The LoadMaster can be licensed using the license (offline) or alsilicense (online) commands. In this section, the online licensing (alsilicense) command is used. For further information on offline licensing and other commands relating to licensing, refer to the Licensing section.
\n","urlObject":{"protocol":"https","path":["access","alsilicense"],"host":["InsertNewLoadMasterIPAddress"],"query":[{"key":"kempid","value":"InsertProgressID"},{"key":"password","value":"InsertProgressIDPassword"},{"key":"lic_type_id","value":"1"}],"variable":[]}},"response":[{"id":"e6f09ae4-34b5-40d5-a151-ec0afcc2a86d","name":"License the LoadMaster","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://InsertNewLoadMasterIPAddress/access/alsilicense?kempid=InsertProgressID&password=InsertProgressIDPassword&lic_type_id=1","protocol":"https","host":["InsertNewLoadMasterIPAddress"],"path":["access","alsilicense"],"query":[{"key":"kempid","value":"InsertProgressID"},{"key":"password","value":"InsertProgressIDPassword"},{"key":"lic_type_id","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 19 Jul 2022 10:32:12 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"application/xml","description":"","type":"text"}],"cookie":[],"responseTime":null,"body":"\nUse the Set_Initial_Passwd command to set the password of the default LoadMaster user (bal).
\nParameter | Parameter Type | Description | Mandatory |
Passwd | String | This is the password for the default administrator user (bal). The password should contain at least 8 alphanumeric characters. | Yes |
If you are licensing using Kemp 360 Central, you may need to use the usersetsyspassword command.
\nRefer to the following table to determine what command you should use:
\n| LoadMaster Version | Kemp 360 Central version >= V2.3 | Kemp 360 Central version < V2.3 |
| LoadMaster >= V7.2.47 | Use usersetsyspassword | Use set_initial_password |
| LoadMaster < V7.2.47 | Use set_initial_password | Use set_initial_password |
To future-proof any existing LoadMaster deployment scripts you may have, modify the scripts to first use set_initial_password to attempt setting the bal password. If that fails, use usersetsyspassword.
If you are trying to license LoadMaster version 7.2.46 against a version of Kemp 360 Central that is above V2.3, you will not be able to log into the UI after setting the password using the API. To work around this, you must run the set command and set the motd value to an empty string after running the set_initial_password command.
You can license locally if using Kemp 360 Central with Activation Server functionality.
To retrieve a list of available license types, use the aslgetlicensetypes command.
\n\nThe aslhost parameter was introduced in LoadMaster firmware version 7.2.43. The parameters previously used were called aslipaddr and aslname. If you have scripts using these old parameters, you will need to update them to use the new aslhost parameter if upgrading.
\n
After running the aslgetlicensetypes command, a list of available license types with license IDs is displayed.
\n","urlObject":{"protocol":"https","path":["access","aslgetlicensetypes"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"aslhost","value":"InsertKemp360CentralIPAddress"},{"key":"aslport","value":"443"}],"variable":[]}},"response":[{"id":"b87b09dd-b3bf-4e7d-a425-907d0f1ebd87","name":"Retrive a List of Available License Types when using Kemp 360 Central Licensing","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://InsertLoadMasterIPAddress/access/aslgetlicensetypes?aslhost=InsertKemp360CentralIPAddress&aslport=443","protocol":"https","host":["InsertLoadMasterIPAddress"],"path":["access","aslgetlicensetypes"],"query":[{"key":"aslhost","value":"InsertKemp360CentralIPAddress"},{"key":"aslport","value":"443"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:06:11 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo activate the license, use the aslactivate command and specify the license type ID.
\nFor compatibility across releases, the lic_id_type and the licensetypeid can be used interchangeably in any command where a license type ID is required.
\n","urlObject":{"protocol":"https","path":["access","aslactivate"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"lic_type_id","value":"216"}],"variable":[]}},"response":[{"id":"0a476467-13bb-493c-8ada-7bf75d12a129","name":"Activate the License using Kemp 360 Central","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://InsertLoadMasterIPAddress/access/aslactivate?lic_type_id=216","protocol":"https","host":["InsertLoadMasterIPAddress"],"path":["access","aslactivate"],"query":[{"key":"lic_type_id","value":"216"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:08:33 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\n\n\nThe initial configuration API commands are not valid for pay-per-use cloud LoadMasters. They are valid for Bring Your Own License (BYOL) cloud LoadMasters.
\n
A number of steps are involved in initially deploying a LoadMaster, such as accepting the End User License Agreement (EULA) and licensing the unit. Before the LoadMaster can be fully deployed the user must display and accept the EULA. These initial configuration steps can either be performed using the UI or the API. The API commands relating to initial configuration are listed in the sections below.
\n\n\n","_postman_id":"e3d2ba28-8ac3-4516-b8c7-31c67d1653a8"},{"name":"Virtual Services","item":[{"name":"Virtual Service Commands","item":[{"name":"List All Virtual Services","id":"3740d47a-1b2d-4e7b-90e5-71c6336dc1ab","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listvs","description":"These commands should be run in sequential order.
\n
Retrieve details for all existing Virtual Services.
\nWhen the status of the Virtual Service is returned, the Real Servers associated with the Virtual Service are also returned.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","listvs"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"a4a633ba-7084-41a2-b0d7-e45930cdc913","name":"List All Virtual Services","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listvs"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 01 Aug 2024 08:23:27 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nCreate a new Virtual Service. When adding a Virtual Service, you can specify the values for all parameters.
\n\n\nFor details about these parameters, refer to the following section: Virtual Service Parameters
\n
When creating a new Virtual Service, the default values set are non-transparent and subnet originating - except for UDP services, which are transparent (force L4).
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addvs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"}],"variable":[]}},"response":[{"id":"01be5d01-8e32-4a65-b7fd-cc5e4414a240","name":"Add a Virtual Service","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addvs?vs=InsertVirtualServiceIPAddress&port=80&prot=tcp","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addvs"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 14:57:50 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nFrequently adding or deleting Virtual Services at a high velocity is not the recommended best practice. If you need to modify parameters, use the modvs command. If you need to constantly modify Virtual Service IP addresses, moving to FQDNs (rather than IP addresses) is the recommended best practice.
\n
To add a Virtual Service and automatically configure it with a template, run the addvs command with a template specified.
\nThe port and protocol parameters are required, but if the template sets the ports then the values entered in the command will be ignored.
\nFor commands on adding, removing, and listing templates, refer to the Manage Templates section.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addvs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"8810"},{"key":"prot","value":"tcp"},{"key":"template","value":"PASOE-HTTP-JSESSIONID_Cookie"}],"variable":[]}},"response":[{"id":"94306950-2ec1-4cd7-b2fe-4f44c888e18c","name":"Adding a Virtual Service using a Template","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addvs?vs=InsertVirtualServiceIPAddress&port=8810&prot=tcp&template=PASOE-HTTP-JSESSIONID_Cookie","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addvs"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"8810"},{"key":"prot","value":"tcp"},{"key":"template","value":"PASOE-HTTP-JSESSIONID_Cookie"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:01:32 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can use this command to modify the Virtual Service settings. For details about these parameters, refer to the Virtual Service Parameters section.
\n\n\nSome commands depend on other commands as a prerequisite. If the prerequisites are not met, the command will do nothing.
\n
\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modvs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"persist","value":"src"}],"variable":[]}},"response":[{"id":"75e366d2-2737-4b4e-bea2-cd6ac572b70f","name":"Modify a Virtual Service","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modvs?vs=InsertVirtualServiceIPAddress&port=80&prot=tcp&persist=src","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modvs"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"persist","value":"src"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:02:52 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nNot all parameters are applicable on all setups. The parameters available for use depends on the configured environment.
\n
Retrieve details for a specified Virtual Service (using IP Address, Port, and Protocol).
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","showvs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"}],"variable":[]}},"response":[{"id":"b4225067-de35-4776-b820-d7b9f171d8dc","name":"Show a Virtual Service (using IP Address, Port, and Protocol)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showvs?vs=InsertVirtualServiceIPAddress&port=80&prot=tcp","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","showvs"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:04:03 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nGet the details of a the specified Virtual Service using the Virtual Service ID.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","showvs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"1"}],"variable":[]}},"response":[{"id":"727a8a22-0309-44db-9cdb-86dfe994b1e0","name":"Show a Virtual Service (using ID)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showvs?vs=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","showvs"],"query":[{"key":"vs","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:05:26 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nDelete the Virtual Service with the IP address, port, and protocol specified.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delvs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"}],"variable":[]}},"response":[{"id":"dca46c18-f6b3-4d3f-a9b9-45f467e44ad0","name":"Delete a Virtual Service (using IP Address, Port, and Protocol)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delvs?vs=InsertVirtualServiceIPAddress&port=80&prot=tcp","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delvs"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:06:31 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nFrequently adding or deleting Virtual Services at a high velocity is not the recommended best practice. If you need to modify parameters, use the modvs command. If you need to constantly modify Virtual Service IP addresses, moving to FQDNs (rather than IP addresses) is the recommended best practice.
\n
To duplicate a Virtual Service, run the dupvs command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","dupvs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"8810"},{"key":"prot","value":"tcp"},{"key":"newport","value":"443"},{"key":"newvs","value":"InsertVirtualServiceIPAddress"}],"variable":[]}},"response":[{"id":"67801a73-c393-4ca3-99ed-98d2b7d5edff","name":"Duplicate a Virtual Service (using IP Address, Port, and Protocol)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/dupvs?vs=InsertVirtualServiceIPAddress&port=8810&prot=tcp&newport=443&newvs=InsertVirtualServiceIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","dupvs"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"8810"},{"key":"prot","value":"tcp"},{"key":"newport","value":"443"},{"key":"newvs","value":"InsertVirtualServiceIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:14:52 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo duplicate a Virtual Service, run the dupvs command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","dupvs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"2"},{"key":"newport","value":"443"},{"key":"newvs","value":"InsertVirtualServiceIPAddress"}],"variable":[]}},"response":[{"id":"d79d7dd5-fb13-401e-9342-7ec08c31fc9c","name":"Duplicate a Virtual Service (using ID)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/dupvs?vs=2&newport=443&newvs=InsertVirtualServiceIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","dupvs"],"query":[{"key":"vs","value":"2"},{"key":"newport","value":"443"},{"key":"newvs","value":"InsertVirtualServiceIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:16:37 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can retrieve the Virtual Service ID by running the listvs command.
\n
This section contains details about the various commands that you can run in relation to Virtual Services.
\n","_postman_id":"a4f2e2e9-ddf1-4002-bb81-a4c9b319e10a"},{"name":"Virtual Service Parameters","item":[{"name":"Properties","item":[],"id":"02a062e9-849f-4dc4-a850-745a871dd335","description":"The table below provides details about the properties of a Virtual Service.
\nName | Type | Default | Range | Description |
Port | I | unset | 3-65530, * | The port for the Virtual Service. A wildcard port can also be specified by using an asterisk (*). The port parameter is used to assign a port when initially creating a Virtual Service. If modifying the port of an existing Virtual Service, specify the existing port as the port parameter and use the vsport parameter to assign the new port. The reason why these must be separate parameters is because you need to specify what the port of the existing Virtual Service is (because there may be another Virtual Service with the same IP address but a different port) and if you want to change the port, a second port parameter (VSPort) is needed to specify the new port value. |
VSPort | I | unset | 3-65530, * | The port for the Virtual Service. The port parameter is used to assign a port when initially creating a Virtual Service. If modifying the port of an existing Virtual Service, specify the existing port as the port parameter and use the vsport parameter to assign the new port. The reason why these must be separate parameters is because you need to specify what the port of the existing Virtual Service is (because there may be another Virtual Service with the same IP address but a different port) and if you want to change the port, a second port parameter (VSPort) is needed to specify the new port value. |
Protocol | S | unset | udp, tcp | The protocol to be used for the Virtual Service. |
VSAddress | A | unset |
| The IP address of the Virtual Service. |
MasterVS | I (Read Only) | unset | 0 – Not a parent Virtual Service 1 – Is a parent Virtual Service | Signifies whether or not the Virtual Service is a parent Virtual Service (that is, if it has one or more SubVSs). |
The table below provides details about the Basic Properties of a Virtual Service.
\nName | Type | Default | Range | Description |
Enable | B | Y |
| Activate or deactivate the Virtual Service |
VStype | S | port-dependent | gen - Generic http - HTTP/HTTPS http2 - HTTP/2 ts - Remote Terminal tls – STARTTLS protocols log – Log Insight | Specifies the type of service being load balanced. |
NickName | S | unset |
| Specifies the \"friendly\" name of the service. In addition to the usual alphanumeric characters, the following ‘special’ characters can be used as part of the Service Name: . @ - _
You cannot use a special character as the first character of the Service Name. |
The table below provides details about the Standard Options of a Virtual Service.
\nName | Type | Default | Range | Description |
Cookie | S | unset |
| This parameter is only relevant when the persistence mode is set to cookie, active-cookie, cookie-src, or active-cook-src. Enter the name of the cookie to be checked. |
ForceL7 | B | Y (if not UDP) | 0 - Disabled 1 - Enabled | Enabling ForceL7 means the Virtual Service runs at Layer 7 and not Layer 4. This may be needed for various reasons, including that only Layer 7 services can be non-transparent. |
Idletime | I | 660 | 0-86400 | Specifies the length of time (in seconds) that a connection may remain idle before it is closed. The range for this parameter is 0 to 86400. Setting the Idletime to 0 ensures the default L7 connection timeout is used. You can modify the default timeout value by setting the ConnTimeout parameter. |
Persist | S | none | The list of relevant persist values are: ssl cookie active-cookie cookie-src active-cook-src cookie-hash cookie-hash-src url query-hash host header super super-src src rdp rdp-src rdp-sb rdp-sb-src none udpsip | Specify the type of persistence (stickiness) to be used for this Virtual Service. Note: If setting the persistence mode to an option that requires a cookie (or query-hash), the cookie parameter must also be set. |
SubnetOriginating | B | 0 | 0 – Disabled 1 – Enabled | When transparency is not enabled, the source IP address of connections to the Real Servers is that of the Virtual Service. When transparency is enabled, the source IP address will be the IP address that is initiating connection to the Virtual Service. If the Real Server is on a subnet, and the Subnet Originating Requests option is enabled, then the subnet address of the LoadMaster will be used as the source IP address. |
PersistTimeout | I | 0 | 0-2419200 | The length of time (in seconds) after the last connection that the LoadMaster will remember the persistence information. Timeout values are rounded down to an even number of minutes. Setting a value that is not a number of whole minutes results in the excess being ignored. Setting a value to less than 60 seconds results in a value of 0 being set, which disables persistency. |
Refreshpersist | B | 0 - Disabled 1 - Enabled | When this parameter is enabled, it keeps auto-refreshing persist entries for long lived connections. | |
QueryTag | S | unset |
| This is the query tag to be matched if the Persist type is set to query-hash. |
Schedule | S | rr | rr wrr lc wlc fixed adaptive sh dl sdn-adaptive uhash | Specify the type of scheduling of new connections to Real Servers that is to be performed. The valid values are spelled out below: rr = round robin wrr = weighted round robin lc = least connection wlc = weighted least connection fixed = fixed weighting adaptive = resource based (adaptive) sh = source IP hash dl = weighted response time sdn-adaptive = resource based (SDN adaptive) uhash = URL hash |
showadaptive | S | This parameter allows you to get the details of Virtual Service based adaptive parameters. Note: This parameter is only relevant if the Schedule parameter is set to adaptive. Note: This parameter is not supported in the LTSF LoadMaster version yet. | ||
AdaptiveInterval | I | 10 | 10-60 | This is the interval, in seconds, at which the LoadMaster checks the load on the servers. A low value means the LoadMaster is very sensitive to load, but this comes at a cost of extra load on the LoadMaster itself. 10 seconds is a good starting value. This value must not be less than the HTTP checking interval. Note: This parameter is only relevant if the Schedule parameter is set to adaptive. Note: This parameter is not supported in the LTSF LoadMaster version yet. |
AdaptiveUrl | S | The path name of the file containing the Real Server load value. The adaptive method retrieves load information from the servers using HTTP inquiry. This URL specifies the resource where the load information of the servers is stored. This resource can be either a file or program (for example Adaptive Agent) that delivers this information. The standard location is /load. It is the servers’ job to provide the current load data in this file in ASCII format. In doing so, the following must be considered: An ASCII file containing a value in the range of 0 to 100 in the first line where: 0=idle and 100=overloaded. As the number increases, that is, the server becomes more heavily loaded, the LoadMaster will pass less traffic to that server. Hence, it ‘adapts’ to the server loading. If the server becomes 101% or 102% loaded, a message is added to the logs. The file is set to \"/load\" by default. The file must be accessible using HTTP. The URL must be the same for all servers that are to be supported by the adaptive method. Note: This parameter is only relevant if the Schedule parameter is set to adaptive. Note: This parameter is not supported in the LTSF LoadMaster version yet. | ||
AdaptivePort | I | 80 | 3-65530 | This value specifies the port number of the HTTP daemon on the servers. Note: This parameter is only relevant if the Schedule parameter is set to adaptive. Note: This parameter is not supported in the LTSF LoadMaster version yet. |
AdaptiveMinPercent | I | 5 | 0-50 | This value specifies a threshold below which the balancer will switch to static weight-based scheduling, that is, normal Weighted Round Robin. The value is a percentage of the maximum load (0-50). Note: This parameter is only relevant if the Schedule parameter is set to adaptive. Note: This parameter is not supported in the LTSF LoadMaster version yet. |
ServerInit | I | 0 | 0-6 | By default, the LoadMaster will not initiate a connection with a Real Server until it has received some data from a client. This prohibits certain protocols from working as they need to communicate with the Real Server before transmitting data. If the Virtual Service uses one of these protocols, specify the protocol using the ServerInit parameter to enable it to work correctly. 0 = Normal Protocols 1 = SMTP 2 = SSH 3 = Other Server Initiating 4 = IMAP4 5 = MySQL 6 = POP3 |
Transparent | B | Y | 0 - Disabled 1 - Enabled | When using Layer 7, when this is enabled - the connection arriving at the Real Server appears to come directly from the client. Alternatively, the connection can be non-transparent which means that the connections at the Real Server appear to come from the LoadMaster. If a Virtual Service (with or without a SubVS) has SSL re-encrypt enabled, the transparency flag of the Virtual Service has no meaning (re-encryption forces transparency to be off). The transparency setting can still be modified by the API, and is honored when re-encrypt is disabled on the Virtual Service. |
UseforSnat | B | N | 0 – Disabled 1 – Enabled | By default, when the LoadMaster is being used to NAT Real Servers, the source IP address used on the Internet is that of the LoadMaster. Enabling this option allows the Real Servers configured to use the Virtual Service as the source IP address instead. If the Real Servers are configured on more than one Virtual Service which has this option set, only connections to destination port 80 will use this Virtual Service as the source IP address. |
QoS | S | 0 – Normal Service | 0 - Normal-Service 1 - Minimize-Cost 2 - Maximize-Reliability 4 - Maximize-Throughput 8 - Minimize-Delay 16 - Pass Through | The Quality of Service (QoS) parameter sets a Type of Service (ToS) in the IP header of packets that leave the Virtual Service. This means that the next device or service that deals with the packets will know how to treat and prioritize this traffic. Higher priority packets are sent from the LoadMaster before lower priority packets. |
StartTLSMode | I |
| 0-6
| 0 = HTTP/HTTPS (the Service Type needs to be set to HTTP/HTTPS for this to work) The Virtual Service Type must be set to STARTTLS for the remaining values to be set: 1 = SMTP (STARTTLS if requested) 2 = SMTP (STARTTLS always) 3 = FTP 4 = IMAP 6 = POP3 |
ExtraPorts | S | unset | 3-65530 | Specify extra ports that the Virtual Service will listen to. To remove any existing extra ports, set the ExtraPorts parameter to an empty string. |
The table below provides details about the SSL Properties of a Virtual Service.
