Skip to content
API Enriched

Replace BIG-IP HTTP Proxy.

PUT
/api/config/namespaces/{metadata.namespace}/bigip_http_proxys/{metadata.name}
curl --request PUT \
  --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/bigip_http_proxys/example \
  --header 'Authorization: <Authorization>' \
  --header 'Content-Type: application/json' \
  --data '{ "metadata": { "annotations": {}, "description": "example", "disable": true, "labels": {}, "name": "example", "namespace": "example" }, "spec": { "advanced_profile": { "disable": {}, "enable_default_profile": {} }, "ddos_profile": { "disable_ddos_mitigation": {}, "enable_ddos_mitigation": {} }, "irules": { "irules": [ { "name": "example", "namespace": "example" } ] }, "lb_algorithm": { "round_robin": {} }, "origin_pools": { "pools": [ { "name": "example", "origin_servers": { "automatic_port": {}, "health_checks": { "health_check": [ { "icmp_health_check": {}, "tcp_health_check": { "expected_response": "example", "send_payload": "example" } } ], "healthy_threshold": 1, "interval": 1, "timeout": 1, "unhealthy_threshold": 1 }, "lb_port": {}, "origin_servers": [ { "k8s_service": { "inside_network": {}, "outside_network": {}, "protocol": "PROTOCOL_TCP", "service_name": "example", "site_locator": { "site": { "name": "example", "namespace": "example" }, "virtual_site": { "name": "example", "namespace": "example" } }, "snat_pool": { "no_snat_pool": {}, "snat_pool": { "prefixes": [ "example" ] } }, "vk8s_networks": {} }, "private_ip": { "inside_network": {}, "ip": "example", "outside_network": {}, "segment": { "name": "example", "namespace": "example" }, "site_locator": { "site": { "name": "example", "namespace": "example" }, "virtual_site": { "name": "example", "namespace": "example" } }, "snat_pool": { "no_snat_pool": {}, "snat_pool": { "prefixes": [ "example" ] } } }, "public_ip": { "ip": "example" }, "public_name": { "dns_name": "example", "refresh_interval": 1 } } ], "port": 1 }, "priority": 1, "weight": 1 } ] }, "proxy_advertisement": { "advertise_custom": { "advertise_where": [ { "advertise_on_public": { "public_ip": { "name": "example", "namespace": "example" } }, "port": 1, "port_ranges": "example", "site": { "ip": "example", "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE", "site": { "name": "example", "namespace": "example" } }, "use_default_port": {}, "virtual_network": { "default_v6_vip": {}, "default_vip": {}, "specific_v6_vip": "example", "specific_vip": "example", "virtual_network": { "name": "example", "namespace": "example" } }, "virtual_site": { "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE", "virtual_site": { "name": "example", "namespace": "example" } }, "virtual_site_with_vip": { "ip": "example", "network": "SITE_NETWORK_SPECIFIED_VIP_OUTSIDE", "virtual_site": { "name": "example", "namespace": "example" } }, "vk8s_service": { "site": { "name": "example", "namespace": "example" }, "virtual_site": { "name": "example", "namespace": "example" } } } ] }, "do_not_advertise": {} }, "proxy_config": { "domains": [ "example" ], "http": { "dns_volterra_managed": true, "port": 1, "port_ranges": "example" }, "https": { "add_hsts": true, "append_server_name": "example", "coalescing_options": { "default_coalescing": {}, "strict_coalescing": {} }, "connection_idle_timeout": 1, "default_header": {}, "default_loadbalancer": {}, "disable_path_normalize": {}, "enable_path_normalize": {}, "http_protocol_options": { "http_protocol_enable_v1_only": { "header_transformation": { "default_header_transformation": {}, "legacy_header_transformation": {}, "preserve_case_header_transformation": {}, "proper_case_header_transformation": {} } }, "http_protocol_enable_v1_v2": {}, "http_protocol_enable_v2_only": {} }, "http_redirect": true, "non_default_loadbalancer": {}, "pass_through": {}, "port": 1, "port_ranges": "example", "server_name": "example", "tls_cert_params": { "certificates": [ { "name": "example", "namespace": "example" } ], "no_mtls": {}, "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "no_mtls": {}, "tls_certificates": [ { "certificate_url": "example", "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] }, "description": "example", "disable_ocsp_stapling": {}, "private_key": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "use_system_defaults": {} } ], "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "add_hsts": true, "append_server_name": "example", "coalescing_options": { "default_coalescing": {}, "strict_coalescing": {} }, "connection_idle_timeout": 1, "default_header": {}, "default_loadbalancer": {}, "disable_path_normalize": {}, "enable_path_normalize": {}, "http_protocol_options": { "http_protocol_enable_v1_only": { "header_transformation": { "default_header_transformation": {}, "legacy_header_transformation": {}, "preserve_case_header_transformation": {}, "proper_case_header_transformation": {} } }, "http_protocol_enable_v1_v2": {}, "http_protocol_enable_v2_only": {} }, "http_redirect": true, "no_mtls": {}, "non_default_loadbalancer": {}, "pass_through": {}, "port": 1, "port_ranges": "example", "server_name": "example", "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } } } }'

Replace BIG-IP HTTP Proxy in a given namespace.

