Data returned by Barad
Used by actions: DescribeBaradData.
| Name | Type | Description |
|---|---|---|
| MetricName | String | Metric name (connum: number of active TCP connections; new_conn: number of new TCP connections; inactive_conn: number of inactive connections; intraffic: inbound traffic; outtraffic: outbound traffic; alltraffic: sum of inbound and outbound traffic; inpkg: inbound packet rate; outpkg: outbound packet rate;) |
| Data | Array of Float | Value array |
| Count | Integer | Value array size |
IP object bound to Anti-DDoS Pro
Used by actions: CreateBoundIP.
| Name | Type | Required | Description |
|---|---|---|---|
| Ip | String | Yes | IP |
| BizType | String | No | Bound product type. Valid values: [public (CVM), bm (BM), eni (ENI), vpngw (VPN Gateway), natgw (NAT Gateway), waf (WAF), fpc (finance product), gaap (GAAP), other (hosted IP)] |
| DeviceType | String | No | Subtype under product type. Valid values: [cvm (CVM), lb (CLB), eni (ENI), vpngw (VPN), natgw (NAT), waf (WAF), fpc (finance), gaap (GAAP), other (hosted IP), eip (BM EIP)] |
| InstanceId | String | No | Resource instance ID of IP. This field is required when binding a new IP. For example, if it is an ENI IP, enter ID(eni-*) of the ENI for InstanceId; if it is a hosted IP without corresponding resource instance ID, enter "none"; |
CC alarm threshold
Used by actions: DescribeCCAlarmThreshold.
| Name | Type | Description |
|---|---|---|
| AlarmThreshold | Integer | CC alarm threshold |
CC attack event record
Used by actions: DescribeCCEvList.
| Name | Type | Description |
|---|---|---|
| Business | String | Anti-DDoS service type. bgpip: Anti-DDoS Advanced; bgp: Anti-DDoS Pro (Single IP); bgp-multip: Anti-DDoS Pro (Multi-IP); net: Anti-DDoS Ultimate; basic: Anti-DDoS Basic |
| Id | String | Anti-DDoS instance ID |
| Vip | String | Resource IP |
| StartTime | Timestamp | Attack start time |
| EndTime | Timestamp | Attack end time |
| ReqQps | Integer | Total requests peak (QPS) |
| DropQps | Integer | Attack peak (QPS) |
| AttackStatus | Integer | Attack status. Valid values: [0 (ongoing), 1 (ended)] |
| ResourceName | String | Resource name Note: this field may return null, indicating that no valid values can be obtained. |
| DomainList | String | Domain name list Note: this field may return null, indicating that no valid values can be obtained. |
| UriList | String | URI list Note: this field may return null, indicating that no valid values can be obtained. |
| AttackipList | String | Attack source list Note: this field may return null, indicating that no valid values can be obtained. |
Access frequency control rule for CC protection
Used by actions: DescribeCCFrequencyRules.
| Name | Type | Description |
|---|---|---|
| CCFrequencyRuleId | String | ID of the access frequency control rule for CC protection |
| Uri | String | URI string, which must start with /, such as /abc/a.php. Length limit: 31. If URI is /, only prefix match can be selected as the matching mode; |
| UserAgent | String | User-Agent string. Length limit: 80 |
| Cookie | String | Cookie string. Length limit: 40 |
| Mode | String | Matching rule. Valid values: ["include" (prefix match), "equal" (exact match)] |
| Period | Integer | Reference period in seconds. Valid values: [10, 30, 60] |
| ReqNumber | Integer | Number of access requests. Value range: [1-10000] |
| Act | String | Action take. Valid values: ["alg" (CAPTCHA), "drop" (blocking)] |
| ExeDuration | Integer | Execution duration in seconds. Valid range: [1-900] |
Custom CC protection rule
Used by actions: CreateCCSelfDefinePolicy, DescribeCCSelfDefinePolicy, ModifyCCSelfDefinePolicy.
| Name | Type | Required | Description |
|---|---|---|---|
| Name | String | Yes | Policy name |
| Smode | String | Yes | Matching mode. Valid values: [matching (matching mode), speedlimit (speed limiting mode)] |
| SetId | String | No | Policy ID |
| Frequency | Integer | No | Number of requests allowed per minute |
| ExeMode | String | No | Executed policy mode. Valid values: [alg (verification code), drop (blocking)] |
| Switch | Integer | No | Specifies whether the policy is activated |
| CreateTime | String | No | Creation time |
| RuleList | Array of CCRule | No | Rule list |
| IpList | Array of String | No | IP list. If this field is to be left empty, please pass in an empty instead of null; |
| Protocol | String | No | CC protection type. Valid values: [http, https] |
| RuleId | String | No | ID of the forwarding rule corresponding to the HTTPS CC protection domain name |
| Domain | String | No | HTTPS CC protection domain name |
The custom CC protection policy in key-value format
Used by actions: CreateCCSelfDefinePolicy, DescribeCCSelfDefinePolicy, ModifyCCSelfDefinePolicy.