\nName | Type | Default | Range | Description |
CertFile | S | unset |
| A list of certificate identifiers, separated by spaces. When used with the addvs command, all certificates required for the VS must be specified in a single space-separated list. Similarly, when using the modvs command, the entire list of certificates required for the VS must be specified. There is a limit of 8099 characters when assigning certificates to a Virtual Service using the API. |
Ciphers | S | Default assignment | All supported ciphers | Multiple ciphers can be assigned by inserting a colon between each cipher. When ciphers are assigned in this way, a Cipher Set called Custom_ will be created/updated. Note: The assigned ciphers list will be overwritten when ciphers are added in this way. Ensure to include all ciphers to be assigned. Note: Do not try to set the CipherSet parameter and the Ciphers parameter at the same time - use one or the other. Custom cipher sets can be created using a different command. For more information, refer to theModify a Custom Cipher Set/Create a New Custom Cipher Setsection. |
CipherSet | S | Default | All available cipher sets | This parameter can be used to assign a cipher set to a Virtual Service. System-defined cipher sets and custom cipher sets can be assigned using this parameter. The valid values are below:
Do not try to set the CipherSet parameter and the Ciphers parameter at the same time - use one or the other. Custom cipher sets can be created using a different command. For more information, refer to the Modify a Custom Cipher Set/Create a New Custom Cipher Set section. |
Tls13CipherSet | S | All TLS1.3 available cipher sets | You can use this parameter to assign TLS1.3 cipher sets to a Virtual Service. You can specify multiple ciphers using a space or colon-separated list. You cannot unset this parameter - at least one cipher set must be specified. The list of supported TLS1.3 Ciphers (and valid values) is as follows: - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - TLS_AES_128_GCM_SHA256 - TLS_AES_128_CCM_8_SHA256 - TLS_AES_128_CCM_SHA256 Note: The Tls13CipherSet parameter is not supported in the LTSF LoadMaster version yet. | |
ClientCert | I | 0 | 0-6 | 0 = No client certificates required 1 = Client certificates required 2 = Client certificates and add headers 3 = Client Certificates and pass DER through as SSL-CLIENT-CERT 4 = Client Certificates and pass DER through as X-CLIENT-CERT 5 = Client Certificates and pass DER through as SSL-CLIENT-CERT 6 = Client Certificates and pass PEM through as X-CLIENT-CERT |
PassCipher | B | 0 - Disabled 1 - Enabled | When this parameter is enabled, the LoadMaster adds X-SSL headers containing client SSLinformation such as TLS version, TLS cipher, client certificate serial number, and SNI host. Note: SSLAcceleration must be enabled to enable the PassCipher parameter. | |
SSLReencrypt | B | N | 0 - Disabled 1 - Enabled | This parameter is only relevant if SSL Acceleration is enabled. When this option is enabled, the SSL data stream is re-encrypted before sending to the Real Server. |
PassSNI | B | 0 - Disabled 1 - Enabled | Enable or disable the PassSNI parameter. | |
SSLReverse | B | N | 0 - Disabled 1 - Enabled | Enabling this parameter means that the data from the LoadMaster to the Real Server is re-encrypted. |
SSLRewrite | S | unset | unset, http, https | When the Real Server rejects a request with a HTTP redirect, the requesting Location URL may need to be converted to specify HTTPS instead of HTTP (and vice versa). |
ReverseSNIHostname | S | unset |
|
|
SecurityHeaderOptions | I | 0 - Don't add the Strict Transport Security Header | 0 - Don't add the Strict Transport Security Header 1 - Add the Strict Transport Security Header - no subdomains 2 - Add the Strict Transport Security Header - include subdomains 4 - Add the Strict Transport Security Header - no subdomains + preload | Enable this option to add the Strict-Transport-Security header to all LoadMaster-generated messages (ESP and error messages). Note: You can configure the maximum age for the message by setting the SecurityHeaderAge parameter. To retrieve the current value of the SecurityHeaderAge parameter, run the get command with the param value set to securityheaderage To set the parameter, run the set command. Valid values for this parameter range from 86400 (1 day) to 94608000 (2 years). |
SSLAcceleration | B | N | 0 - Disabled 1 - Enabled | Enable SSL handling on this Virtual Service. |
OCSPVerify | B | 0 – Disabled | 0 – Disabled 1 – Enabled | Verify (using Online Certificate Status Protocol (OCSP)) that the client certificate is valid. |
TLSType | B | Disabled if SSL Acceleration is not enabled. TLS1.1, TLS1.2, and TLS1.3 are enabled when SSL Acceleration is enabled. | 0 – 30 bitmask | Specify which of the following protocols to support; SSLv3, TLS1.0, TLS1.1, TLS1.2, or TLS1.3. The protocols can be enabled and disabled using a bitmask value. Refer to the table below to find out what number corresponds to which settings. |
NeedHostName | B | 0 – Disabled | 0 - Disabled 1 - Enabled | When this parameter is enabled, the hostname is always required to be sent in the TLS client hello message. If it is not sent, the connection will be dropped. |
IntermediateCerts | S | By default, all intermediate certificates are assigned | Valid cert names | Assign intermediate and root certificates to the specified Virtual Service. This provides the ability to restrict access. You cannot add a certificate to an already assigned list of certificates - all certificates that should be assigned to the Virtual Service must be specified in the one modvs command. If you enter more than one certificate name, separate them using a plus symbol (+). |
For the TLSType parameter, the protocols can be enabled and disabled using a bitmask value.
\nThe valid bitmask values vary depending on whether the SSLOldLibraryVersion parameter is enabled or disabled. Refer to the relevant section below to find out what number corresponds to which settings.
\nSSLOldLibraryVersion Disabled
If the SSLOldLibraryVersion parameter is disabled, the bitmask values and settings are as outlined in the table below:
Number | SSLv3 | TLS1.0 | TLS1.1 | TLS1.2 | TLS1.3 |
0 | Enabled | Enabled | Enabled | Enabled | Enabled |
1 | Disabled | Enabled | Enabled | Enabled | Enabled |
2 | Enabled | Disabled | Enabled | Enabled | Enabled |
3 | Disabled | Disabled | Enabled | Enabled | Enabled |
4 | Enabled | Enabled | Disabled | Enabled | Enabled |
5 | Disabled | Enabled | Disabled | Enabled | Enabled |
6 | Enabled | Disabled | Disabled | Enabled | Enabled |
7 | Disabled | Disabled | Disabled | Enabled | Enabled |
8 | Enabled | Enabled | Enabled | Disabled | Enabled |
9 | Disabled | Enabled | Enabled | Disabled | Enabled |
10 | Enabled | Disabled | Enabled | Disabled | Enabled |
11 | Disabled | Disabled | Enabled | Disabled | Enabled |
12 | Enabled | Enabled | Disabled | Disabled | Enabled |
13 | Disabled | Enabled | Disabled | Disabled | Enabled |
14 | Enabled | Disabled | Disabled | Disabled | Enabled |
15 | Disabled | Disabled | Disabled | Disabled | Enabled |
16 | Enabled | Enabled | Enabled | Enabled | Disabled |
17 | Disabled | Enabled | Enabled | Enabled | Disabled |
18 | Enabled | Disabled | Enabled | Enabled | Disabled |
19 | Disabled | Disabled | Enabled | Enabled | Disabled |
20 | Enabled | Enabled | Disabled | Enabled | Disabled |
21 | Disabled | Enabled | Disabled | Enabled | Disabled |
22 | Enabled | Disabled | Disabled | Enabled | Disabled |
23 | Disabled | Disabled | Disabled | Enabled | Disabled |
24 | Enabled | Enabled | Enabled | Disabled | Disabled |
25 | Disabled | Enabled | Enabled | Disabled | Disabled |
26 | Enabled | Disabled | Enabled | Disabled | Disabled |
27 | Disabled | Disabled | Enabled | Disabled | Disabled |
28 | Enabled | Enabled | Disabled | Disabled | Disabled |
29 | Disabled | Enabled | Disabled | Disabled | Disabled |
30 | Enabled | Disabled | Disabled | Disabled | Disabled |
SSLOldLibraryVersion Enabled
If the SSLOldLibraryVersion parameter is enabled, TLS1.3 is not available and the range of the bitmask value is 0-14, as outlined in the table below.
Number | SSLv3 | TLS1.0 | TLS1.1 | TLS1.2 |
0 | Enabled | Enabled | Enabled | Enabled |
1 | Disabled | Enabled | Enabled | Enabled |
2 | Enabled | Disabled | Enabled | Enabled |
3 | Disabled | Disabled | Enabled | Enabled |
4 | Enabled | Enabled | Disabled | Enabled |
5 | Disabled | Enabled | Disabled | Enabled |
6 | Enabled | Disabled | Disabled | Enabled |
7 | Disabled | Disabled | Disabled | Enabled |
8 | Enabled | Enabled | Enabled | Disabled |
9 | Disabled | Enabled | Enabled | Disabled |
10 | Enabled | Disabled | Enabled | Disabled |
11 | Disabled | Disabled | Enabled | Disabled |
12 | Enabled | Enabled | Disabled | Disabled |
13 | Disabled | Enabled | Disabled | Disabled |
14 | Enabled | Disabled | Disabled | Disabled |
Another way of determining the correct bitmask value to set for the TLSType parameter is outlined in the partial table and explanation below.
\nDec Bit Values | 16 | 8 | 4 | 2 | 1 | Values Set |
TLS1.3 | TLS1.2 | TLS1.1 | TLS1.0 | SSLv3 | ||
0 | off | off | off | off | off | All TLS types enabled |
3 | off | off | off | on | on | 1.1,1.2,1.3 enabled |
23 | on | off | on | on | on | Only TLS1.2 enabled |
15 | off | on | on | on | on | Only TLS1.3 enabled |
Here are some notes about the above table:
\n* For all TLS types that you want to enable, you leave the bit off and turn on the rest
* A value of 31 is not possible (all bits on) because you would be disabling all TLS types so valid values are 0 - 30
* When TLS1.3 is not available (if the SSLOldLibraryVersion is enabled) then the range becomes 0 - 15. However, 15 is not a valid value so the valid range is 0 - 14
Another way of thinking about this is by adding 16+8+4+2+1=31 and then whatever TLS type you want on, you subtract from 31.
If TLS 1.3 is not available, then you leave out the TLS 1.3 column above and add 8+4+2+1.
To upload an error file using the RESTful API, run the uploadvserrfile command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","uploadvserrfile"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"data","value":"InsertBase64-EncodedString"},{"key":"vs","value":"2"}],"variable":[]}},"response":[{"id":"ff41c9fa-1ae0-491e-a364-3349fdb88e76","name":"Upload an Error File","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/uploadvserrfile?data=InsertBase64-EncodedString&vs=2","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","uploadvserrfile"],"query":[{"key":"data","value":"InsertBase64-EncodedString"},{"key":"vs","value":"2"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:18:25 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nIf a command requires binary data (file uploads), this data must be passed in the \"data\" string and be base64-encoded.
\n
As of LoadMaster firmware version 7.2.52, it is possible to upload an error file to be sent with a Virtual Service error response.
\n","_postman_id":"5c41f841-d5c9-49f3-8f74-75066822e4eb"},{"name":"Verify Parameter","item":[],"id":"121ed619-f135-43d5-972a-4eb82da02060","description":"Verify is a bitmask. The valid values of the Verify parameter are as follows:
\n- \n
Bit 0: set this to 1 to enable detection intrusion
\n\n
\nBit 0 must be set to 1 to use the other two bits.
\n \nBit 1 determines whether to reject or drop a connection. Setting it to 1 will drop the connection.
\n \nBit 2 determines whether to give just warnings on bad requests or also on malicious (but not invalid) requests.
\n\n
\nBits 3 to 7 cannot be set – an error message displays if you try to do this.
\n \n
The following table lists the valid integers and the values they set the fields to when used:
\nInteger | Detect Malicious Requests | Intrusion Handling | Warnings Checkbox |
0 | Disabled | N/A | N/A |
1 | Enabled | Drop Connection | Unchecked |
2 | Enabled | Send Reject | Unchecked |
3 | Enabled | Send Reject | Unchecked |
4 | Enabled | Drop Connection | Checked |
5 | Enabled | Drop Connection | Checked |
6 | Enabled | Send Reject | Checked |
7 | Enabled | Send Reject | Checked |
\n\n","_postman_id":"121ed619-f135-43d5-972a-4eb82da02060"}],"id":"d890b577-8d7d-4663-895e-949bfca71c16","description":"You cannot set the Verify parameter to a value above 7. The maximum value is 7.
\n
The table below provides details about the Advanced Properties of a Virtual Service.
\nName | Type | Default | Range | Description |
HTTPReschedule | B | 0 - Disabled | 0 - Disabled 1 - Enabled | The HTTPReschedule parameter is only relevant if the Virtual Service prot is set to tcp and the VStype is set to http. If this parameter is enabled and content switching is not in use, this forces the reselection of a Real Server for each request. By default, the Real Server is selected only once per connection. You cannot enable the HTTPReschedule parameter if the AllowHTTP2 parameter is enabled. Note: The HTTPReschedule parameter is not supported in the LTSF LoadMaster version yet. The Persist parameter must be set to none to use the HTTPReschedule parameter. |
CopyHdrFrom | S | unset |
| This is the name of the source header field to copy into the new header field before the request is sent to the Real Servers. |
CopyHdrTo | S | unset |
| Used in conjunction with the CopyHdrFrom parameter. The name of the header field into which the source header is to be copied. |
AddVia | I |
| 0 = Legacy Operation(X-Forwarded-For) 1 = X-Forwarded-For (+ Via) 2 = None 3 = X-ClientSide (+ Via) 4 = X-ClientSide (No Via) 5 = X-Forwarded-For (No Via) 6 = Via Only | This corresponds to the Add HTTP Headers field in the UI. Select which headers are to be added to HTTP requests. X-ClientSide and X-Forwarded-For are only added to non-transparent connections. |
AllowHTTP2 | B | 0 – Disabled | 0 – Disabled 1 – Enabled | Enable HTTP2 for this Virtual Service. SSL Acceleration must be enabled before HTTP2 can be enabled. The BestPractices cipher set should be used when HTTP2 is enabled. |
Cache | B | N | 0 - Caching Disabled 1 – Caching Enabled | Enable or disable the caching of URLs. |
Compress | B | N | 0 – Disabled 1 - Enabled | When enabled, files sent from the LoadMaster are compressed with Gzip. |
CachePercent | I | 0 | 0-100 | This parameter is only relevant if caching is enabled. Specify the maximum percentage of cache space permitted for this Virtual Service. |
DefaultGW | A | unset |
| Specify the Virtual Service-specific default gateway to be used and to send responses back to clients. If not set, the global default gateway will be used. |
ErrorCode | I | 0 | 200-505 | If no Real Servers are available, the LoadMaster can terminate the connection with an HTTP error code. Specify the error code number in this parameter. To unset the error code, set the parameter to an empty string. In LoadMaster firmware version 7.2.52 it is possible to upload an error file using the API to add to the error response. For further details, refer to theUpload Error Filesection. |
ErrorUrl | S | unset |
| When no Real Servers are available and an error response is sent back to the client, a redirect URL can also be specified. |
PortFollow | I | unset | 0 and 3-65530 | This parameter was depreciated as of 7.1-24. For LoadMasters with version 7.1-24 or higher, use the FollowVSID parameter to set port following. Specify the ID of the Virtual Service to follow. Setting this value to 0 disables port following. 1 and 2 are not valid values so ensure that the Virtual Service that you want to follow has a value between 3 and 65530. |
FollowVSID | I | unset |
| Specify the ID of the Virtual Service to follow. |
LocalBindAddrs | A | unset | A space separated list of IP addresses | This corresponds to the Alternate Source Address in the Advanced Properties section of the UI. Allow connections scaling over 64K Connections needs to be enabled in L7 Configuration for this feature to work. |
NRequestRules | I (Read only) | unset |
| This displays the number of HTTP Header Modification request rules. |
NResponseRules | I (Read only) | unset |
| This displays the number of HTTP Header Modification response rules. |
RequestRules | List (Read only) |
|
| The list of request rules that are assigned to the Virtual Service. |
ResponseRules | List (Read only) |
|
| The list of response rules that are assigned to the Virtual Service. |
StandbyAddr | A | unset |
| Specify the IP address of the “Sorry” server that is to be used when no other Real Servers are available. This server will not be health checked and is assumed to be always available. |
StandbyPort | I | unset |
| Specify the port of the “Sorry” server. |
Non_local | B | unset | 0 - Disabled 1 - Enabled | Set this parameter to 1 (enabled) if you are adding a non-local sorry server using the StandByAddr and StandByPort parameters. |
Verify | I | 0 | 0-7 (bitmask) | Refer to the Verify Parameter section for further information on the Verify parameter. |
AltAddress | A | unset | IP address | Specify the alternate address for this Virtual Service. |
AddVia | I |
| 0-6
| Specify which headers to be added to HTTP requests. X-ClientSide and X-Forwarded-For are only added to non-transparent connections. 0 = Legacy Operation(X-Forwarded-For) 1 = X-Forwarded-For (+ Via) 2 = None 3 = X-ClientSide (+ Via) 4 = X-ClientSide (No Via) 5 = X-Forwarded-For (No Via) 6 = Via Only |
PreProcPrecedence | S | unset |
| This parameter should be used in conjunction with PreProcPrecedencePos. This parameter is used to specify the name of the existing rule whose position you wish to change. This parameter relates to Content Matching Rules only. |
PreProcPrecedencePos | Int16 | unset |
| This parameter, in conjunction with the PreProcPrecedence parameter, is used to change the position of the rule in a sequence of rules. For example, a position of 2 means the rule will be checked second. This parameter relates to the Content Matching Rules only. |
RequestPrecedence | String | unset |
| This parameter should be used in conjunction with RequestPrecedencePos. This parameter is used to specify the name of the existing request rule whose position you wish to change. This parameter relates to the following rule types: Content Matching Add Header Delete Header Replace Header Modify URL |
RequestPrecedencePos | Int16 | unset |
| This parameter, in conjunction with the RequestPrecedence parameter, is used to change the position of the rule in a sequence of rules. For example, a position of 2 means the rule will be checked second. |
ResponsePrecedence | String | unset |
| This parameter should be used in conjunction with ResponsePrecedencePos. This parameter is used to specify the name of the existing response rule whose position you wish to change. This parameter relates to the following rule types: Content Matching Add Header Delete Header Replace Header |
ResponsePrecedencePos | Int16 | unset |
| This parameter, in conjunction with the ResponsePrecedence parameter, is used to change the position of the rule in a sequence of rules. For example, a position of 2 means the rule will be checked second. |
MatchBodyPrecedence | String | unset | This parameter should be used in conjunction with MatchBodyPrecedencePos. Use this parameter to specify the name of the existing body modification rule that you want to change the position of. This parameter relates to Body Modification rules only. | |
MatchBodyPrecedencePos | Int16 | unset | Use this parameter, in conjunction with the MatchBodyPrecedence parameter, to change the position of the rule in a sequence of rules. For example, a position of 2 means the rule is checked second. | |
ResponseStatusRemap | B | 0 - Disabled 1 - Enabled | When this parameter is enabled, all error messages coming from the Real Servers are blocked and a simplified standard error message is generated. The text of this message is encoded in JSON and contains a { \"status\" : , \"message\": }, where status is the response code coming from the Real Server (unless this has been changed in the error response mappings) and the message string is the standard message text for that error message (as defined here:HTTP response status code). Note: This parameter is not supported in the LTSF LoadMaster version yet. | |
ResponseRemapMsgMap | S | Use this parameter to edit the response text for response codes. For example: ResponseRemapMsgMap=300: Example+Updated+Message You can also configure the response text for multiple response codes. For example: ResponseRemapMsgMap=300: Example+Updated+Message,301:Testing+response Note: This parameter is not supported in the LTSF LoadMaster version yet. | ||
ResponseRemapMsgFormat | B | 0 - JSON 1 - XML | This parameter allows you to select the response code text format. Note: This parameter is not supported in the LTSF LoadMaster version yet. | |
ResponseRemapCodeMap | S | This parameter is used to map the error codes. A combination of Response Codes from Server and Response Code to Client is specified using a space or comma separated list. For example: ResponseRemapMap=403:400,404:400 Each server response code can only be mapped once per Virtual Service. However, you can map multiple different server response codes to the same client response code. For example, you can map errors 404 and 403 to error 400. Note: Setting a value for the ResponseRemapCodeMap command overrides previously configured values. Note: This parameter is not supported in the LTSF LoadMaster version yet. |
The WAF InterceptOpts parameter is a special parameter – it can be used to set the value for multiple fields, rather than just one field as with most other parameters. The InterceptOpts parameter allows the specification of most of the fields in the WAF Options section of the Virtual Service modify screen in the LoadMaster UI.