Examples of this operation.

Authorizations

Section titled “Authorizations”

Parameters

Section titled “Parameters”

Path Parameters

Section titled “Path Parameters”
metadata.namespace
required
string

Namespace This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""

metadata.name
required
string

Name The configuration object to be replaced will be looked up by name.

Request Bodyrequired

Section titled “Request Bodyrequired”
Media typeapplication/json
ReplaceRequest is used to replace contents of a bigip_http_proxy

This is the input message of the ‘Replace’ RPC.

object
metadata
object
annotations
annotations

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.

object
description
description

Human readable description for the object.

string
>= 21 characters <= 1200 characters
disable
disable

A value of true will administratively disable the object.

boolean format: boolean
labels
labels

Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.

object
name
name

This is the name of configuration object. It has to be unique within the namespace. It can only be specified during create API and cannot be changed during replace API. The value of name has to follow DNS-1035 format. Required: YES.

string
>= 6 characters <= 1024 characters
namespace
namespace

This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""

string
>= 6 characters <= 1024 characters
spec
object
advanced_profile
object
disable
object
enable_default_profile
object
ddos_profile
object
disable_ddos_mitigation
object
enable_ddos_mitigation
object
irules
object
irules
iRules

OPTIONS for attaching iRules to BIG-IP HTTP Proxy.

Array<object>
<= 16 items
ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
lb_algorithm
object
round_robin
object
origin_pools
object
pools
Pools

List of Origin Pools.

Array<object>
<= 8 items
Origin Pool With Weight

This defines a combination of origin pool with weight and priority.

object
name
Name

Name of the origin pool

Required: YES.

string
>= 6 characters <= 1024 characters
origin_servers
object
automatic_port
object
health_checks
object
health_check
List of Health Checks

List of Health Checks

Required: YES.

Array<object>
<= 3 items
Server Health Check

Server Health Check.

object
icmp_health_check
object
tcp_health_check
object
expected_response
expected response

Specifies a regular expression pattern which will be matched against response payload Required: YES.

string
<= 2048 characters
send_payload
send string

Text string sent in the request Required: YES.

string
<= 2048 characters
healthy_threshold
Healthy Threshold

Number of successful responses before declaring healthy. In other words, this is the number of healthy health checks required before a host is marked healthy. Note that during startup, only a single successful health check is required to mark a host healthy. Required: YES.

integer format: int64
interval
Interval

Time interval in seconds between two health check requests Required: YES.

integer format: int64
timeout
Timeout

Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.

integer format: int64
unhealthy_threshold
Unhealthy Threshold

Number of failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a host is marked unhealthy. Note that for HTTP health check if a host responds with 503 this threshold is ignored and the host is considered unhealthy immediately. Required: YES.

integer format: int64
lb_port
object
origin_servers
List of Origin Servers

List of origin servers for Proxy

Required: YES.

Array<object>
>= 1 items <= 8 items
Origin Server

Origin Server.

object
k8s_service
object
inside_network
object
outside_network
object
protocol
string
default: PROTOCOL_TCP
Allowed values: PROTOCOL_TCP PROTOCOL_UDP
service_name
Service Name

Exclusive with [] K8s service name of the origin server will be listed, including the namespace and cluster-ID. For vK8s services, you need to enter a string with the format servicename.namespace:cluster-ID. If the servicename is “frontend”, namespace is “speedtest” and cluster-ID is “prod”, then you will enter “frontend.speedtest:prod”. Both namespace and cluster-ID are optional.

string
<= 1024 characters
site_locator
object
site
object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
virtual_site
object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
snat_pool
object
no_snat_pool
object
snat_pool
object
prefixes
ipv4 prefix list

List of IPv4 prefixes that represent an endpoint.

Array<string>
<= 128 items
vk8s_networks
object
private_ip
object
inside_network
object
ip
IP

Exclusive with [] Private IPv4 address.

string
<= 1024 characters
outside_network
object
segment
object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
site_locator
object
site
object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
virtual_site
object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
snat_pool
object
no_snat_pool
object
snat_pool
object
prefixes
ipv4 prefix list

List of IPv4 prefixes that represent an endpoint.

