virtual server should discard any UDP connection and reclaim
// resources when no further UDP traffic has been seen within this
// time.
Timeout *int `json:"timeout,omitempty"`
} `json:"udp"`
WebCache struct {
// The "Cache-Control" header to add to every cached HTTP response,
// "no-cache" or "max-age=600" for example.
ControlOut *string `json:"control_out,omitempty"`
// If set to "Yes" the traffic manager will attempt to cache web
// server responses.
Enabled *bool `json:"enabled,omitempty"`
// Time period to cache error pages for.
ErrorPageTime *int `json:"error_page_time,omitempty"`
// Maximum time period to cache web pages for.
MaxTime *int `json:"max_time,omitempty"`
// If a cached page is about to expire within this time, the traffic
// manager will start to forward some new requests on to the web
// servers. A maximum of one request per second will be forwarded;
// the remainder will continue to be served from the cache. This
// prevents "bursts" of traffic to your web servers when an item
// expires from the cache. Setting this value to "0" will stop the
// traffic manager updating the cache before it expires.
RefreshTime *int `json:"refresh_time,omitempty"`
} `json:"web_cache"`
}
type VirtualServerProfile struct {
// The name of an Aptimizer acceleration profile.
Name *string `json:"name,omitempty"`