\n\n\nTo enable WAF, set the Intercept parameter to 1.
\n
The names of the specific UI fields that the InterceptOpts parameter is related to, are listed in the table below.
\nOne or more field values can be set in one command. Multiple values can be set in the one command by separating the values with a semi-colon, for example:
\n\"InterceptOpts\": \"opnormal;auditnone;reqdataenable;resdataenable;jsondisable;xmldisable\"
The table below outlines what each of the values mean.
\n\n\nThe values that are related to the same UI option are mutually exclusive. For example, you cannot set Basic Operation to both opnormal and opblock.
\n
Value | Related UI Option | Default | Meaning |
opnormal | Default Operation | Audit Only | Set the Basic Operation to Audit Only |
opblock | Default Operation | Audit Only | Set the Basic Operation to Block Mode |
auditnone | Audit mode | No Audit | Set the Audit mode to No Audit. No data is logged. |
auditrelevant | Audit mode | No Audit | Set the Audit mode to Audit Relevant. Logs data which is of a warning level and higher. |
auditall | Audit mode | No Audit | Set the Audit mode to Audit All. Logs all data through the Virtual Service. The Audit All option is not recommended for use in normal operation. Audit All should only be used when troubleshooting a specific problem. |
reqdataenable | Inspect HTML POST Request Content | Disabled | Enable the Inspect HTML POST Request Content option |
reqdatadisable | Inspect HTML POST Request Content | Disabled | Disable the Inspect HTML POST Request Content option |
resdataenable | Process Response Data | Disabled | Enable the Process Response Data option |
resdatadisable | Process Response Data | Disabled | Disable the Process Response Data option |
jsondisable | Enable JSON Parser | Enabled | Disable the JSON parser. This option is only relevant if the Inspect HTML POST Request Content option is enabled. |
jsonenable | Enable JSON Parser | Enabled | Enable the JSON parser. This option is only relevant if the Inspect HTML POST Request Content option is enabled. |
xmldisable | Enable XML Parser | Enabled | Disable the XML parser. This option is only relevant if the Inspect HTML POST Request Content option is enabled. |
xmlenable | Enable XML Parser | Enabled | Enable the XML parser. This option is only relevant if the Inspect HTML POST Request Content option is enabled. |
| otherctypesdisable | Enable Other Content Types | Disabled | Disable verification of POST content types (other than XML/JSON). |
otherctypesenable | Enable Other Content Types | Disabled | Enable verification of POST content types (other than XML/JSON). Enabling the inspection of any other content types may increase system resource utilization (CPU and memory). A specific list of content types should be considered. When this option is enabled, the InterceptPOSTOtherContentTypes parameter can be used to enter a comma-separated list of POST content types allowed for WAF analysis. By default, all types (other than XML/JSON) are enabled. |
All rules for a particular WAF ruleset can be assigned to a Virtual Service by running the vsaddwafrule command.
\nThe rule name must be preceded with the relevant letter or word and a forward slash. The letter/word used depends on the type of rule being added:
\n\n\nThis is case sensitive. The letter/word needs to be in in the correct case (as per the case used in this document below) for the command to work.
\n
- \n
- C or Custom \n
- Z or ApplicationGeneric \n
- A or ApplicationSpecific \n
- G or Generic \n
\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","vsaddwafrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rule","value":"G/ip_reputation"}],"variable":[]}},"response":[{"id":"c77c0bac-b67f-486f-8a2f-ee681b5fc000","name":"Assign a WAF Rule to a Virtual Service","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/vsaddwafrule?vs=InsertVirtualServiceIPAddress&port=80&prot=tcp&rule=G/ip_reputation","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","vsaddwafrule"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rule","value":"G/ip_reputation"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 14:53:42 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nAll parameters listed in the example command are required for the vsaddwafrule command. If any of the parameters is omitted, a String value missing error will be displayed.
\n
Multiple rules can be assigned in the same command by separating them with a space (or %20).
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","vsaddwafrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rule","value":"G/malware_detection%20G/known_vulns"}],"variable":[]}},"response":[{"id":"0f93ef19-84df-4a45-8b23-a3c302b7e51d","name":"Add Multiple WAF Rules to a Virtual Service","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/vsaddwafrule?vs=InsertVirtualServiceIPAddress&port=80&prot=tcp&rule=G/malware_detection%20G/known_vulns","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","vsaddwafrule"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rule","value":"G/malware_detection%20G/known_vulns"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 14:56:21 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nView a list of rules and rule IDs for an active ruleset by running the vslistwafruleids command.
\nA list of rules and their IDs will be displayed for the specified ruleset.
\nThe ID is the number displayed before the rule name.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","vslistwafruleids"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rule","value":"G/malware_detection"}],"variable":[]}},"response":[{"id":"517e1d1e-76cd-49bc-bc19-0e0ec998b6c7","name":"View a List of Rule and Rule IDs for an Active Ruleset","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/vslistwafruleids?vs=InsertVirtualServiceIPAddress&port=80&prot=tcp&rule=G/malware_detection","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","vslistwafruleids"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rule","value":"G/malware_detection"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 14:58:34 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nWhen adding a ruleset, you can specify the specific rules to not enable within the ruleset by specifying the rule IDs to not enable.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","vsaddwafrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rule","value":"G/malware_detection"},{"key":"disablerules","value":"2200005,2200006"}],"variable":[]}},"response":[{"id":"d2c3d414-bb2a-49fb-9cfe-781fc2ff2995","name":"Add a Ruleset with Specific Rules Disabled","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/vsaddwafrule?vs=InsertVirtualServiceIPAddress&port=80&prot=tcp&rule=G/malware_detection&disablerules=2200005,2200006","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","vsaddwafrule"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rule","value":"G/malware_detection"},{"key":"disablerules","value":"2200005,2200006"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 15:00:43 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo disable a specific rule (or rules) (and not an entire ruleset), run the vsaddwafrule command with a blank rule parameter.
\nRelated UI Item
\nVirtual Services > View/Modify Services > Modify > WAF Options > Manage Rules
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","vsaddwafrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rule","value":""},{"key":"disablerules","value":"2200005,2200006"}],"variable":[]}},"response":[{"id":"144e228e-bac6-47a2-bebf-f831bb576b8c","name":"Disable a Specific Rule (or Rules)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/vsaddwafrule?vs=InsertVirtualServiceIPAddress&port=80&prot=tcp&rule=&disablerules=2200005,2200006","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","vsaddwafrule"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rule","value":""},{"key":"disablerules","value":"2200005,2200006"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 15:03:53 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nA WAF rule can be unassigned from a Virtual Service by running the vsremovewafrule command. This command relate to the Available Rules and Assigned Rules fields in the Virtual Service modify screen in the UI.
\nThe rule name must be preceded with the relevant letter or word and a forward slash. The letter/word used depends on the type of rule being added:
\nC or Custom
Z or ApplicationGeneric
A or ApplicationSpecific
G or Generic
\n\nAll parameters listed in the example command are required for the vsremovewafrule command. If any of the parameters is omitted, a String value missing error will be displayed.
\n
Related UI Item
\nVirtual Services > View/Modify Services > Modify > WAF Options > Manage Rules
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","vsremovewafrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rule","value":"G/ip_reputation"}],"variable":[]}},"response":[{"id":"452f596e-8f45-4899-b89e-b8bb633e5ead","name":"Unassign a WAF Rule from a Virtual Service","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/vsremovewafrule?vs=InsertVirtualServiceIPAddress&port=80&prot=tcp&rule=G/ip_reputation","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","vsremovewafrule"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rule","value":"G/ip_reputation"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 15:05:51 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe table below provides details about the WAF Settings of a Virtual Service.
\nName | Type | Default | Range | Description |
Intercept | B | 0 | 0 – Disabled 1 – Enabled | Enable/disable the legacy Web Application Firewall (WAF) for this Virtual Service. |
InterceptMode | I | 0 | 0 - Disabled 1 - Legacy 2 - OWASP | You cannot switch from one WAF mode to another. You must first disable WAF (set InterceptMode to 0) and then you can switch to the other mode. Note: Legacy WAF was deprecated and removed from the LoadMaster in version 7.2.61 - to enable OWASP WAF set the InterceptMode parameter to 2. |
InterceptOpts | S | unset |
| Most of the fields in the WAF Options section of the Virtual Service modify screen in the LoadMaster UI can be set using this parameter. For more information, refer to theAFP InterceptOpts Parametersection. |
InterceptPOSTOtherContentTypes | S | unset | When the otherctypesenable parameter is enabled, use the InterceptPOSTOtherContentTypes parameter to enter a comma-separated list of POST content types allowed for WAF analysis, for example text/plain,text/css. By default, all types (other than XML/JSON) are enabled. To set this to any other content types, set the value to any. Enabling the inspection of any other content types may increase system resource utilization (CPU and memory). A specific list of content types should be considered. | |
AlertThreshold | I | 0 - disabled | 0 - 100000 | This is the threshold of incidents per hour before sending an alert. Setting this to 0 disables alerting.
|
The table below provides details about the ESP Options of a Virtual Service.
\nName | Type | Default | Range | Description |
AllowedHosts | S | unset |
| This parameter is only relevant when ESP is enabled. Specify all the virtual hosts that can be accessed using this Virtual Service. |
AllowedDirectories | S | unset | You can specify up to 254 characters for this parameter. | This parameter is only relevant when ESP is enabled. Specify all the virtual directories that can be accessed using this Virtual Service. |
Domain | S | unset |
| The Single Sign On (SSO) domain in which this Virtual Service will operate. |
Logoff | S | unset | You can specify up to 255 characters for this parameter. | This parameter is only relevant when ESP is enabled and when the Client Authentication Mode is set to Form Based. Specify the string that the LoadMaster should use to detect a logout event. Multiple logoff strings can be specified by using a space-separated list. If the URL to be matched contains sub-directories before the specified string, the Logoff String will not be matched. Therefore, the LoadMaster will not log the user off. |
| AddAuthHeader | S | unset | You can specify up to 255 characters for this parameter. | This option is only available if SAML is selected as the InputAuthMode. Specify the name of the HTTP header. This header is added to the HTTP request from the LoadMaster to the Real Server and its value is set to the user ID for the authenticated session. You can unset the value of this parameter by running the modvs command with the addauthheader parameter set to an empty string. |
DisplayPubPriv | B | 1 – Enabled | 0 – Disabled 1 – Enabled | Display the public/private option on the login page. Based on the option the user selects on the login form, the session timeout value will be set to the value specified for either the public or private timeout. |
DisablePasswordForm | B | 0 – Disabled | 0 – Disabled 1 – Enabled | Enabling this option removes the password field from the login page. This may be needed when password validation is not required, for example, if using RSA SecurID authentication in a singular fashion. |
| Captcha | B | 0 - Disabled | 0 - Disabled 1 - Enabled | Enable this parameter to allow CAPTCHA verification on the login page. The LoadMaster only supports CAPTCHA v2. The InputAuthMode must be set to 2 (Form Based) for the CAPTCHA parameters to be relevant All CAPTCHA parameters must be set before it can be used. Both the LoadMaster and the client machine must be able to access Google for this to work. Before the CAPTCHA has been correctly answered, the submit button on the login form is disabled. If the user does not submit the form within two minutes of answering the CAPTCHA, the CAPTCHA times out (Google-specified timeout), and the user must verify a new CAPTCHA (the submit button is disabled until the new CAPTCHA has been verified). |
| CaptchaPublicKey | S | unset | The key that was provided as the public key when you signed up for the CAPTCHA service. | |
| CaptchaPrivateKey | S | unset | The key that was provided as the private key when you signed up for the CAPTCHA service. | |
| CaptchaAccessUrl | S | www.google.com/recaptcha/api.js | The URL of the service that provides the CAPTCHA challenge. Do not start this URL with https. Only CAPTCHA V2 is currently supported. | |
| CaptchaVerifyUrl | S | www.google.com/recaptcha/api/siteverify | The URL of the service that verifies the response to the CAPTCHA challenge. Do not start this URL with https. Only CAPTCHA V2 is currently supported. | |
ESPLogs | I | 7 | Integer 0-7
| Enable ESP logging. Valid values are below: 0 = Logging off 1 = User Access 2 = Security 3 = User Access and Security 4 = Connection 5 = User Access and Connection 6 = Security and connection 7 = User Access, Security and Connection Note: The only valid values for SMTP services are 0 and 4. For SMTP services, security issues are always logged. Nothing is logged for user access because there are no logins. |
SMTPAllowedDomains | S | unset |
| Specify all the permitted domains that are allowed to be received by this Virtual Service. |
| ExcludedDirectories | S | unset | This parameter is only relevant when ESP is enabled. Any virtual directories specified within this field will not be pre-authorized on this Virtual Service and are passed directly to the relevant Real Servers. | |
EspEnabled | B | N | 0 – Disabled 1 - Enabled | Enable or disable the Edge Security Pack (ESP) features. |
InputAuthMode | I | 0 | 0-8
| Specify the client authentication method to be used: 0 = Delegate to Server 1 = Basic Authentication 2 = Form Based 4 = Client Certificate 5 = NTLM 6 = SAML 7 = Pass Post 8 = OIDC / OAUTH |
OutputAuthMode | I | Dependent on InputAuthMode value | 0-4
| Specify the server authentication mode to be used: 0 = None 1 = Basic Authentication 2 = Form Based 3 = KCD 4 = Server Token |
| TokenServerFQDN | S | unset | You can specify up to 127 characters for this parameter. | This parameter is only relevant when using SAML as the Client Authentication Mode (InputAuthMode) and Server Token as the Server Authentication Mode (OutputAuthMode). When set, the LoadMaster contacts the token server at the given FQDN during sign-on and obtains a permanent access token from that token server. If this parameter is unset, then the LoadMaster obtains the token from the Real Server. |
ServerFbaPath | S | unset |
| Only relevant when using form-based authentication as the Server Authentication Mode (OutputAuthMode). Set the authentication path for server-side Form Based Authentication (FBA). When used in Exchange environments, this does not need to be set. |
ServerFBAPost | S | unset |
| Only relevant when using form-based authentication as the Server Authentication Mode (OutputAuthMode). Set the format string used to generate POST body for server side FBA. The value must be base64-encoded. When used in Exchange environments, this does not need to be set. |
| ServerFbaUsernameOnly | B | 0 - Disabled | 0 - Disabled 1 - Enabled | This option is only relevant if the InputAuthMode is set to 2 (Form Based), the OutputAuthMode is set to 2 (Form Based), and the ServerFbaPath has been entered. Enable this option to send the username only (without the domain part) in the server-side form-based authentication POST request. |
OutConf | S | unset |
| Enter the name of the outbound SSO domain. |
SingleSignOnDir | S | unset | - Blank - Dual Factor Authentication - Exchange - Français Canadien - Blank - Français Canadien - Exchange - Português do Brasil - Blank - Português do Brasil - Exchange | This parameter relates to the SSO Image Set drop-down in the ESP Options section of the modify Virtual Service screen. Specify the name of the image set to be used for the login screen. If no image set is specified, the default Exchange image set will be used. |
| SingleSignOnMessage | S | unset | You can specify up to 255 characters for this parameter. | Specifies the SSO message that is displayed. The SingleSignOnMessage parameter accepts HTML code, so you can insert an image if required. There are several characters that are not supported. These are the grave accent character ( ` ) and the single quote ('). If a grave accent character is used in the SingleSignOnMessage, the character will not display in the output, for example a`b`c becomes abc. If a single quote is used, users will not be able to log in. |
AllowedGroups | S | unset | You can specify up to 2048 characters for this parameter. | Specify the groups that are allowed to access this Virtual Service. If the parameter value is longer than the maximum length of a HTTP GET query (1024 characters), you must set the HTTP Method to POST. |
GroupSIDs | S | unset | This parameter allows a list of group SIDs of up to 64 bytes and 2048 characters in length. | Specify the group security identifiers (SIDs) that are allowed to access this Virtual Service. Each group is separated by a semi-colon. Spaces are used to separate bytes in certain group SIDs. Here is an example: S-1-5-21-703902271-2531649136-2593404273-1606 SIDs can be found by using the get-adgroup-Identity GroupName command.