| Name | Type | Required | Description |
|---|---|---|---|
| Skey | String | Yes | Key of the policy. Valid values: host, cgi, ua, referer |
| Operator | String | Yes | Rule condition. Valid values: include, not_include, equal |
| Value | String | Yes | Value of the policy. Length limit: 31 bytes |
Custom layer-7 CC policy
Used by actions: CreateL7CCRule.
| Name | Type | Required | Description |
|---|---|---|---|
| Period | Integer | Yes | Reference period in seconds. Valid values: [10, 30, 60] |
| ReqNumber | Integer | Yes | Number of access requests. Value range: [1-10000] |
| Action | String | Yes | Action take. Valid values: ["alg" (CAPTCHA), "drop" (blocking)] |
| ExeDuration | Integer | Yes | Execution duration in seconds. Valid range: [1-900] |
DDoS alarm threshold
Used by actions: DescribeDDoSAlarmThreshold.
| Name | Type | Description |
|---|---|---|
| AlarmType | Integer | Alarm threshold type. 1: inbound traffic, 2: cleansed traffic |
| AlarmThreshold | Integer | Alarm threshold, which should be greater than 0 (currently scheduled value) |
Attack source information
Used by actions: DescribeDDoSAttackSource.
| Name | Type | Description |
|---|---|---|
| SrcIp | String | Attack source IP |
| Province | String | Province (valid for Mainland China) |
| Nation | String | Country/region |
| PacketSum | Integer | Total number of attack packets |
| PacketLen | Integer | Total attack traffic |
DDoS attack event record
Used by actions: DescribeDDoSEvList, DescribeDDoSNetEvList.
| Name | Type | Description |
|---|---|---|
| Business | String | Anti-DDoS service type. bgpip: Anti-DDoS Advanced; bgp: Anti-DDoS Pro (Single IP); bgp-multip: Anti-DDoS Pro (Multi-IP); net: Anti-DDoS Ultimate; basic: Anti-DDoS Basic |
| Id | String | Anti-DDoS instance ID |
| Vip | String | Resource IP |
| StartTime | Timestamp | Attack start time |
| EndTime | Timestamp | Attack end time |
| Mbps | Integer | Maximum attack bandwidth |
| Pps | Integer | Maximum attack packet rate |
| AttackType | String | Attack type |
| BlockFlag | Integer | Whether the IP is blocked. Valid values: [1 (yes), 0 (no), 2 (invalid value)] |
| OverLoad | String | Whether the elastic protection bandwidth is exceeded. Valid values: [yes (yes), no (no), empty string (unknown value)] |
| AttackStatus | Integer | Attack status. Valid values: [0 (ongoing), 1 (ended)] |
| ResourceName | String | Resource name Note: this field may return null, indicating that no valid values can be obtained. |
| EventId | String | Attack event ID Note: this field may return null, indicating that no valid values can be obtained. |
Disabled protocol in advanced DDoS policy
Used by actions: CreateDDoSPolicy, DescribeDDoSPolicy, ModifyDDoSPolicy.
| Name | Type | Required | Description |
|---|---|---|---|
| DropTcp | Integer | Yes | Blocks all TCP traffic. Valid values: [0,1] |
| DropUdp | Integer | Yes | Blocks all UDP traffic. Valid values: [0,1] |
| DropIcmp | Integer | Yes | Blocks all ICMP traffic. Valid values: [0,1] |
| DropOther | Integer | Yes | Blocks traffic of other protocols. Valid values: [0,1] |
| DropAbroad | Integer | Yes | Rejects traffic from outside Mainland China. Valid values: [0,1] |
| CheckSyncConn | Integer | Yes | Null session protection. Valid values: [0,1] |
| SdNewLimit | Integer | No | New connection suppression based on source IP and destination IP. Value range: [0,4294967295] |
| DstNewLimit | Integer | No | New connection suppression based on destination IP. Value range: [0,4294967295] |
| SdConnLimit | Integer | No | Concurrent connection suppression based on source IP and destination IP. Value range: [0,4294967295] |
| DstConnLimit | Integer | No | Concurrent connection suppression based on destination IP. Value range: [0,4294967295] |
| BadConnThreshold | Integer | No | Threshold for triggering connection suppression. Value range: [0,4294967295] |
| NullConnEnable | Integer | No | Exceptional connection detection condition: null session protection status. Valid values: [0,1] |
| ConnTimeout | Integer | No | Exceptional connection detection condition: connection timeout. Valid values: [0,65535] |
| SynRate | Integer | No | Exceptional connection detection condition: percentage of SYN out of ACK. Valid values: [0,100] |
| SynLimit | Integer | No | Exceptional connection detection condition: SYN threshold. Valid values: [0,100] |
| DTcpMbpsLimit | Integer | No | TCP speed limit. Value range: [0,4294967295] |
| DUdpMbpsLimit | Integer | No | UDP speed limit. Value range: [0,4294967295] |
| DIcmpMbpsLimit | Integer | No | ICMP speed limit. Value range: [0,4294967295] |
| DOtherMbpsLimit | Integer | No | Other protocol speed limit. Value range: [0,4294967295] |
Packet filter in advanced DDoS policy
Used by actions: CreateDDoSPolicy, DescribeDDoSPolicy, ModifyDDoSPolicy.