Array<string>
<= 128 items
public_ip
object
ip
IP

Exclusive with [] Public IPv4 address.

string
<= 1024 characters
public_name
object
dns_name
DNS name

DNS Name Required: YES.

string
>= 1 characters <= 256 characters
refresh_interval
refresh_interval

Interval for DNS refresh in seconds. Max value is 7 days as per https://datatracker.ietf.org/doc/HTML/rfc8767.

integer format: int64
port
Port

Exclusive with [automatic_port lb_port] Endpoint service is available on this port.

integer format: int64
>= 1 <= 65535
priority
Priority

Priority of this origin pool, valid only with multiple origin pools. Value of 0 will make the pool as lowest priority origin pool. When active origin pool is not available, lower priority origin pools are made active as per the increasing priority.

integer format: int64
weight
Weight

Weight of this origin pool, valid only with multiple origin pools. Value of 0 will disable the pool.

integer format: int64
proxy_advertisement
object
advertise_custom
object
advertise_where
Advertise Where

Where should this load balancer be available

Required: YES.

Array<object>
>= 1 items <= 32 items
WhereType

This defines various OPTIONS where a Loadbalancer could be advertised.

object
advertise_on_public
object
public_ip
object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
port
Port to listen

Exclusive with [port_ranges use_default_port] Port to Listen.

integer format: int64
>= 1 <= 65535
port_ranges
Port ranges to listen

Exclusive with [port use_default_port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string
>= 1 characters <= 512 characters
site
object
ip
IP address on the site

Use given IP address as VIP on the site.

string
<= 1024 characters
network
string
default: SITE_NETWORK_INSIDE_AND_OUTSIDE
Allowed values: SITE_NETWORK_INSIDE_AND_OUTSIDE SITE_NETWORK_INSIDE SITE_NETWORK_OUTSIDE SITE_NETWORK_SERVICE SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP SITE_NETWORK_IP_FABRIC
site
object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
use_default_port
object
virtual_network
object
default_v6_vip
object
default_vip
object
specific_v6_vip
Specific V6 VIP

Exclusive with [default_v6_vip] Use given IPv6 address as VIP on virtual Network.

string
<= 1024 characters
specific_vip
Specific VIP

Exclusive with [default_vip] Use given IPv4 address as VIP on virtual Network.

string
<= 1024 characters
virtual_network
object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
virtual_site
object
network
string
default: SITE_NETWORK_INSIDE_AND_OUTSIDE
Allowed values: SITE_NETWORK_INSIDE_AND_OUTSIDE SITE_NETWORK_INSIDE SITE_NETWORK_OUTSIDE SITE_NETWORK_SERVICE SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP SITE_NETWORK_IP_FABRIC
virtual_site
object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
virtual_site_with_vip
object
ip
IP address on the site

Use given IP address as VIP on the site.

string
<= 1024 characters
network
string
default: SITE_NETWORK_SPECIFIED_VIP_OUTSIDE
Allowed values: SITE_NETWORK_SPECIFIED_VIP_OUTSIDE SITE_NETWORK_SPECIFIED_VIP_INSIDE
virtual_site
object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
vk8s_service
object
site
object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
virtual_site
object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
do_not_advertise
object
proxy_config
object
domains
Domains

A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form

Domain search order:

  1. Exact domain names: www.example.com.
  2. Prefix domain wildcards: *.example.com or *-bar.example.com.
  3. Special wildcard * matching any domain.

Wildcard will not match empty string. E.g. *-bar.example.com will match baz-bar.example.com but not -bar.example.com. The longest wildcards match first.

Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.

Array<string>
>= 1 items <= 32 items
http
object
dns_volterra_managed
Manage DNS Domain

DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.

boolean format: boolean
port
HTTP port to listen

Exclusive with [port_ranges] HTTP port to Listen.

integer format: int64
>= 1 <= 65535
port_ranges
Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string
>= 1 characters <= 512 characters
https
object
add_hsts
Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean
append_server_name
append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string
<= 8096 characters
coalescing_options
object
default_coalescing
object
strict_coalescing
object
connection_idle_timeout
Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64
default_header
object
default_loadbalancer
object
disable_path_normalize
object
enable_path_normalize
object
http_protocol_options
object
http_protocol_enable_v1_only
object
header_transformation
object
default_header_transformation
object
legacy_header_transformation
object
preserve_case_header_transformation
object
proper_case_header_transformation
object
http_protocol_enable_v1_v2
object
http_protocol_enable_v2_only
object
http_redirect
HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean
non_default_loadbalancer
object
pass_through
object
port
HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64
>= 1 <= 65535
port_ranges
Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string
>= 1 characters <= 512 characters
server_name
server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string
<= 8096 characters
tls_cert_params
object
certificates
certificates

Select one or more certificates with any domain names.