If the parameter value is longer than the maximum length of HTTP GET query (1024 characters), you must set the HTTP Method to POST. |
IncludeNestedGroups | B | 0 - Disabled | 0 – Disabled 1 - Enabled | This parameter relates to the AllowedGroups parameter. Enable this option to include nested groups in the authentication attempt. If this option is disabled, only users in the top-level group will be granted access. If this option is enabled, users in both the top-level and first sub-level group will be granted access. |
| SteeringGroups | S | unset | You can specify up to 2048 characters for this parameter. | Enter the Active Directory group names that will be used for steering traffic. If the parameter value is longer than the maximum length of a HTTP GET query (1024 characters), you must set the HTTP Method to POST. |
| VerifyBearer | B | 0 - Disabled | 0 - Disabled 1 - Enabled | Enable this option to verify if the authentication header contains a bearer record. This is used when doing JSON web token validation. |
| BearerCertificateName | S | unset | A valid name of an uploaded certificate. | This option is only visible if the VerifyBearer parameter is enabled. Specify the name of the relevant certificate (this must be first uploaded to the LoadMaster using the addcert command) containing a Public Key used to validate the authenticity of the JSON Web Token Signature. This is used when doing JSON web token validation. |
| BearerText | S | unset | This option is only visible if the VerifyBearer parameter is enabled. You can enter up to five bearer header validation strings (comma-separated list). This is used when doing JSON web token validation. | |
ExcludedDomains | S | unset |
| Any virtual directories specified within this field will not be pre-authorized on this Virtual Service and will be passed directly to the relevant Real Servers. Multiple excluded domains can be specified by using a space-separated list. |
AltDomains | S | unset |
| Specify alternative domains to be assigned to a Virtual Service when configuring multi-domain authentication. To specify multiple alternative domains, use a space separated list. |
| SameSite | I | 0 – System Default 1 – SameSite=None 2 - SameSite=LAX 3 - SameSite=Strict 4 - SameSite Option Not Added | Allows the SameSite attribute to be explicitly specified for cookies used by LoadMaster Edge Security Pack. This influences the way browsers will use cookies across sites. | |
UserPwdChangeURL | S | unset |
| This is relevant when using form-based LDAP authentication. Specify the URL that users can use to change their password. If a user’s password has expired, or if they must reset their password, this URL and the UserPwdChangeMsg is displayed on the login form. This URL must be put into the exception list for authentication, if required. |
UserPwdChangeMsg | S | unset |
| This parameter is only relevant if the UserPwdChangeURL parameter is set. Specify the text to be displayed on the login form when the user must reset their password. |
| UserPwdExpiryWarn | B | 0 - Disabled | 0 - Disabled 1 - Enabled | By default, SSO users are notified about the number of days before they must change their password. If you disable this option, the password expiry notification will not appear on the login forms. This parameter is only relevant if the InputAuthMode is set to Form Based (2) and the UserPwdChangeURL is set. The language of the warning text is based on the SSO Image Set that is selected (English, French, or Portuguese). |
| UserPwdExpiryWarnDays | Integer | 15 | 1 - 30 | Specify the number of days to show the warning before the password is expired. This parameter is only relevant if the InputAuthMode is set to Form Based (2) and the UserPwdChangeURL is set. |
The table below provides details about the Real Server settings of a Virtual Service.
\nName | Type | Default | Range | Description |
CheckType | S | tcp | The default value is dependent on the Virtual Service port. The list of values is: icmp https http tcp smtp nntp ftp telnet pop3 imap rdp bdata ldap none | Specify which protocol is to be used to check the health of the Real Server. |
LdapEndpoint | S | unset | An existing endpoint name | Specify the name of an LDAP endpoint to use for the health checks. If LDAP is selected as the CheckType, the server IP address (or addresses) and ports from the LDAP endpoint configuration are used instead of the Real Server IP address and port. For further information on LDAP endpoints, refer to the LDAP Configuration section. |
CheckHost | A | unset |
| The CheckUse1.1 parameter must be enabled to set the CheckHost value. When using HTTP/1.1 checking, the Real Servers require a Hostname be supplied in each request. If no value is set then this value is the IP address of the Virtual Service. |
CheckPattern | S | unset |
| When the CheckType is set to http or https - this corresponds to the Reply 200 Pattern in the WUI. This parameter only applies when the HTTP Method is set to GET or POST. When the CheckType is set to bdata: Specify the hexadecimal string which will be searched for in the response. Specify an empty value to unset CheckPattern. |
CheckUrl | S | unset |
| When the CheckType is set to http or https - by default, the health checker tries to access the URL / to determine if the machine is available. A different URL can be set in the CheckUrl parameter. When the CheckType is set to bdata: Specify a hexadecimal string to send to the Real Server. The maximum character length for the CheckUrl parameter value is 126 characters. |
CheckCodes | S | unset | 300-599 | A space-separated list of HTTP status codes that should be treated as successful when received from the Real Server. |
CheckHeaders | S | unset |
| Specify up to four additional headers/fields which will be sent with each health check request. Separate the pairs with a pipe, for example; Host:xyc|UserAgent:prq. |
MatchLen | S | 0 | 0-8000 | This parameter is only relevant when the CheckType is set to bdata. Specify the number of bytes to find the CheckPattern within. |
CheckUse1.1 | B | 0 - Disabled | 0 – Disabled 1 - Enabled | By default, the health checker uses HTTP/1.0 when checking the Real Server status. Enabling CheckUse1.1 means HTTP/1.1 is used (which is more efficient). Optimization only works on HTTP (not HTTPS) connections. |
CheckPort | I | unset | 3-65530 | The port to be checked. If a port is not specified, the Real Server port is used. Specify 0 to unset CheckPort. |
NumberOfRSs | I (Read only) | unset |
| This displays the number of Real Servers that are assigned to the Virtual Service. |
NRules | I (Read only) | unset |
| This displays the number of rules assigned to a Real Server when content switching is enabled. |
RuleList | List(Read only) |
|
| A list of content rules assigned to the Real Servers. |
CheckUseGet | I | N | 0 - HEAD 1 - GET 2 - POST 3 - OPTIONS | When accessing the URL - the system can use the HEAD, the GET, the POST, or the OPTIONS method. |
ExtraHdrKey | S | unset |
| Specify the key for the extra header to be inserted into every request sent to the Real Servers. |
ExtraHdrValue | S | unset |
| Specify the value for the extra header to be inserted into every request sent to the Real Servers. |
CreateSubVS |
| unset |
| This parameter can be used to create a SubVS within a Virtual Service. This parameter has no value (entering \"createsubvs\": \"\" creates a SubVS). |
SubVS | I (Read Only) |
| 0 – Disabled 1 – Enabled | This parameter displays details of any SubVSes which exist in the Virtual Service. |
CheckPostData | S | unset | Supports up to 2047 characters | This parameter is only relevant if the HTTP Method is set to POST. When using the POST method, up to 2047 characters of POST data can be sent to the server. |
RSRulePrecedence | S | unset |
| This parameter should be used in conjunction with RSRulePrecedencePos. This parameter is used to specify the name of the existing rule whose position you wish to change. |
RSRulePrecedencePos | I | unset |
| This parameter, in conjunction with the RSRulePrecedence parameter, is used to change the position of the rule in a sequence of rules. For example, a position of 2 means the rule will be checked second. |
EnhancedHealthchecks | B | 0 – Disabled | 0 – Disabled 1 – Enabled | Enabling the EnhancedHealthchecks parameter provides an additional health check parameter – RsMinimum. If the EnhancedHealthchecks parameter is disabled, the Virtual Service will be considered available if at least one Real Server is available. If the EnhancedHealthchecks parameter is enabled, you can specify the minimum number of Real Servers which should be available to consider the Virtual Service to be available. |
RsMinimum | Integer | 1 | 1 to the number of Real Servers configured | This parameter can only be set using the modvs command if the EnhancedHealthchecks parameter is enabled. Specify the minimum number of Real Servers required to be available for the Virtual Service to be considered up. If less than the minimum amount of Real Servers are available, a critical log is generated. If some Real Servers are down but it has not reached the minimum amount specified, a warning is logged. If the email options are configured, an email will be sent to the relevant recipients. When retrieving the value of this parameter – 0 is the default value if there are no Real Servers or 1 Real Server in the Virtual Service. However, 1 is always the minimum in reality. |
The table below provides details about some miscellaneous Virtual Service settings.
\nName | Type | Default | Range | Description |
Adaptive | S (Read only) | unset |
| This parameter is read-only and will only be displayed when the Scheduling Method is set to resource-based (adaptive). |
MultiConnect | B | 0 | 0 - Disabled 1 - Enabled | Enabling this option permits the LoadMaster to manage connection handling between the LoadMaster and the Real Servers. Requests from multiple clients will be sent over the same TCP connection. Multiplexing only works for simple HTTP GET operations. This parameter cannot be enabled in certain situations, for example if WAF, ESP or SSL Acceleration is enabled. |
non_local | B | 0 - Disabled | 0 – Disabled 1 – Enabled | By default, only Real Servers on local networks can be assigned to a Virtual Service. Enabling this option will allow a non-local Real Server to be assigned to the Virtual Service. This option will only be available if NonLocalRS has been enabled and the Transparent option has been disabled on the relevant Virtual Service. |
The parameters that can be set using the addvs and modvs commands are described in the sections below. For ease of use, the parameters have been broken into sections based on where the corresponding field appears in the UI.
\n","_postman_id":"f85a3cd7-a2d0-4e19-957a-d0df05eac473"},{"name":"Sub-Virtual Services (SubVSs)","item":[{"name":"Show a SubVS","id":"07cc19f2-b9ec-46e7-bedd-d1c9fb639767","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showvs?vs=4","description":"Display details about a particular SubVS.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","showvs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"4"}],"variable":[]}},"response":[{"id":"4f5ad100-e8a3-44bf-ae4d-ca0c611ed2de","name":"Show a SubVS","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showvs?vs=4","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","showvs"],"query":[{"key":"vs","value":"4"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:25:49 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo create a new SubVS, you use the modvs command (because you are essentially modifying the existing parent Virtual Service) with the createsubvs parameter set to an empty string.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modvs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"8810"},{"key":"prot","value":"tcp"},{"key":"createsubvs","value":""}],"variable":[]}},"response":[{"id":"88014bf7-b8c9-4d5e-bad2-58fd94291482","name":"Add a SubVS (using the IP Address, Port, and Protocol of the parent Virtual Service)","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modvs?vs=InsertVirtualServiceIPAddress&port=8810&prot=tcp&createsubvs=","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modvs"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"8810"},{"key":"prot","value":"tcp"},{"key":"createsubvs","value":""}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:27:17 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nFrequently adding or deleting Real Servers or SubVSs at a high velocity is not the recommended best practice. If you need to modify parameters, use the modrs command. If you need to constantly modify Real Server IP addresses, moving to FQDNs (rather than IP addresses) is the recommended best practice.
\n
To create a new SubVS, you use the modvs command (because you are essentially modifying the existing parent Virtual Service) with the createsubvs parameter set to an empty string.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modvs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"2"},{"key":"createsubvs","value":""}],"variable":[]}},"response":[{"id":"140ef586-9db3-4749-a686-cd06fb2f89c7","name":"Add a SubVS (using the ID of the parent Virtual Service)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modvs?vs=2&createsubvs=","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modvs"],"query":[{"key":"vs","value":"2"},{"key":"createsubvs","value":""}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:28:26 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nFrequently adding or deleting Real Servers or SubVSs at a high velocity is not the recommended best practice. If you need to modify parameters, use the modrs command. If you need to constantly modify Real Server IP addresses, moving to FQDNs (rather than IP addresses) is the recommended best practice.
\n
Configure the SubVS settings. Most of the SubVS parameters are the same as the parent Virtual Service parameters. For details, refer to the Virtual Service Parameters section.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modvs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"2"},{"key":"persist","value":"super"}],"variable":[]}},"response":[{"id":"223e4e68-6893-4ba3-8fe2-c536d85f5658","name":"Modify a SubVS","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modvs?vs=2&persist=super","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modvs"],"query":[{"key":"vs","value":"2"},{"key":"persist","value":"super"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:29:23 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nFrequently adding or deleting Real Servers or SubVSs at a high velocity is not the recommended best practice. If you need to modify parameters, use the modrs command. If you need to constantly modify Real Server IP addresses, moving to FQDNs (rather than IP addresses) is the recommended best practice.
\n
To duplicate a SubVS, run the dupvs command and specify the VSIndex number of the SubVs.
\n\n\nThe vs parameter value in this case should be set to an integer. You can retrieve the VSIndex of the SubVS by running the listvs command.
\n
\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","dupvs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"4"}],"variable":[]}},"response":[{"id":"7fe43603-adb5-4496-9c56-d363bd5132db","name":"Duplicate a SubVS","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/dupvs?vs=4","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","dupvs"],"query":[{"key":"vs","value":"4"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:30:59 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nNote: This command is not supported in the LTSF LoadMaster version yet.
\n
Specify the ID number of the SubVS to delete.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delvs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"4"}],"variable":[]}},"response":[{"id":"f86ff3f9-ab32-429b-919c-35ea580040a6","name":"Delete a SubVS","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delvs?vs=4","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delvs"],"query":[{"key":"vs","value":"4"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:32:04 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nFrequently adding or deleting Real Servers or SubVSs at a high velocity is not the recommended best practice. If you need to modify parameters, use the modrs command. If you need to constantly modify Real Server IP addresses, moving to FQDNs (rather than IP addresses) is the recommended best practice.
\n
To add a Real Server to a SubVS, specify the SubVS ID in the vs parameter.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addrs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"2"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"80"}],"variable":[]}},"response":[{"id":"f9005120-1ada-4442-9c58-fdfb3a5a0626","name":"Add a Real Server to a SubVS","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addrs?vs=2&rs=InsertRealServerIPAddress&rsport=80","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addrs"],"query":[{"key":"vs","value":"2"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"80"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:36:35 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete a Real Server from a SubVS, specify the SubVS ID in the vs parameter and the Real Server ID preceded by %21 in the rs parameter.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delrs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"2"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"80"}],"variable":[]}},"response":[{"id":"59f29886-f6d5-45a1-a822-42929be23456","name":"Delete a Real Server from a SubVS","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delrs?vs=2&rs=InsertRealServerIPAddress&rsport=80","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delrs"],"query":[{"key":"vs","value":"2"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"80"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:38:25 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe Virtual Service commands can be used on SubVSs also. However, because SubVSs do not have IP addresses, the SubVS index must be used. The SubVS index can be found using the listvs command.
\nAlternatively, check the ID of the SubVS on the SubVS modify screen, for example:\nProperties for subVS 1 (Id:8).
\n","_postman_id":"e600e407-b221-4817-8a97-e39ef955f151"},{"name":"Manage Templates","item":[{"name":"Export a Virtual Service as a Template","id":"1a7b8e59-18cc-4424-9e37-1c9121780447","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/exportvstmplt?vs=InsertVirtualServiceIPAddress&port=8810&prot=tcp","description":"An existing Virtual Service can be exported as a template by running the exportvstmplt command.
\nThe Virtual Service index can also be entered for the vs parameter (and then the other parameters are then not needed). To retrieve the Virtual Service ID, run the listvs command. For further information, refer to the List All Virtual Services section.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","exportvstmplt"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"8810"},{"key":"prot","value":"tcp"}],"variable":[]}},"response":[{"id":"13fe95a4-4d9d-43a3-92be-c957d468c889","name":"Export a Virtual Service as a Template","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/exportvstmplt?vs=InsertVirtualServiceIPAddress&port=8810&prot=tcp","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","exportvstmplt"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"8810"},{"key":"prot","value":"tcp"}]}},"status":"OK","code":200,"_postman_previewlanguage":"plain","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:40:59 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/plain; charset=us-ascii"},{"key":"Content-Disposition","value":"attachment; filename=\"PASOE-HTTP-JSESSIONID_Cookie.txt\""}],"cookie":[],"responseTime":null,"body":"%TYPE% VS\r\n%NAME% Template generated from PASOE-HTTP-JSESSIONID_Cookie\r\n%COMMENT% Generated by vipdump $Revision: 22463 $\r\n%PORT% 8810\r\n%PROT% tcp\r\n%TVERSION% 3\r\n\r\nvip tcp/%VIP%+%PORT%\r\nname \"%REALNAME%\"\r\nmtype \"http\"\r\ntransparent\r\nforcel7\r\ncookie \"JSESSIONID\"\r\nhealthcheck \"http\"\r\npersist \"super\"\r\nschedule \"lc\"\r\nptimeout 360\r\nuseget 1\r\ncheckport 8810\r\nexit\r\n"}],"_postman_id":"1a7b8e59-18cc-4424-9e37-1c9121780447"},{"name":"Upload a Template","id":"a77df504-8147-4428-8ce0-2a565c99ae21","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/Users/lbarry/Downloads/pasoe.tmpl"}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/uploadtemplate?=","description":"You can upload a template by running the uploadtemplate command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","uploadtemplate"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"","value":""}],"variable":[]}},"response":[{"id":"da878129-a619-4710-b7d5-fd1318e29312","name":"Upload a Template","originalRequest":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/Users/lbarry/Downloads/pasoe.tmpl"}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/uploadtemplate?","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","uploadtemplate"],"query":[{"key":"","value":null}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:45:12 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nIf a command requires binary data (file uploads), this data must be passed in the \"data\" string and be base64-encoded.