| Name | Type | Required | Description |
|---|---|---|---|
| Protocol | String | Yes | Protocol. Valid values: [tcp, udp, icmp, all] |
| SportStart | Integer | Yes | Start source port. Value range: [0,65535] |
| SportEnd | Integer | Yes | End source port. Value range: [0,65535] |
| DportStart | Integer | Yes | Start destination port. Value range: [0,65535] |
| DportEnd | Integer | Yes | End destination port. Value range: [0,65535] |
| PktlenMin | Integer | Yes | Minimum packet length. Value range: [0,1500] |
| PktlenMax | Integer | Yes | Maximum packet length. Value range: [0,1500] |
| MatchBegin | String | Yes | Whether to detect the payload. Valid values: [ begin_l3 (IP header) begin_l4 (TCP header) begin_l5 (payload) no_match (no check) ] |
| MatchType | String | Yes | Whether it is a regular expression. Valid values: [sunday (keyword), pcre (regular expression)] |
| Str | String | Yes | Keyword or regular expression |
| Depth | Integer | Yes | Detection depth. Value range: [0,1500] |
| Offset | Integer | Yes | Detection offset. Value range: [0,1500] |
| IsNot | Integer | Yes | Whether to include. Valid values: [0 (no), 1 (yes)] |
| Action | String | Yes | Policy action. Valid values: [drop, drop_black, drop_rst, drop_black_rst, transmit] |
Disabled port in advanced DDoS policy
Used by actions: CreateDDoSPolicy, DescribeDDoSPolicy, ModifyDDoSPolicy.
| Name | Type | Required | Description |
|---|---|---|---|
| Protocol | String | Yes | Protocol. Valid values: [tcp, udp, all] |
| DPortStart | Integer | Yes | Start destination port. Value range: [0,65535] |
| DPortEnd | Integer | Yes | End destination port, which must be greater than or equal to the start destination port. Value range: [0,65535] |
| SPortStart | Integer | No | Start source port. Value range: [0,65535] Note: this field may return null, indicating that no valid values can be obtained. |
| SPortEnd | Integer | No | End source port, which must be greater than or equal to the start source port. Value range: [0,65535] Note: this field may return null, indicating that no valid values can be obtained. |
| Action | String | No | Action to be executed. Valid values: [drop (discard) , transmit (forward)] Note: this field may return null, indicating that no valid values can be obtained. |
| Kind | Integer | No | Type of port to be disabled. Valid values: [0 (destination port range), 1 (source port range), 2 (destination port range and source port range)] Note: this field may return null, indicating that no valid values can be obtained. |
Advanced DDoS policy
Used by actions: DescribeDDoSPolicy.
| Name | Type | Description |
|---|---|---|
| Resources | Array of ResourceIp | Resource bound to policy |
| DropOptions | DDoSPolicyDropOption | Disabled protocol |
| PortLimits | Array of DDoSPolicyPortLimit | Disabled port |
| PacketFilters | Array of DDoSPolicyPacketFilter | Packet filter |
| IpBlackWhiteLists | Array of IpBlackWhite | IP blocklist/allowlist |
| PolicyId | String | Policy ID |
| PolicyName | String | Policy name |
| CreateTime | String | Policy creation time |
| WaterPrint | Array of WaterPrintPolicy | Watermarking policy parameter. There can be only one policy. If there are no policies, the array is empty |
| WaterKey | Array of WaterPrintKey | Watermark key. There can be up to two keys. If there are no policies, the array is empty |
| BoundResources | Array of String | Resource instance bound to policy Note: this field may return null, indicating that no valid values can be obtained. |
| SceneId | String | Policy scenario Note: this field may return null, indicating that no valid values can be obtained. |
IP blocklist/allowlist
Used by actions: CreateDDoSPolicy, DescribeDDoSPolicy, ModifyDDoSPolicy.
| Name | Type | Required | Description |
|---|---|---|---|
| Ip | String | Yes | IP address |
| Type | String | Yes | Blocklist/allowlist type. Valid values: [black, white] |
IP blocking record
Used by actions: DescribeIpBlockList.
| Name | Type | Description |
|---|---|---|
| Ip | String | IP |
| Status | String | Status (Blocked: blocked, UnBlocking: unblocking, UnBlockFailed: unblocking failed) |
| BlockTime | Timestamp | Blocked time |
| UnBlockTime | Timestamp | Unblocked time (estimated) |
| ActionType | String | Type of the unblocking action (user: self-service unblocking, auto: automatic unblocking, update: unblocking by service upgrading, bind: unblocking by binding Anti-DDoS Pro instance) |
IP unblocking record
Used by actions: DescribeIpUnBlockList.
| Name | Type | Description |
|---|---|---|
| Ip | String | IP |
| BlockTime | Timestamp | Blocked time |
| UnBlockTime | Timestamp | Unblocked time (actua |