Required: YES.

Array<object>
<= 32 items
ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
no_mtls
object
tls_config
object
custom_security
object
cipher_suites
cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>
max_version
string
default: TLS_AUTO
Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3
min_version
string
default: TLS_AUTO
Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3
default_security
object
low_security
object
medium_security
object
use_mtls
object
client_certificate_optional
client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean
crl
object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
no_crl
object
trusted_ca
object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
trusted_ca_url
trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string
>= 1 characters <= 131072 characters
xfcc_disabled
object
xfcc_options
object
xfcc_header_elements
XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>
Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS
tls_parameters
object
no_mtls
object
tls_certificates
tls_certificates

Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms

Required: YES.

Array<object>
>= 1 items <= 16 items
TlsCertificateType

Handle to fetch certificate and key.

object
certificate_url
certificate_url

TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.

string
>= 1 characters <= 131072 characters
custom_hash_algorithms
object
hash_algorithms
Hash Algorithms

Ordered list of hash algorithms to be used.

Required: YES.

Array<string>
>= 1 items <= 4 items
Allowed values: INVALID_HASH_ALGORITHM SHA256 SHA1
description
description

Description for the certificate.

string
>= 21 characters <= 1024 characters
disable_ocsp_stapling
object
private_key
object
blindfold_secret_info
object
decryption_provider
Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string
<= 1024 characters
location
Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string
>= 4 characters <= 1024 characters
store_provider
Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string
<= 1024 characters
clear_secret_info
object
provider
Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string
>= 3 characters <= 1024 characters
url
URL

URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.

string format: uri
<= 131072 characters
use_system_defaults
object
tls_config
object
custom_security
object
cipher_suites
cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>
max_version
string
default: TLS_AUTO
Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3
min_version
string
default: TLS_AUTO
Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3
default_security
object
low_security
object
medium_security
object
use_mtls
object
client_certificate_optional
client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean
crl
object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
no_crl
object
trusted_ca
object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
trusted_ca_url
trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string
>= 1 characters <= 131072 characters
xfcc_disabled
object
xfcc_options
object
xfcc_header_elements
XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>
Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS
https_auto_cert
object
add_hsts
Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean
append_server_name
append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string
<= 8096 characters
coalescing_options
object
default_coalescing
object
strict_coalescing
object
connection_idle_timeout
Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64
default_header
object
default_loadbalancer
object
disable_path_normalize
object
enable_path_normalize
object
http_protocol_options
object
http_protocol_enable_v1_only
object
header_transformation
object
default_header_transformation
object
legacy_header_transformation
object
preserve_case_header_transformation
object
proper_case_header_transformation
object
http_protocol_enable_v1_v2
object
http_protocol_enable_v2_only
object
http_redirect
HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean
no_mtls
object
non_default_loadbalancer
object
pass_through
object
port
HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64
>= 1 <= 65535
port_ranges
Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string
>= 1 characters <= 512 characters
server_name
server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string
<= 8096 characters
tls_config
object
custom_security
object
cipher_suites
cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>
max_version
string
default: TLS_AUTO
Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3
min_version
string
default: TLS_AUTO
Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3
default_security
object
low_security
object
medium_security
object
use_mtls
object
client_certificate_optional
client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean
crl
object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
no_crl
object
trusted_ca
object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
trusted_ca_url
trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string
>= 1 characters <= 131072 characters
xfcc_disabled
object
xfcc_options
object
xfcc_header_elements
XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>
Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

Responses

Section titled “Responses”

200

Section titled “200”

A successful response.

Media typeapplication/json
object
Examplegenerated
{}

401

Section titled “401”

Returned when operation is not authorized.

Media typeapplication/json
string format: string
Examplegenerated
example

403

Section titled “403”

Returned when there is no permission to access resource.

Media typeapplication/json
string format: string
Examplegenerated
example

404

Section titled “404”

Returned when resource is not found.

Media typeapplication/json
string format: string
Examplegenerated
example

409

Section titled “409”

Returned when operation on resource is conflicting with current value.

Media typeapplication/json
string format: string
Examplegenerated
example

429

Section titled “429”

Returned when operation has been rejected as it is happening too frequently.

Media typeapplication/json
string format: string
Examplegenerated
example

500

Section titled “500”

Returned when server encountered an error in processing API.

Media typeapplication/json
string format: string
Examplegenerated
example

503

Section titled “503”

Returned when service is unavailable temporarily.

Media typeapplication/json
string format: string
Examplegenerated
example

504

Section titled “504”

Returned when server timed out processing request.

Media typeapplication/json
string format: string
Examplegenerated
example