\n
To display a list of the templates that exist on the LoadMaster, run the listtemplates command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","listtemplates"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"487c9174-4456-4bf7-9b81-8a0873d76d4c","name":"Display a List of Installed Templates","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listtemplates"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:45:54 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete a template from the LoadMaster, run the deltemplate command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","deltemplate"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"PASOE-HTTP-JSESSIONID_Cookie"}],"variable":[]}},"response":[{"id":"1c815453-7503-4bce-b0c0-b4e1fd146245","name":"Delete a Template","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/deltemplate?name=PASOE-HTTP-JSESSIONID_Cookie","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","deltemplate"],"query":[{"key":"name","value":"PASOE-HTTP-JSESSIONID_Cookie"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:46:43 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRefer to the sections below for command examples relating to Virtual Service template management.
\n","_postman_id":"d38c1005-52b7-4c6d-a475-dddce6c0fa4d"},{"name":"Manage SSO","item":[{"name":"SSO Domain Management","item":[{"name":"Retrieve the Value of the kcdciphersha1 Parameter","id":"fad4f815-5a94-4355-a792-c7de870b043d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/get?param=kcdciphersha1","description":"When the kcdciphersha1 parameter is enabled, the AES256 SHA1 KCD cipher is used (by default the RC4 cipher is used).\nTo retrieve the value of the kcdciphersha1 parameter, run the get command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","get"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"param","value":"kcdciphersha1"}],"variable":[]}},"response":[{"id":"3d14145f-1643-4715-9314-e9d23870fa93","name":"Retrieve the Value of the kcdciphersha1 Parameter","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/get?param=kcdciphersha1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","get"],"query":[{"key":"param","value":"kcdciphersha1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:47:33 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo enable or disable the kcdciphersha1 parameter, run the set command.
\nAfter changing the value of the kcdciphersha1 parameter, you can run the logging.ssoflush command to flush the SSO authentication cache.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","set"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"param","value":"kcdciphersha1"},{"key":"value","value":"1"}],"variable":[]}},"response":[{"id":"eeddbf04-e755-43dd-9d39-841e9fa81932","name":"Enable/Disable the kcdciphersha1 Parameter","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/set?param=kcdciphersha1&value=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","set"],"query":[{"key":"param","value":"kcdciphersha1"},{"key":"value","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:48:24 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo show details of all domains, run the showdomain command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","showdomain"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"9c6b01a7-05ab-4b5b-adf8-3af4cebf22c1","name":"Show Details of All SSO Domains","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showdomain"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:49:17 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo add a domain, run the adddomain command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","adddomain"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"domain","value":"example2.com"}],"variable":[]}},"response":[{"id":"ce2fcad5-6146-4410-ac8e-63b5298aac3e","name":"Add an SSO Domain","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/adddomain?domain=example2.com","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","adddomain"],"query":[{"key":"domain","value":"example2.com"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:50:14 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can specify up to 64 characters in the domain parameter. The maximum number of SSO domains that are allowed is 128.
\n
To modify an SSO domain, run the moddomain command.
\nThe moddomain command accepts the following additional (optional) parameters:
\nName | Type | Default | Range | Additional Information |
auth_type | S | LDAP-StartTLS | LDAP-Unencrypted LDAP-StartTLS LDAP-LDAPS RADIUS RSA-SECURID KCD Certificates RADIUS and LDAP-Unencrypted RADIUS and LDAP-StartTLS RADIUS and LDAP-LDAPS RSA-SECURID and LDAP-Unencrypted RSA-SECURID and LDAP-StartTLS RSA-SECURID and LDAP-LDAPS OIDC-OAUTH | Specify the transport protocol used to communicate with the authentication server. |
ldap_endpoint | S | None | The name of an existing LDAP endpoint | Specify the LDAP endpoint to use. For further information on LDAP endpoints, refer to theLDAP Configurationsection. |
radius_shared_secret | S (masked) | unset |
| The shared secret to use between the RADIUS server and the LoadMaster. |
| radius_send_nas_id | B | 0 - Disabled | 0 - Disabled 1 - Enabled | If this parameter is disabled (default), a NAS identifier is not sent to the RADIUS server. If it is enabled, a Network Access Server (NAS) identifier string is sent to the RADIUS server. By default, this is the hostname. Alternatively, if a value is specified in the radius_nas_id parameter, this value is used as the NAS identifier. If the NAS identifier cannot be added, the RADIUS access request is still processed. This field is only available if the auth_type is set to a RADIUS option. |
| radius_nas_id | S | The hostname | If the radius_send_nas_id parameter is enabled, the radius_nas_id parameter is relevant. When specified, this value is used as the NAS identifier. Otherwise, the hostname is used as the NAS identifier. If the NAS identifier cannot be added, the RADIUS access request is still processed. This parameter is only relevant if the auth_type is set to a RADIUS option and the radius_send_nas_id parameter is enabled. | |
logon_fmt | S | Principalname | not specified Principalname Username Username only | Specify the logon string format used to authenticate to the LDAP/RADIUS server. The Username only value is only available if the auth_type is set to a RADIUS or RSA-SecurID protocol. The Username value is not available if the auth_type is set to RADIUS or a RADIUS and LDAP protocol. |
logon_fmt2 | S | Principalname | Not specified Principalname Username | Specify the logon string format used to authenticate to the server. |
logon_domain | S | unset |
| This parameter corresponds with the Domain/Realm field in the WUI. The login domain to be used. This is also used with logon format to construct the normalized user name, for example: Principalname: @ Username: \\ |
logon_transcode | B | 0 | 0 - Disabled 1 - Enabled | Enable or disable the transcode of logon credentials from ISO-8859-1 to UTF-8, when required. |
| user_acc_control | I | 0 | 0-300 | Specify the range in which periodic User Access Control (UAC) checks are performed. When an interval value is specified in the range of 1 to 300 minutes, the periodic UAC check is performed per user for the requests received after the interval expiry. If the interval value is set to 0 minutes, then the UAC check is not performed. |
max_failed_auths | I | 0 | 0-999 | The maximum number of failed login attempts before the user is locked out. 0 – Never lock out. |
sess_tout_idle_pub | I | 900 | 60-604800 | The session idle timeout value in seconds. This value is used in a public environment. |
sess_tout_duration_pub | I | 1800 | 60-604800 | The maximum duration timeout value for the session in seconds. This value is used in a public environment. |
sess_tout_idle_priv | I | 900 | 60-604800 | The session idle timeout value in seconds. This value is used in a private environment. |
sess_tout_duration_priv | I | 2800 | 60-604800 | The maximum duration timeout value for the session in seconds. This value is used in a private environment. |
sess_tout_type | S | idle time | idle time max duration | Specify the type of session timeout to be used. |
testuser | S | unset |
| The username that will be used to check the authentication server(s), if you are not using an LDAP endpoint. |
testpass | S (masked) | unset |
| The password of the user that is used to check the authentication server(s), if you are not using an LDAP endpoint. |
reset_fail_tout | I | 60 | 60-86400 | The number of seconds that must elapse before the Failed Login Attempts counter is reset to 0. This value must be less than the unblock_tout. |
unblock_tout | I | 1800 | 60-86400 | The timeout value (in seconds) before a blocked account is automatically unblocked. This must be greater than the reset_fail_tout value. |
server | S | unset |
| The address(s) of the server(s) that are to be used to validate this domain. IPv6 is not supported for RADIUS authentication. |
server2 | A | unset | Valid IP address | When using dual factor authentication, use the server parameter to set the address of the RADIUS server(s) and use the server2 parameter to set the address of the LDAP server(s). |
kerberos_domain | S | unset |
| The Kerberos Realm |
kerberos_kdc | S | unset |
| The Kerberos Key Distribution Center |
kcd_username | S | unset |
| The kcd_username should not contain double or single quotes. |
kcd_password | S | unset |
| The kcd_password should not contain double or single quotes. |
ldap_admin | S | unset |
| This, along with the ldap_password, is used to log in to the database to check if the user from the certificate exists. |
ldap_password | S | unset |
| This, along with the ldap_admin, is used to log in to the database to check if the user from the certificate exists. |
cert_check_asi | B | 0 - Disabled | 0 - Disabled 1 - Enabled | This option is only available when the Authentication Protocol is set to Certificates. When this option is enabled - in addition to checking the validity of the client certificate, the client certificate will also be checked against the altSecurityIdentities (ASI) attribute of the user on the Active Directory. |
cert_check_cn | B | 0 - Disabled | 0 - Disabled 1 - Disabled | Enabling this parameter allows a fallback to check the Common Name (CN) in the certificate when the SAN is not available. |
server_side | B | Y – Outbound KCD SSO domain | Y = Outbound KCD SSO domain N = Inbound configuration | Specify whether the configuration is inbound or outbound. |
idp_entity_id | S | unset |
| Specify the Identity Service Provider (IdP) Entity ID. This is relevant when using SAML. The maximum number of characters permitted in this field is 255. |
idp_sso_url | S | unset |
| Specify the IdP Single Sign On (SSO) URL. This is relevant when using SAML. |
Idp_logoff_url | S | unset |
| Specify the IdP Logoff URL. This is relevant when using SAML. The maximum number of characters permitted in this field is 255. |
idp_cert | S | unset |
| Specify the IdP certificate to use for verification processing. |
| idp_match_cert | B | 0 - Disabled | 0 - Disabled 1 - Enabled | If this option is enabled, the IdP certificate assigned must match the certificate in the IdP SAML response. |
sp_entity_id | S | unset |
| Relevant when using SAML - the Service Provider (SP) entity ID is an identifier that is shared to enable the IdP to understand, accept and have knowledge of the entity when request messages are sent from the LoadMaster. This must correlate to the identifier of the relying party on the AD FS server. The maximum number of characters permitted in this field is 255. |
sp_cert | S | unset |
| It is optional to sign requests that are sent in the context of logon. Currently, the LoadMaster does not sign those requests. In the context of log off requests – it is mandatory and these requests must be signed. This is to avoid any spoofing and to provide extra security in relation to log off functionality. This ensures that users are not being hacked and not being logged off unnecessarily. In the sp_cert parameter, you can choose to use a self-signed certificate to perform the signing. To specify a self-signed certificate, set sp_cert to useselfsigned. By default, sp_cert is set to useselfsigned. |
| ldapephc | B | 1 - Enabled | 0 - Disabled 1 - Enabled | Enable this parameter to use the LDAP endpoint admin username and password for the health check. |
| oidc_app_id | S | unset | Add the Application (client) ID of the application. The maximum number of characters permitted in this field is 255. | |
| oidc_redirect_uri | S | unset | Specify the redirect Uniform Resource Identifier (URI) or URIs (reply URLs). You can enter multiple URIs separated by a space. A maximum of 255 characters can be specified for the oidc_redirect_uri parameter. Once a value is set for this parameter, you cannot unset it. | |
| oidc_auth_ep_url | S | unset | Specify the authorization end point URL of the application. Ensure to use the correct URL format. The maximum number of characters permitted in this field is 255. | |
| oidc_token_ep_url | S | unset | Specify the token end point URL of the application. Ensure to use the correct URL format. The maximum number of characters permitted in this field is 255. | |
| oidc_logoff_url | S | unset | Specify the logoff URL of the application. Ensure to use the correct URL format. The maximum number of characters permitted in this field is 255. | |
| oidc_secret | S | unset | Specify the OIDC application secret of the application. |
To show details for a particular SSO domain, run the showdomain command and specify the domain.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","showdomain"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"domain","value":"example.com"}],"variable":[]}},"response":[{"id":"acfddbdb-465f-4e52-adf0-357c4cbac081","name":"Show Details of a Specific SSO Domain","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showdomain?domain=example.com","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","showdomain"],"query":[{"key":"domain","value":"example.com"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:52:08 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete an existing SSO domain, run the deldomain command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","deldomain"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"domain","value":"example.com"}],"variable":[]}},"response":[{"id":"aa3f0a6a-76ec-4e96-a9a8-4c1adabd7fdb","name":"Delete an SSO Domain","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/deldomain?domain=example.com","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","deldomain"],"query":[{"key":"domain","value":"example.com"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:52:46 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo display the locked users, run the showdomainlockedusers command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","showdomainlockedusers"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"aadba3ec-b3bf-49fb-bacf-f02d5b2c1039","name":"Show Locked Users","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showdomainlockedusers"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:53:34 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo unlock specified users, run the unlockdomainusers command.
\nYou can either use the domain or domainid parameter to specify the relevant domain.
\nYou can find the domain ID in the response of the showdomainlockedusers command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","unlockdomainusers"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"domain","value":"example2.com"},{"key":"users","value":"ExampleUser"}],"variable":[]}},"response":[{"id":"67324c0f-1544-4c18-8907-5c9890df5b42","name":"Unlock Users","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/unlockdomainusers?domain=example2.com&users=ExampleUser","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","unlockdomainusers"],"query":[{"key":"domain","value":"example2.com"},{"key":"users","value":"ExampleUser"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 15:57:07 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nIf using RSA-SecurID as the Authentication Protocol, files need to be uploaded to the LoadMaster for the authentication to work.
To upload the RSA Authentication Manager Config File, run the setrsaconfig command.
To upload the RSA Node Secret File, run the setrsanodesecret command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","setrsanodesecret"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"rsanspwd","value":"\"\""}],"variable":[]}},"response":[{"id":"2213a1b8-02ac-413f-9457-90b57f65c58a","name":"Upload RSA Node Secret File","originalRequest":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/Users/lbarry/OneDrive - Progress Software Corporation/documentation updates/RSA SecurID two factor authentication/lm60_NodeSecret.zip"}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setrsanodesecret?rsanspwd=\"\"","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","setrsanodesecret"],"query":[{"key":"rsanspwd","value":"\"\""}]}},"status":"Unprocessable Entity (WebDAV) (RFC 4918)","code":422,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 15:27:29 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe uploadsamlidpmd command is used to upload an IdP metadata file. This simplifies the configuration of the IdP attributes, including the IdP Entity ID, IdP SSO URL, and IdP Logoff URL. The metadata file can be downloaded from the IdP. To upload an IdP metadata file, run the uploadsamlidpmd command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","uploadsamlidpmd"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"domain","value":"example2.com"}],"variable":[]}},"response":[{"id":"a12f1c63-b5a4-4cb7-b3d8-1261491cea00","name":"Upload an Identity Provider (IdP) Metadata File","originalRequest":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/Users/lbarry/OneDrive - Progress Software Corporation/documentation updates/SAML/SAML-Metadata.xml"}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/uploadsamlidpmd?domain=example2.com","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","uploadsamlidpmd"],"query":[{"key":"domain","value":"example2.com"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 15:29:26 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nIf using SAML and a self-signed certificate, the downloadsamlspcert command is used to download the certificate from the LoadMaster. This certificate must be installed on the IdP server (for example AD FS) to be added to the relying party signature.
\nThe AD FS server requires this certificate for use of the public key to verify the signatures that the LoadMaster generates.
\nTo download the certificate, run the downloadsamlspcert command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","downloadsamlspcert"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"domain","value":"example2.com"}],"variable":[]}},"response":[{"id":"be79ed2f-7df5-4bd2-b455-dd46449db533","name":"Download the Service Provider Certificate","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/downloadsamlspcert?domain=example2.com","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","downloadsamlspcert"],"query":[{"key":"domain","value":"example2.com"}]}},"status":"OK","code":200,"_postman_previewlanguage":"raw","header":[{"key":"Date","value":"Thu, 15 Aug 2024 15:07:14 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"application/octet-stream"},{"key":"Content-Disposition","value":"inline; filename=\"EXAMPLE\""}],"cookie":[],"responseTime":null,"body":"To save the file, in Postman - go to the Body of the response, click the three dots on the right, and click Save response to file."}],"_postman_id":"35bd32ab-3880-4384-b53f-8e3654ac6d86"}],"id":"39f08086-de9b-4330-a536-40ff18b32b36","description":"The sections below provide details on SSO domain management.
\n","_postman_id":"39f08086-de9b-4330-a536-40ff18b32b36"},{"name":"SSO Sessions","item":[{"name":"List All Open Sessions for a Specific SSO Domain","id":"a84bc747-bbe4-48e5-90e0-311f4b9dcace","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/ssodomain/queryall?domain=example2.com","description":"To retrieve a list of all open sessions for a specific SSO domain, run the ssodomain/queryall command.
\nThis returns the number of active user and cookie sessions.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","ssodomain","queryall"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"domain","value":"example2.com"}],"variable":[]}},"response":[{"id":"e53cb712-2ade-416a-aae2-181c655d4faf","name":"List All Open Sessions for a Specific SSO Domain","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/ssodomain/queryall?domain=example2.com","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","ssodomain","queryall"],"query":[{"key":"domain","value":"example2.com"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 15:32:44 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe queryall command returns the number of UserSessions and CookieSessions. The SSO sessions for Basic Authentication, Client Certificate, and Form Based authentication types are counted as UserSessions. For Form Based authentication, the same session is also counted as a cookie session. SAML SSO sessions are counted as CookieSessions only.
\n
To filter the list of open sessions by user, run the ssodomain/search command and specify the user.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","ssodomain","search"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"domain","value":"example2.com"},{"key":"user","value":"ExampleUser"}],"variable":[]}},"response":[{"id":"f90d9f1b-2816-49b0-938f-8c09555b87f8","name":"Filter the List of Open Sessions by User","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/ssodomain/search?domain=example2.com&user=ExampleUser","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","ssodomain","search"],"query":[{"key":"domain","value":"example2.com"},{"key":"user","value":"ExampleUser"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 15:35:33 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe match is based on a substring of the username and is not exact.
\n
The user parameter is not case sensitive.
To return sessions within a particular range, run the querysessions command.
\nThis returns sessions in sequence, as they appear in the cache.
\nIf you do not specify the startsession and endsession parameters, the first 1000 sessions display.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","ssodomain","querysessions"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"domain","value":"example2.com"},{"key":"user","value":"ExampleUser"},{"key":"startsession","value":"1"},{"key":"endsession","value":"1000"}],"variable":[]}},"response":[{"id":"414c54a2-3490-45a0-a329-d080a1e12a82","name":"Return Sessions with a Particular Range","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/ssodomain/querysessions?domain=example2.com&user=ExampleUser&startsession=1&endsession=1000","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","ssodomain","querysessions"],"query":[{"key":"domain","value":"example2.com"},{"key":"user","value":"ExampleUser"},{"key":"startsession","value":"1"},{"key":"endsession","value":"1000"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 15:36:39 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe maximum number of SSO sessions that can be returned in a single querysessions API call is limited to 1000. If the maximum number of SSO sessions exceeds 1000, you must use multiple querysessions API calls.
\n
To kill a particular session, run the killsession command.
\nFor the key parameter, you can either specify the Cookie or Username,SourceIPAddress.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","ssodomain","killsession"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"domain","value":"example2.com"},{"key":"key","value":"InsertCookie"}],"variable":[]}},"response":[{"id":"312db847-b85b-41b3-b889-be13e1b71b3a","name":"Kill an SSO Session","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/ssodomain/killsession?domain=example2.com&key=InsertCookie","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","ssodomain","killsession"],"query":[{"key":"domain","value":"example2.com"},{"key":"key","value":"InsertCookie"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 15:37:32 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo kill all open sessions for a particular domain, run the killallsessions command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","ssodomain","killallsessions"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"domain","value":"example2.com"}],"variable":[]}},"response":[{"id":"71eafca8-5dbf-4831-b47b-1a5767eeb169","name":"Kill all Open Sessions for a Specific SSO Domain","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/ssodomain/killallsessions?domain=example2.com","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","ssodomain","killallsessions"],"query":[{"key":"domain","value":"example2.com"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 15:39:16 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe commands in this section relate to the open SSO sessions.
\n","_postman_id":"d2e2b29b-45ab-41cb-a1ec-ac37aaaa5294"},{"name":"Custom SSO Image Sets","item":[{"name":"List Custom SSO Image Sets","id":"82404df6-d4c9-4da9-94a8-c7ce72864863","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listssoimages","description":"To list the existing custom SSO image sets, run the listssoimages command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","listssoimages"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"1e29dd7e-7813-40a6-9cdc-3742e0bb407f","name":"List Custom SSO Image Sets","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listssoimages"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 15:41:18 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo upload an SSO image set, use the ssoimages command.
\n\n\nIf a command requires binary data (file uploads), this data must be passed in the \"data\" string and be base64-encoded.
\n
The custom SSO image set must be in the format of a .tar file. A template tar file is available from the Support site: Single Sign-On Custom Images. This can then be modified to gain the desired look and feel. For further information, please refer to the Custom Authentication Form, Technical Note.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","ssoimages"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"bf2ce924-2341-4bbe-a75f-6e14f96a9f7e","name":"Upload a Custom SSO Image Set","originalRequest":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/Users/lbarry/OneDrive - Progress Software Corporation/documentation updates/Custom Auth Form/ExampleImageSet.tar"}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/ssoimages"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 15:43:14 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"shell-init","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"job-working-directory","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"job-working-directory","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"job-working-directory","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"job-working-directory","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"job-working-directory","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"job-working-directory","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"job-working-directory","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"job-working-directory","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"job-working-directory","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"job-working-directory","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"job-working-directory","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"job-working-directory","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"job-working-directory","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"job-working-directory","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete a custom SSO image set, run the delssoimage command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delssoimage"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"ExampleImageSet"}],"variable":[]}},"response":[{"id":"f77cadf0-e514-4981-a5df-4899ad2cd974","name":"Delete a Custom SSO Image Set","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delssoimage?name=ExampleImageSet","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delssoimage"],"query":[{"key":"name","value":"ExampleImageSet"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 15:44:17 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nCustom SSO image sets can be managed by using the commands detailed in the sections below.
\n","_postman_id":"543531e3-d378-4ce2-98c9-ac6e1b7cbf6a"}],"id":"0d255795-aba2-4ea5-b591-705cfe9afe4f","description":"Refer to the sections below for details about commands relating to Edge Security Pack (ESP) Single Sign On (SSO) domains.
\n","_postman_id":"0d255795-aba2-4ea5-b591-705cfe9afe4f"},{"name":"Cache Configuration","item":[{"name":"Specify a File Extension to Not Cache","id":"282030e2-50f6-4542-af1e-790c518b906e","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addnocache?param=.jpg","description":"You can add a file extension to the list of file extensions that should not be cached by using the addnocache command.
\nThe FileExtension string must begin with a “.”.
\nRelated parameters that can be managed using get and set commands are detailed in the following table. Refer to the Using get and set commands section for details on the get and set commands.
\nName | Type | Range | Description |
cachesize | I | 1-409 | Specifies the cache size. |
hostcache | B | 0 - Disabled 1 – Enabled | Enable or disable using the host cache. |
You can delete a file extension from the list of file extensions that should not be cached by using the delnocache command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delnocache"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"param","value":".jpg"}],"variable":[]}},"response":[{"id":"4e4621fc-cdf2-4cea-8f87-0755b5b200bb","name":"Remove a File Extension from the No Cache List","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delnocache?param=.jpg","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delnocache"],"query":[{"key":"param","value":".jpg"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 01 Aug 2024 15:10:11 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe sections below relate to the Cache Configuration. You can find these options in the LoadMaster UI in the following locations:
\n- \n
GA: Virtual Services > Cache Configuration
\n \nLTSF: System Configuration > Miscellaneous Options > AFE Configuration
\n \n
You can add a file extension to the list of file extensions that should not be compressed by using the addnocompress command.
\nThe FileExtension string must begin with a “.”.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addnocompress"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"param","value":".jpg"}],"variable":[]}},"response":[{"id":"67f54f85-a810-4382-93fc-76486bc56d23","name":"Specify a File Extension to Not Compress","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addnocompress?param=.jpg","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addnocompress"],"query":[{"key":"param","value":".jpg"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 01 Aug 2024 15:11:04 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete a file extension from the list of file extensions that should not be compressed by using the delnocompress command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delnocompress"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"param","value":".jpg"}],"variable":[]}},"response":[{"id":"b63f5e24-e160-4bbe-a536-bc96c9b4f63d","name":"Remove a File Extension from the No Compression List","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delnocompress?param=.jpg","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delnocompress"],"query":[{"key":"param","value":".jpg"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 01 Aug 2024 15:11:49 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe sections below relate to the Compression Options. You can find these options in the LoadMaster UI in the following locations:
\n- \n
GA: Virtual Services > Compression Options
\n \nLTSF: System Configuration > Miscellaneous Options > AFE Configuration
\n \n
To upload a Kube config file to the LoadMaster, run the addlmingressk8sconf command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addlmingressk8sconf"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"b1605e3f-1764-4fd8-9ae3-f414d79e4c5a","name":"Upload a Kube Config File","originalRequest":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/Users/lbarry/OneDrive - Progress Software Corporation/documentation updates/Kubernetes/Kubeconfig"}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addlmingressk8sconf"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:24:45 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"mv","value":"failed to preserve ownership for '/one4net/k8s/config.cc': Operation not permitted"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete the existing Kube config file from the LoadMaster, run the dellmingressk8sconf command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","dellmingressk8sconf"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"09fe66ba-3383-46f4-83d5-015964c88330","name":"Delete the Kube Config File","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/dellmingressk8sconf"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:25:25 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo list the contexts in the Kube config file that is installed on the LoadMaster, run the showlmingressk8sconf command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","showlmingressk8sconf"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"04572e7f-b86c-4eb5-873a-03925beac126","name":"List the Contexts in the Kube Config File","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showlmingressk8sconf"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:26:09 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo check what Operations Mode is currently selected, run the getlmingressmode command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","getlmingressmode"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"b68346b4-9df1-4edb-ba54-639446d6e923","name":"Check the Operations Mode","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/getlmingressmode"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:26:49 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo set the Operations Mode, run the setlmingressmode command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","setlmingressmode"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"mode","value":"Ingress"}],"variable":[]}},"response":[{"id":"8f8e2bbd-8e6a-4ebf-8039-077c5041c069","name":"Set the Operations Mode","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setlmingressmode?mode=Ingress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","setlmingressmode"],"query":[{"key":"mode","value":"Ingress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:27:41 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo check what namespace is currently being watched, run the getlmingressnamespace command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","getlmingressnamespace"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"9b1e0011-a60f-4ae4-bd20-6cc05a634cca","name":"Check the Namespace being Watched","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/getlmingressnamespace"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:28:19 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo set the Namespace to Watch, run the setlmingressnamespace command.
\nYou can only filter on either a single name space or all name spaces. There is no capability to select multiple name spaces at this time.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","setlmingressnamespace"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"namespace","value":"default"}],"variable":[]}},"response":[{"id":"93667896-024c-4e93-bddd-f7d28bb4af5c","name":"Set the Namespace to Watch","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setlmingressnamespace?namespace=default","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","setlmingressnamespace"],"query":[{"key":"namespace","value":"default"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:29:31 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo check the current LMingress Watch Timeout (in seconds), run the getlmingresswatchtimeout command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","getlmingresswatchtimeout"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"af80cbf0-b6f5-4847-bf03-c3a6d7772943","name":"Check the Watch Timeout","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/getlmingresswatchtimeout"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:31:42 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo set the LMingress Watch Timeout (in seconds), run the setlmingresswatchtimeout command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","setlmingresswatchtimeout"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"watchtimeout","value":"30"}],"variable":[]}},"response":[{"id":"f7d92f80-2745-4e04-9660-c4340ed61ee4","name":"Set the Watch Timeout","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setlmingresswatchtimeout?watchtimeout=30","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","setlmingresswatchtimeout"],"query":[{"key":"watchtimeout","value":"30"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:32:17 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo restart the LoadMaster Ingress Controller, run the restartlmingress command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","restartlmingress"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"df8a7780-95d8-4a90-a426-7273edc534e2","name":"Restart the Ingress Controller","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/restartlmingress"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:32:45 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThis section provides details about the LoadMaster RESTful API commands you can use to configure the Kubernetes Ingress Controller functionality.
\n","_postman_id":"8fb7f316-8244-43bd-a912-2809c9959979"},{"name":"Legacy WAF Settings","item":[{"name":"Commands Relating to Commercial Rule Files","item":[{"name":"Display the Commercial WAF Rule Settings","id":"d4402623-554b-4256-a53f-33ec68d2c88f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/getwafsettings","description":"The getwafsettings command displays the values of the WAF options relating to commercial rules that appear in the WAF Settings screen on the LoadMaster UI.
\nRelated UI Item
\nVirtual Services > WAF Settings
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","getwafsettings"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"8ea58eb6-e855-4be7-bacc-0bb808e79660","name":"Display the Commercial WAF Rule Settings","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/getwafsettings"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:39:13 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"find","value":"`waf_updated*': No such file or directory"},{"key":"date","value":"mapfile: No such file or directory"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe commands in this section are all related to commercial rule files.
\n","_postman_id":"fac8f6f9-4578-4d40-96d4-324830021001"},{"name":"Commands Relating to Custom Rule Files","item":[],"id":"9d1563c9-f1be-40e2-84a7-be887cf556cb","description":"The commands in this section are all related to custom rules.
\n","_postman_id":"9d1563c9-f1be-40e2-84a7-be887cf556cb"},{"name":"Command Relating to Custom and Commercial Rules","item":[{"name":"List WAF Rules","id":"4afb938a-1e49-481b-880d-3387b09d0421","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listwafrules","description":"The listwafrules command displays a list of all installed rules (commercial and custom rules).
\nIt also shows if the rules are active or not by displaying either Active or Inactive in the tag name. Active rules are ones that have been assigned to one or more Virtual Services.
\nRelated UI Item
\nVirtual Services > WAF Settings > Custom Rules
\nVirtual Services > View/Modify Services > Modify > WAF Options > Available Rules
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","listwafrules"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"fc4e6243-7a70-43f5-9efa-2874c9d0c1e1","name":"List WAF Rules","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listwafrules"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 15:09:15 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe command in this section is related to both commercial and custom rules.
\n","_postman_id":"f1e143fe-ca23-4e0c-a93b-d4be46ff2149"},{"name":"Commands Relating to Remote Logging","item":[{"name":"Save Temporary WAF Remote Log Data","id":"3dd84cd0-d9c8-4a77-97da-f281ffbabf4a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/savemlogcdata","description":"Temporary WAF remote log data can be saved to your local machine by running the logging/savemlogcdata command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","logging","savemlogcdata"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"43f724fc-d9bc-4787-a32b-10c9de488a60","name":"Save Temporary WAF Remote Log Data","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/savemlogcdata"},"status":"OK","code":200,"_postman_previewlanguage":"raw","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:41:37 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"application/octet-stream"},{"key":"Content-Disposition","value":"inline; filename=LM_mlogc_data_lb100_2024_08_07.09.41.tar.gz"}],"cookie":[],"responseTime":null,"body":"To save the file, in Postman - go to the Body of the response, click the three dots on the right, and click Save response to file."}],"_postman_id":"3dd84cd0-d9c8-4a77-97da-f281ffbabf4a"},{"name":"Clear Temporary WAF Remote Log Data","id":"124d1879-4e36-4bfc-9c11-4c0fed0eed1f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/clearmlogcdata","description":"Temporary WAF remote log data can be cleared by running the clearmlogcdata command.
\nThis removes all of the temporary WAF remote log data. This data is created when WAF remote logging is enabled on the LoadMaster and the remote log server is down or too slow to process the amount of logs generated. These log files are temporary and get automatically deleted/cleared once the data/logs have been sent to the remote log server.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","logging","clearmlogcdata"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"469091bf-a8bb-47f7-a560-8abe74672391","name":"Clear Temporary WAF Remote Log Data","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/clearmlogcdata"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:43:09 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe commands in this section relates to the WAF remote logging feature which allows the WAF audit logs to be sent to a central log repository.
\n","_postman_id":"39d61482-1428-415c-8350-a3da399caefe"}],"id":"bd2ba535-a295-4bb2-99c8-9349409698f6","description":"\n\nThe Legacy WAF functionality is not available on new LoadMaster deployments of firmware version 7.2.59 or above. If you have upgraded from a pre-7.2.59 version to 7.2.59 the Legacy WAF functionality remains available on version 7.2.59.
\n
\n\nLegacy WAF was fully deprecated in the v7.2.61 release. Deprecated means that Progress Kemp fully removed WAF Options (Legacy) from the LoadMaster. If you are running WAF Options (Legacy) and upgrade to the v7.2.61 release, a warning will be provided and the new WAF engine will be enabled with default values. We recommend upgrading your LoadMaster to use the latest WAF feature prior to upgrading to 7.2.61 so that you can configure the WAF engine to suit your configuration at the earliest possible convenience.
\n
\n\nThe following commands only work on a LoadMaster with a legacy WAF-enabled license.
\n
If you have a WAF license and WAF Support, Progress Kemp provides a number of commercial rules, such as ip_reputation, which can be set to automatically download and update on a daily basis. These commercial rules are targeted to protect against specific threats. The Progress Kemp-provided commercial rules are available when signed up to WAF Support.
\nYou can also upload other rules such as the ModSecurity core rule set which contains generic attack detection rules that provide a base level of protection for any web application.
\nYou can also write and upload your own custom rules if desired.
\nWith the WAF-enabled LoadMaster, you can choose whether to use Progress Kemp-provided rules, custom rules which can be uploaded or a combination of both. The sections below provide details about commands that are specific to commercial rules, custom rules and a command which relates to both types of rule.
\n","_postman_id":"bd2ba535-a295-4bb2-99c8-9349409698f6"},{"name":"WAF Settings","item":[{"name":"Enable Legacy or OWASP WAF","item":[{"name":"Enable Legacy WAF","id":"c6e377fc-b6b1-4458-ac1e-e70a57863897","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modvs?vs=1&InterceptMode=1","description":"To enable legacy WAF, run the modvs command and set the parameter InterceptMode value to 1.
\n\n\nYou cannot switch from legacy WAF mode to OWASP WAF mode (or vice versa). You must first disable WAF (set InterceptMode to 0) and then you can switch to the other mode.
\n
\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modvs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"1"},{"key":"InterceptMode","value":"1"}],"variable":[]}},"response":[{"id":"67fe579e-3334-4250-9a00-13e511922741","name":"Enable Legacy WAF","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modvs?vs=1&InterceptMode=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modvs"],"query":[{"key":"vs","value":"1"},{"key":"InterceptMode","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 15:10:21 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nNote: Legacy WAF was deprecated and removed from the LoadMaster in firmware version 7.2.61.
\n
To enable OWASP WAF, run the modvs command and set the parameter InterceptMode value to 2.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modvs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"2"},{"key":"InterceptMode","value":"2"}],"variable":[]}},"response":[{"id":"1936a6db-95b4-4975-aacc-e6c52f16ea8d","name":"Enable OWASP WAF","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modvs?vs=2&InterceptMode=2","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modvs"],"query":[{"key":"vs","value":"2"},{"key":"InterceptMode","value":"2"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:46:41 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou cannot switch from legacy WAF mode to OWAP WAF mode (or vice versa). You must first disable WAF (set InterceptMode to 0) and then you can switch to the other mode.
\n
This section provides commands relating to enabling legacy or OWASP WAF.
\n","_postman_id":"5c36e827-efff-4a14-9659-a577f9745456"},{"name":"WAF OwaspOpts Parameter","item":[],"id":"17c37eb1-9325-47a0-a3f9-2de280c5398c","description":"The WAF OwaspOpts parameter is a special parameter – it can be used to set the value for multiple fields, rather than just one field as with most other parameters.
\n\n\nTo enable OWASP WAF, set the InterceptMode parameter to 2.
\n
The names of the specific UI fields that the OwaspOpts parameter is related to are listed in the table below.
One or more field values can be set in one command. Multiple values can be set in the one command by separating the values with a semi-colon, for example:
\"InterceptOpts\": \"auditnone;reqdataenable;resdataenable;jsondisable;xmldisable\"
The table below outlines what each of the values mean.
\n\nThe values that are related to the same UI option are mutually exclusive. For example, you cannot set Enable JSON Parser to both jsondisable and jsonenable.
\n
Value | Related UI Option | Default | Meaning |
auditnone | Audit mode | No Audit | Set the Audit mode to No Audit. No data is logged. |
auditrelevant | Audit mode | No Audit | Set the Audit mode to Audit Relevant. Logs data which is of a warning level and higher. |
auditall | Audit mode | No Audit | Set the Audit mode to Audit All. Logs all data through the Virtual Service. The Audit All option is not recommended for use in normal operation. Audit All should only be used when troubleshooting a specific problem. |
reqdataenable | Inspect HTML POST Request Bodies | Disabled | Enable the Inspect HTML POST Request Bodies option. This verifies the data supplied in POST requests. |
reqdatadisable | Inspect HTML POST Request Bodies | Disabled | Disable the Inspect HTML POST Request Bodies option. |
resdataenable | Process HTTP Responses | Disabled | Enable the Process HTTP Responses option. This verifies data sent from the Real Servers. This can be CPU and memory intensive. |
resdatadisable | Process HTTP Responses | Disabled | Disable the Process HTTP Responses option. |
jsondisable | Enable JSON Parser | Enabled | Disable the JSON parser. This option is only relevant if the Inspect HTML POST Request Bodies option is enabled. |
jsonenable | Enable JSON Parser | Enabled | Enable the JSON parser. This enables the verification of JSON POSTs. This option is only relevant if the Inspect HTML POST Request Bodies option is enabled. |
xmldisable | Enable XML Parser | Enabled | Disable the XML parser. This option is only relevant if the Inspect HTML POST Request Bodies option is enabled. |
xmlenable | Enable XML Parser | Enabled | Enable the XML parser. This enables the verification of XML POSTs. This option is only relevant if the Inspect HTML POST Request Bodies option is enabled. |
| otherctypesdisable | Enable Other Content Types | Disabled | Disable verification of POST content types (other than XML/JSON). |
| otherctypesenable | Enable Other Content Types | Disabled | Enable verification of POST content types (other than XML/JSON). Enabling the inspection of any other content types may increase system resource utilization (CPU and memory). A specific list of content types should be considered. When this option is enabled, the POSTOtherContentTypes parameter can be used to enter a comma-separated list of POST content types allowed for WAF analysis. By default, all types (other than XML/JSON) are enabled. |
To add a new custom rule file, run the addowaspcustomrule command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addowaspcustomrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"filename","value":"known.conf"}],"variable":[]}},"response":[{"id":"5c6c66fd-0f75-4dca-9656-2d4d9c6e1558","name":"Add a New Custom Rule","originalRequest":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/Users/lbarry/OneDrive - Progress Software Corporation/documentation updates/WAF/Custom rule and data files/known.conf"}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addowaspcustomrule?filename=known.conf","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addowaspcustomrule"],"query":[{"key":"filename","value":"known.conf"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:49:38 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nNote: In the LTSF version, if the character length of the OWASP rule file exceeds 456 characters the command will fail with an error saying
\nCommand Failed: No Rules in File.
To delete an existing rule file, run the delowaspcustomrule command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delowaspcustomrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"filename","value":"known"}],"variable":[]}},"response":[{"id":"4180201d-2df0-4647-995d-e75b859b50f9","name":"Delete a Existing Custom Rule","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delowaspcustomrule?filename=known","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delowaspcustomrule"],"query":[{"key":"filename","value":"known"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:50:29 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo download a custom rule file, run the downloadowaspcustomrule command.
\nThe filename parameter is mandatory. Specify the name of the OWASP custom rule file to download in the filename parameter. You can get the filename by going to Web Application Firewall > Custom Rules in the UI. If you run the command using a web browser, the file will download to the location specified in your browser settings.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","downloadowaspcustomrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"filename","value":"known"}],"variable":[]}},"response":[{"id":"fa2a3492-5b31-4724-8601-fca25d255aad","name":"Download a Custom Rule","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/downloadowaspcustomrule?filename=known","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","downloadowaspcustomrule"],"query":[{"key":"filename","value":"known"}]}},"status":"OK","code":200,"_postman_previewlanguage":"raw","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:51:35 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"application/octet-stream"},{"key":"Content-Disposition","value":"inline; filename=\"known.conf\""}],"cookie":[],"responseTime":null,"body":"Rule file would appear here"}],"_postman_id":"7647dbd9-f363-474d-b843-9df2f9bd65fb"}],"id":"977bdcd9-8e32-42a5-ab3d-976927299d76","description":"This section provides commands relating to OWASP custom rulesets.
\n","_postman_id":"977bdcd9-8e32-42a5-ab3d-976927299d76"},{"name":"OWASP Custom Data File","item":[{"name":"Add a Custom Data File","id":"6ae6026a-9350-417b-ae68-b2b51f365828","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"file","file":{"src":"/C:/Users/lbarry/OneDrive - Progress Software Corporation/documentation updates/WAF/Custom rule and data files/owasp_cust.data"}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addowaspcustomdata?filename=owasp_cust.data","description":"To add a custom data file, run the addowaspcustomdata command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addowaspcustomdata"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"filename","value":"owasp_cust.data"}],"variable":[]}},"response":[{"id":"aba6c947-cf7a-4517-acf5-53ffe50fe6a6","name":"Add a Custom Data File","originalRequest":{"method":"GET","header":[],"body":{"mode":"file","file":{"src":"/C:/Users/lbarry/OneDrive - Progress Software Corporation/documentation updates/WAF/Custom rule and data files/owasp_cust.data"}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addowaspcustomdata?filename=owasp_cust.data","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addowaspcustomdata"],"query":[{"key":"filename","value":"owasp_cust.data"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:53:39 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete an existing data file, run the delowaspcustomdata command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delowaspcustomdata"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"filename","value":"owasp_cust"}],"variable":[]}},"response":[{"id":"ff37a6c0-7932-4f2e-9fc0-baab7c6057b4","name":"Delete a Custom Data File","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delowaspcustomdata?filename=owasp_cust","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delowaspcustomdata"],"query":[{"key":"filename","value":"owasp_cust"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:54:21 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo download a custom data file, run the downloadowaspcustomdata command.
\nThe filename parameter is mandatory. Specify the name and extension (either .txt or .data) of the OWASP custom data file to download in the filename parameter. You can get the filename by going to Web Application Firewall > Custom Rules in the UI. If you run the command using a web browser, the file will download to the location specified in your browser settings.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","downloadowaspcustomdata"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"filename","value":"owasp_cust.data"}],"variable":[]}},"response":[{"id":"5627782a-ff91-4c09-b5dc-9a8355bf8013","name":"Download a Custom Data File","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/downloadowaspcustomdata?filename=owasp_cust.data","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","downloadowaspcustomdata"],"query":[{"key":"filename","value":"owasp_cust.data"}]}},"status":"OK","code":200,"_postman_previewlanguage":"raw","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:55:11 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"application/octet-stream"},{"key":"Content-Disposition","value":"inline; filename=\"owasp_cust.data\""}],"cookie":[],"responseTime":null,"body":"${CDPATH}\n${DIRSTACK}\n${HOME}\n${HOSTNAME}\n${IFS}\n${OLDPWD}\n${OSTYPE}\n${PATH}\n${PWD}\n$CDPATH\n$DIRSTACK\n$HOME\n$HOSTNAME\n$IFS\n$OLDPWD\n$OSTYPE\n$PATH\n$PWD\nbin/bash\nbin/cat\nbin/csh\nbin/dash\nbin/du\nbin/echo\nbin/grep\nbin/less\nbin/ls\nbin/mknod\nbin/more\nbin/nc\nbin/ps\nbin/rbash\nbin/sh\nbin/sleep\nbin/su\nbin/tcsh\nbin/uname\r\n"}],"_postman_id":"51850906-f994-4349-b799-092040282c81"}],"id":"14e8ab91-0ec2-4a73-ad5c-156beae10d86","description":"This section provides commands relating to the OWASP custom data file.
\n","_postman_id":"14e8ab91-0ec2-4a73-ad5c-156beae10d86"},{"name":"OWASP Rules","item":[{"name":"List the Available OWASP Rules","id":"02f98356-a55f-452f-8e8d-6a554f4a4eea","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/owasprules","description":"To list all available OWASP rules, run the owasprules command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","owasprules"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"7ccf7e00-d5b0-4a75-a485-226e807f20dd","name":"List the Available OWASP Rules","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/owasprules"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:55:55 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo display all OWASP rules and their enablement state for a Virtual Service, run the owasprules command and Specify the Virtual Service index.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","owasprules"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"2"}],"variable":[]}},"response":[{"id":"755c2ff0-3435-4d23-9cc7-7422ef25fdc0","name":"Show All OWASP Rules","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/owasprules?vs=2","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","owasprules"],"query":[{"key":"vs","value":"2"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:56:47 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo display an OWASP rule and its enablement state for a Virtual Service, run the owasprules command and specify the Virtual Service index and rule ID.
\n\n\nTo get the rule ID of an OWASP rule, check the user interface (Virtual Services > View/Modify Services > Modify > WAF > Manage Rules and expand the relevant rule section to see the associated rule ids) or run the owasprules command. You can also specify a prefix, such as 913 for the scanner-detection rules, to enable/disable/view all rules that contain that prefix in their ID.
\n
\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","owasprules"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"2"},{"key":"rule","value":"911100"}],"variable":[]}},"response":[{"id":"17f17321-8fa8-4316-8abd-647b683c2b0e","name":"Show an OWASP Rule","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/owasprules?vs=2&rule=911100","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","owasprules"],"query":[{"key":"vs","value":"2"},{"key":"rule","value":"911100"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:57:41 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nFor more information on the OWASP rules including a list of IDs for each ruleset and rule, refer to the OWASP Standard Rules Technical Note.
\n
To specify that a custom rule should run before the OWASP Core Rule Set (CRS), enable the runfirst parameter.
\nIf the runfirst parameter is disabled, the custom rule runs after the CRS.
\nThe runfirst parameter is disabled by default.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","owasprules"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"2"},{"key":"rule","value":"known"},{"key":"runfirst","value":"1"}],"variable":[]}},"response":[{"id":"3ef042bd-3ac8-4a1e-8cca-0ca8cb8b9439","name":"Specify if a Custom Rule should be run before the Core Rule Set","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/owasprules?vs=2&rule=known&runfirst=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","owasprules"],"query":[{"key":"vs","value":"2"},{"key":"rule","value":"known"},{"key":"runfirst","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:58:36 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo turn off all OWASP rules for a particular ruleset of a Virtual Service, run the owaprules command and specify the Virtual Service index, rule ID, and set the enable parameter to 0.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","owasprules"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"2"},{"key":"enable","value":"no"}],"variable":[]}},"response":[{"id":"33cdb3a2-9de0-4a60-8623-537a3dcdc4f9","name":"Turn Off All OWASP Rules","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/owasprules?vs=2&enable=no","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","owasprules"],"query":[{"key":"vs","value":"2"},{"key":"enable","value":"no"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 09:59:52 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo filter the list of rules, run the owasprules command, specifying the VS index and filter term.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","owasprules"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"2"},{"key":"enable","value":"yes"},{"key":"filter","value":"sql"}],"variable":[]}},"response":[{"id":"b97ca67c-9471-4cd3-9ac7-3bc11cd7e1fb","name":"Filter the List of Rules","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/owasprules?vs=2&enable=yes&filter=sql","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","owasprules"],"query":[{"key":"vs","value":"2"},{"key":"enable","value":"yes"},{"key":"filter","value":"sql"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 10:00:56 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo enable/disable all rules for a Virtual Service, run the owasprules command, specify the Virtual Service ID, and set the enable parameter.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","owasprules"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"2"},{"key":"enable","value":"no"}],"variable":[]}},"response":[{"id":"c5349ffd-bba0-4bc0-a0e4-db4f93e05883","name":"Enable Rules for a Virtual Service","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/owasprules?vs=2&enable=yes","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","owasprules"],"query":[{"key":"vs","value":"2"},{"key":"enable","value":"yes"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 10:02:02 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nNote: Commands used under this section are not supported in the LTSF LoadMaster version yet.
\n","_postman_id":"63538773-2629-4797-a970-2a1e1d223d9f"}],"id":"c5b773f5-fe41-4c3b-813f-f91aebd56c7c","description":"\n\nThe following commands only work on a LoadMaster with a WAF-enabled license.
\n
You can configure the following WAF parameters using the modvs commands.
\nName | Type | Default | Range | Description |
Intercept | B | 0 | 0 – Disabled 1 – Enabled | You can set the Intercept parameter to 1 to enable Legacy WAF. Setting Intercept to 0 disables WAF. Note: Legacy WAF was deprecated and removed from the LoadMaster in version 7.2.61 - to enable OWASP WAF use the InterceptMode parameter. |
InterceptMode | I | 0 | 0 – Disabled 1 – Legacy 2 – OWASP | You cannot switch from one WAF mode to another. You must first disable WAF (set InterceptMode to 0) and then you can switch to the other mode. Note: Legacy WAF was deprecated and removed from the LoadMaster in version 7.2.61 - to enable OWASP WAF set the InterceptMode parameter to 2. |
InterceptOpts | S | unset | Most of the fields in the WAF Options (Legacy) section of the Virtual Service modify screen in the LoadMaster UI can be set using this parameter. For further details, refer to the following section: WAF InterceptOpts Parameter. | |
OwaspOpts | S | unset | Some of the OWASP WAF Virtual Service parameters can be set using this parameter. For further details, refer to the following section: WAF OwaspOpts Parameter. | |
BlockingParanoia | I | 1 | 1 - 4 | The paranoia level at which the OWASP engine blocks the request coming from the server. |
ExecutingParanoia | I | 1 | 1 - 4 | The paranoia level at which the OWASP engine logs requests that are coming from the server. This value should not be lower than the BlockingParanoia level |
AnomalyScoringThreshold | i | 100 | 1 - 10000 | Set the Anomaly Scoring Threshold value. Every detection rule in the CRS raises the anomaly score. If the cumulative anomaly score per request hits the configured limit, the request will be blocked |
pcrelimit | I | 10000 | 1000 - 9999999 | This setting sets the maximum iterations that the internal PCRE engine will use to resolve a regular expression before failing a match. Note: The default value is 3000 in the LTSF LoadMaster version. |
JSONDLimit | I | 10000 | 1000 - 99999 | This value sets the maximum depth that will be accepted during JSON parsing. Lower values may cause a valid match to fail. Higher values may cause the WAF engine to run slower. |
AlertThreshold | I | 0 - disabled | 0 - 100000 | This is the threshold of incidents per hour before sending an alert. Setting this to 0 disables alerting. |
InterceptPOSTOtherContentTypes | S | unset | When the otherctypesenable parameter is enabled, use the InterceptPOSTOtherContentType s parameter to enter a comma separated list of POST content types allowed for WAF analysis, for example text/plain,text/css. By default, all types (other than XML/JSON) are enabled. To set this to any other content types, set the value to any. | |
BodyLimit | I | 1024 – 52428800 Note: The maximum value for the BodyLimit parameter on LTSF LoadMasters is 10485760. | Set the maximum size of POST request bodies (in bytes) that the WAF engine will allow through. Higher values require more memory resources and may impact WAF engine performance. The default value is 1048576 bytes. | |
PostOtherContentTypes | S | When the otherctypesenable parameter is enabled, use the POSTOtherContentTypes parameter to enter a comma separated list of POST content types allowed for WAF analysis, for example text/plain,text/css. By default, all types (other than XML/JSON) are enabled. To set this to any other content types, set the value to any. | ||
IPReputationBlocking | B | 0 | 0 – Disabled 1 – Enabled | Enables the checking of client addresses against the IP reputation database. |
RuleSets | S | In OWASP CRS rulesets are described by three digit numbers. Specify the three digit number of the rulesets you wish to enable. For example: RuleSets=911, 913, 920…. | ||
ExcludedWorkLoads | S | Specify a list of workloads that the customer is running. By default, some workloads cause a lot of false positives, if someone is running one of workloads (drupal, wordpress, nextcloud, dokuwiki, cpanel, xenforo), add its name to the list will stop certain checks that are known to cause problems. | ||
BlockedCountries | S | Enter the two letter country codes that are to be blocked. | ||
AuditParts | S | ABEFHKZ | Enter a valid string which contains the sections that are to be put in the wafaudit log for each request. Currently, only four values B, E, F, H are enabled. | |
CustomRules | Specify a list of custom rules that are to be configured for the Virtual Service. | |||
DisabledRules | Specify a list of disabled rules. |
This section contains details about commands relating to Virtual Service configuration.
\nVirtual Services can be addressed either by using the IP address or the index (ID). The index is a numerical value that tracks the Virtual Service internally.
\nYou can retrieve the ID by using the showvs or listvs command. Alternatively, you can check the Virtual Service modify screen in the UI, which displays the Virtual Service ID, for example:
Properties for udp/IPAddress:53 (Id:4).
The existing FQDNs can be listed by running the listfqdns command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","listfqdns"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"3b929b3b-8060-432e-bb3a-2e6d19f3c5f6","name":"List FQDNs","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listfqdns"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 10:21:13 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can add an FQDN by running the addfqdn command.
\n\n\nfqdn is a required parameter for this command.
\n
\n\nAs of LoadMaster version 7.2.60.1, underscores are supported in the fqdn parameter.
\n
\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addfqdn"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"Example3.com"}],"variable":[]}},"response":[{"id":"5b90f2a7-bbf3-47f4-92bc-fe853978f188","name":"Add an FQDN","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addfqdn?fqdn=Example3.com","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addfqdn"],"query":[{"key":"fqdn","value":"Example3.com"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:11:08 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe FQDN can be a maximum of 63 characters long.
\n
An existing FQDN can be modified by running the modfqdn command.
\nThe modfqdn command accepts the following optional parameters:
\nName | Type | Default | Range | Additional Information |
SelectionCriteria | S | rr | rr = round robin wrr = weighted round robin fw = fixed weighting rsr = real server load prx = proximity lb = location based all = all available | The selection criteria for addresses associated with the FQDN. For a description of each of these options, refer to the GEO, Feature Description on the Documentation Page. |
FailTime | I | 0 | 0-1440 (minutes) | If a failure delay is not set, normal health checking is performed. If set, this parameter defines the number of minutes to wait after a failure before finally disabling it. Once it is disabled, it will not normally be brought back into operation. |
siterecoverymode | S | auto | auto - automatic manual - manual | This parameter defines the Site Recovery Mode. If this is set to automatic, upon site recovery the site is brought back into operation immediately. If this is set to manual, once the site has failed, the site is disabled. Manual intervention is required to restore normal operation. |
failover | B | 0 – disabled | 0 – Disabled 1 – Enabled | This parameter is only relevant if the SelectionCriteria is set to lb (Location Based). Enable/disable FQDN failover. |
publicRequestValue | I | 0 – Public Sites Only | 0 – Public Sites Only 1 – Prefer Public Sites 2 – Prefer Private Sites 3- Any Sites | Restrict responses to clients from public IP addresses to specific classes of site. For an explanation of the different settings and their values please see the section Public Requests & Private Requests below including the table |
privateRequestValue | I | 0 – Private Sites Only | 0 – Private Sites Only 1 – Prefer Private Sites 2 – Prefer Public Sites 3 – Any Sites | Restrict responses to clients from private IP addresses to specific classes of site. For an explanation of the different settings and their values please see the section Public Requests & Private Requests below including the table |
ecsforpubpriv | B | 0 – Disabled | 0 – Disabled 1 – Enabled | When this parameter is disabled, the device uses the client request’s source IP address to determine if the request is public or private. When enabled, the device uses the EDNS Client Subnet (ECS) value instead (if one is received) to determine if the request is public or private. This option becomes inactive in either of the following conditions: - The EDNS Client Subnet (ECS) option (in Global Balancing > Miscellaneous Params) is disabled. - The Public Requests and Private Requests values are both set to All Sites. Note: This parameter is not supported in the LTSF LoadMaster version yet. |
LocalSettings | B | 0 – Disabled | 0 – Disabled 1 – Enabled | Enabling this parameter provides two additional parameters for the FQDN – localttl and localsticky. |
localttl | I | Defaults to the value of the global ttl value when an FQDN is created. | 1 to 86400 | The Time To Live (TTL) value dictates how long the reply from the GEO LoadMaster can be cached by other DNS servers or client devices. The time interval is defined in seconds. This value should be as practically low as possible. The default value for this field is 10. |
localsticky | I | Defaults to the value of the global persist value when an FQDN is created. | 0 to 86400 | Stickiness, also known as persistence, is the property that enables all name resolution requests from an individual client to be sent to the same resources until a specified period of time has elapsed. |
unanimouschecks | B | 0 – Disabled | 0 – Disabled 1 – Enabled | When this parameter is enabled, if any IP addresses fail health checking - the other FQDN IP addresses which belong to the same cluster will be forced down. |
Public Requests & Private Requests
\nThe Public Requests and Private Requests options replace the old Isolate Public/Private Sites option which was available on LoadMasters with firmware up to and including 7.1-28. The new settings offer administrators greater flexibility when configuring an FQDN.
\nThese new settings allow administrators to selectively respond with public or private sites based on whether the client is from a public or private IP. For example, administrators may wish to allow only private clients to be sent to private sites.
\nThe following table outlines settings and their configurable values:
\nSetting | Value | Client Type | Site Types Allowed |
PublicRequests | Public Only Prefer Public Prefer Private All Sites | Public Public Public Public | Public Public, Private if no public Private, Public if no private Private and Public |
Private Requests | Private Only Prefer Private Prefer Public All Sites | Private Private Private Private | Private Private, Public if no private Public, Private if no public Private and Public |
The showfqdn command displays various details relating to the specified FQDN.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","showfqdn"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"Example2.com"}],"variable":[]}},"response":[{"id":"6201b99e-4413-4ef2-9db8-72ce270c7751","name":"Show an FQDN","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showfqdn?fqdn=Example2.com","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","showfqdn"],"query":[{"key":"fqdn","value":"Example2.com"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:14:44 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nAn FQDN can be deleted by running the delfqdn command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delfqdn"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"Example.com"}],"variable":[]}},"response":[{"id":"f3d8e181-39a7-4678-9541-5f9d580378a5","name":"Delete an FQDN","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delfqdn?fqdn=Example.com","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delfqdn"],"query":[{"key":"fqdn","value":"Example.com"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:15:29 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nfqdn is a required parameter for this command.
\n
You can add an IP address to an FQDN by running the addmap command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addmap"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"},{"key":"cluster","value":"ExampleCluster"}],"variable":[]}},"response":[{"id":"98ef1bc6-974e-4f14-b782-9ade94ceec38","name":"Add an IP Address to an FQDN","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addmap?fqdn=Example2.com&ip=InsertIPAddress&cluster=ExampleCluster","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addmap"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"},{"key":"cluster","value":"ExampleCluster"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:17:31 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nIn LoadMaster firmware versions prior to 7.2.57, there is an entry limit of 64 IP addresses per FQDN. If you attempt to add more than this, you get an error message saying Too many IP addresses already specified.
\n
The entry limit was increased to 256 IP addresses in LoadMaster firmware version 7.2.57. It is recommended that the LoadMaster should have 8GB memory space to configure the 256 IP addresses per FQDN.
To configure settings for an IP address in an FQDN, run the modmap command.
\nThe modmap command accepts the following optional parameters:
\nName | Type | Default | Range | Additional Information |
Checker
| S | icmp | none icmp tcp clust http https | Specify the type of checking to be done on this IP address Setting the Checker parameter value to none will delete the health check. |
checkerurl | S | / | Maximum of 127 characters | By default, the health checker tries to access the URL forward slash (/) to determine if the machine is available. You can specify a different URL using the checkerurl parameter. The URL must begin with a forward slash (/). The URL cannot contain http: or https:. The URL can be a maximum of 127 characters. |
checkercodes | S | 300-599 | A space-separated list of HTTP status codes that should be treated as successful when received from the server. There is a maximum of 32 codes. There is a limit of 127 characters. | |
checkerhost | S | A hostname can be supplied in the request to the server. If this is not set, the server address is sent as the host. There is a limit of 127 characters. Allowed characters: alphanumerics and -._: | ||
checkerhttpmethod | S | get | 1 - GET 2 - POST 3 - HEAD | When accessing the health check URL, the system can use the GET, the POST, or the HEAD method. If POST is selected, the checkerpostdata parameter is also valid. Note: The HEAD method is not supported in the LTSF LoadMaster version yet. |
checkerpostdata | S | Up to 2047 characters of POST data can be passed to the server. This parameter is only relevant if the checkerhttpmethod parameter is set to 2 (POST). | ||
checkerheaders | S | You can specify a pipe-separated list of custom header key and value pairs that are to be part of the health check request. The key and value are separated by a colon (in the example below the key for the first key value pair is ab and the value is er). You can specify a maximum of 255 characters for the checkheaders parameter. Allowed characters for header keys (the part before the colon) are alphanumerics and _-. Allowed characters for header values (the part after the colon) are alphanumerics and _-.+=;(). For example: access/modmap?ip=1.1.1.5&fqdn=Example.com&checkerheaders=ab:er|ry:esNote: You can specify a maximum of four custom headers. Note: Setting the checkerheaders parameter will overwrite any previously set values for this parameter. Note: This parameter is not supported in the LTSF LoadMaster version yet. | ||
Weight | I | 1000 | 1-65535 | Specify the weight associated with the IP address. The address with the highest weight is returned. This is only relevant if the Selection Criteria for the FQDN is set to Weighted Round Robin or Fixed Weighting. |
Enable | B | 1 – Enabled | 1 – Enable 0 – Disable | Enable or disable the IP address. |
Cluster | I | unset |
| Specify the ID number of the cluster to associate with the IP address. |
MapAddress | A | unset |
| This is only relevant when the Selection Criteria is set to Real Server Load, the Checker is set to Cluster Checks and the cluster is of type Remote LM or Local LM. Enter a Virtual Service IP address to be mapped from the relevant LoadMaster. |
MapPort | I | unset |
| This is only relevant when the Selection Criteria is set to Real Server Load, the Checker is set to Cluster Checks and the cluster is of type Remote LM or Local LM. This parameter is used in conjunction with the MapAddress parameter to specify an IP address and port combination to be mapped. If this parameter is not set, the health check will check all Virtual Services with the same IP address as the one selected. If one of them is in an “Up” status, the FQDN will show as “Up”. If a port is specified, the health check will only check against the health of that Virtual Service when checking the health of the FQDN. |
\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modmap"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"},{"key":"checker","value":"icmp"}],"variable":[]}},"response":[{"id":"e8a17def-3167-4aa4-b47b-f685508d7293","name":"Configure Settings for an IP Address in an FQDN","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modmap?fqdn=Example2.com&ip=InsertIPAddress&checker=icmp","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modmap"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"},{"key":"checker","value":"icmp"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:19:57 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe maximum length of an API call is 1024 characters. If you want to make a larger call, use the POST method.
\n
To specify the Virtual Service that is associated with the IP address, run the geochangecheckermapping command. The following parameter combinations are valid to provide when running this command:
\n- \n
- remvip and remport - The Virtual Service IP address and port \n
- remname and remport - The Virtual Service name and port \n
To change the location of an IP address in an FQDN, run the changemaploc command.
\n\n\nThis command is only relevant when the Selection Criteria for the FQDN is set to Proximity.
\n
The lat and long values should be entered as an integer containing the total seconds. This total seconds value is converted to degrees, minutes and seconds when displayed in the UI.
\n\n\nTo set north and east coordinates use a positive integer value. To set south and west coordinates use a negative integer value.
\n
There are 60 seconds in a minute and 60 minutes in a degree.
\nDegrees = º
\nMinutes = ‘
\nSeconds = “
\n60” = 1’
\n3600” = 1º
\n3660 = 1º1’
\n3661 = 1º1’1”
\nYou can also represent this as a decimal value for degrees where the minutes and seconds are divided by 3600 to get the decimal value.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","changemaploc"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"},{"key":"lat","value":"3661"},{"key":"long","value":"3661"}],"variable":[]}},"response":[{"id":"915226b3-de88-4b4e-957a-411f93d4e65d","name":"Change the Location of an IP Address in an FQDN","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/changemaploc?fqdn=Example2.com&ip=InsertIPAddress&lat=3661&long=3661","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","changemaploc"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"},{"key":"lat","value":"3661"},{"key":"long","value":"3661"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:25:27 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo change the address of a checker, run the changecheckeraddr command.
\nThe changecheckeraddr command requires the following parameters:
\nName | Type | Default | Range | Additional Information |
checkerip
| S | unset |
| Specify the address used to health check the IP address. |
port | I | 80 | 1-65530 | Specify the port used to health check the IP address. |
Specifying an empty value for the the checkerip or port parameters sets them to their default values (blank for the checkerip and 80 for the port).
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","changecheckeraddr"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"},{"key":"checkerip","value":"InsertCheckerIPAddress"},{"key":"port","value":"80"}],"variable":[]}},"response":[{"id":"f6192543-a81e-4fdc-9f7f-9e40799eb7be","name":"Change Checker Address","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/changecheckeraddr?fqdn=Example2.com&ip=InsertIPAddress&checkerip=InsertCheckerIPAddress&port=80","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","changecheckeraddr"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"},{"key":"checkerip","value":"InsertCheckerIPAddress"},{"key":"port","value":"80"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:27:08 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete an IP address from an FQDN, run the delmap command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delmap"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"}],"variable":[]}},"response":[{"id":"f1cb1fb2-4246-4c78-acb3-2a2b1e3f0e40","name":"Delete an IP Address from an FQDN","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delmap?fqdn=Example2.com&ip=InsertIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delmap"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:29:36 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo add a country or continent, run the addcountry command.
\n\n\nThis command is only relevant when the Selection Criteria for the FQDN is set to Location Based. Refer to the Modify an FQDN section for details on how to modify the Selection Criteria.
\n
\n\nThe FQDN name is case sensitive.
\n
\n\nThe country code and continent codes used are the standard ISO codes.
\n
\n\nWhen adding a country - the iscontinent parameter must be set to no.
\n
\n\nWhen adding a continent - the iscontinent parameter must be set to yes.
\n
\n\nThe value for countrycode should be in uppercase.
\n
\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addcountry"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"},{"key":"countrycode","value":"IE"},{"key":"iscontinent","value":"no"}],"variable":[]}},"response":[{"id":"14074469-7b4b-435d-a74a-95c2e0bb814c","name":"Add a Location","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addcountry?fqdn=Example2.com&ip=InsertIPAddress&countrycode=IE&iscontinent=no","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addcountry"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"},{"key":"countrycode","value":"IE"},{"key":"iscontinent","value":"no"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:31:41 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo specify everywhere as the country, type ALL as the country code and set the iscontinent parameter to yes.
\n
To add a custom location, run the addcountry command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addcountry"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"},{"key":"customlocation","value":"Limerick"}],"variable":[]}},"response":[{"id":"3b5defb7-0dbb-4ea2-826d-cd070c22477c","name":"Add an Existing Custom Location to an FQDN","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:{{vault:authorization-password}}@InsertLoadMasterIPAddress/access/addcountry?fqdn=Example2.com&ip=InsertIPAddress&customlocation=Limerick","protocol":"https","auth":{"user":"bal","password":"{{vault:authorization-password}}"},"host":["InsertLoadMasterIPAddress"],"path":["access","addcountry"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"},{"key":"customlocation","value":"Limerick"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:33:51 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe custom location must already exist in the IP Range Selection Criteria.
\n
It is also possible to add a country/continent and a custom location in the one command – simply include all of the parameters.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addcountry"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"},{"key":"countrycode","value":"IE"},{"key":"iscontinent","value":"No"},{"key":"customlocation","value":"Limerick"}],"variable":[]}},"response":[{"id":"fcb9a21a-e796-4e9c-8bed-35105778772b","name":"Add a Country/Continent and Custom Location in One Command","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addcountry?fqdn=Example2.com&ip=InsertIPAddress&countrycode=IE&iscontinent=No&customlocation=Limerick","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addcountry"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"},{"key":"countrycode","value":"IE"},{"key":"iscontinent","value":"No"},{"key":"customlocation","value":"Limerick"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:36:02 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo remove a location, run the removecountry command.
\n\n\nThis command is only relevant when the Selection Criteria for the FQDN is set to Location Based.
\n
\n\nThe FQDN name is case sensitive.
\n
\n\nThe country code and continent codes used are the standard ISO codes.
\n
\n\nWhen removing a country - the iscontinent parameter must be set to no.
\n
\n\nWhen removing a continent - the iscontinent parameter must be set to yes.
\n
\n\nThe value for countrycode should be in uppercase.
\n
\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","removecountry"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"},{"key":"countrycode","value":"IE"},{"key":"iscontinent","value":"no"}],"variable":[]}},"response":[{"id":"53493396-e24d-4240-9529-46bd502fa1eb","name":"Remove a Location","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/removecountry?fqdn=Example2.com&ip=InsertIPAddress&countrycode=IE&iscontinent=no","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","removecountry"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"},{"key":"countrycode","value":"IE"},{"key":"iscontinent","value":"no"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:37:32 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo specify everywhere as the country, type ALL as the country code and set the iscontinent parameter to yes.
\n
To remove a custom location, run the removecountry command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","removecountry"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"},{"key":"customlocation","value":"Limerick"}],"variable":[]}},"response":[{"id":"0e155249-426b-4e83-881d-892710377712","name":"Remove a Custom Location","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/removecountry?fqdn=Example2.com&ip=InsertIPAddress&customlocation=Limerick","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","removecountry"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"},{"key":"customlocation","value":"Limerick"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:38:57 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nIt is possible to remove a country/continent and a custom location in the one command – simply include all of the parameters.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","removecountry"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"},{"key":"countrycode","value":"IE"},{"key":"iscontinent","value":"no"},{"key":"customlocation","value":"Limerick"}],"variable":[]}},"response":[{"id":"a5dacad3-f34f-43be-8c01-3bb568204d3f","name":"Remove a Country/Continent and Custom Location in One Command","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/removecountry?fqdn=Example2.com&ip=InsertIPAddress&countrycode=IE&iscontinent=no&customlocation=Limerick","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","removecountry"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"ip","value":"InsertIPAddress"},{"key":"countrycode","value":"IE"},{"key":"iscontinent","value":"no"},{"key":"customlocation","value":"Limerick"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:40:31 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can add a new TXT record by running the addrr command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addrr"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"type","value":"txt"},{"key":"rdata","value":"ExampleResourceRecordData"}],"variable":[]}},"response":[{"id":"6c5714bf-7067-4e81-9410-999c73f46351","name":"Add a New TXT Record","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addrr?fqdn=Example2.com&type=txt&rdata=ExampleResourceRecordData","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addrr"],"query":[{"key":"fqdn","value":"Example2.com"},{"key":"type","value":"txt"},{"key":"rdata","value":"ExampleResourceRecordData"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:41:41 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nAs of LoadMaster version 7.2.60.1, underscores are supported in the value parameter.
\n
You can add a new CNAME record by running the addrr command.
\nYou can add an FQDN that is unrelated to the FQDN to which the records are being added using the RDATA parameter, if desired.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addrr"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"fqdn.ZoneNameExample.com"},{"key":"type","value":"cname"},{"key":"name","value":"www.fqdn.ZoneNameExample.com"}],"variable":[]}},"response":[{"id":"7e3f6528-1113-47bc-961d-5959c1e1be1a","name":"Add a New CNAME Record","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addrr?fqdn=fqdn.ZoneNameExample.com&type=cname&name=www.fqdn.ZoneNameExample.com","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addrr"],"query":[{"key":"fqdn","value":"fqdn.ZoneNameExample.com"},{"key":"type","value":"cname"},{"key":"name","value":"www.fqdn.ZoneNameExample.com"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:43:13 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nAs of LoadMaster version 7.2.60.1, underscores are supported in the name parameter.
\n
You can add a new MX record by running the addrr command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addrr"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"fqdn.ZoneNameExample.com"},{"key":"type","value":"mx"},{"key":"rdata","value":"ResourceRecordData3"}],"variable":[]}},"response":[{"id":"6a6721a2-7132-4fe9-8736-171381204302","name":"Add a New MX Record","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addrr?fqdn=fqdn.ZoneNameExample.com&type=mx&rdata=ResourceRecordData3","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addrr"],"query":[{"key":"fqdn","value":"fqdn.ZoneNameExample.com"},{"key":"type","value":"mx"},{"key":"rdata","value":"ResourceRecordData3"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:44:25 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nAs of LoadMaster version 7.2.60.1, underscores are supported in the rdata parameter
\n
You can modify an existing TXT record by running the addrr command.
\nTo retrieve the ID number of an existing record, run the showfqdn command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modrr"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"fqdn.ZoneNameExample.com"},{"key":"type","value":"txt"},{"key":"param","value":"rdata"},{"key":"value","value":"UpdatedResourceRecordData"},{"key":"id","value":"4"}],"variable":[]}},"response":[{"id":"c938d3c9-8643-42d7-855f-d37ec5248cd0","name":"Modify a TXT Record","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modrr?fqdn=fqdn.ZoneNameExample.com&type=txt¶m=rdata&value=UpdatedResourceRecordData&id=4","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modrr"],"query":[{"key":"fqdn","value":"fqdn.ZoneNameExample.com"},{"key":"type","value":"txt"},{"key":"param","value":"rdata"},{"key":"value","value":"UpdatedResourceRecordData"},{"key":"id","value":"4"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:51:29 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nAs of LoadMaster version 7.2.60.1, underscores are supported in the value parameter.
\n
You can modify an existing CNAME record by running the addrr command.
\nTo retrieve the ID number of an existing record, run the showfqdn command.
\nYou can add an FQDN that is unrelated to the FQDN to which the records are being added using the RDATA parameter, if desired.
\nAs of LoadMaster version 7.2.60.1, underscores are supported in the value parameter.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modrr"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"fqdn.ZoneNameExample.com"},{"key":"type","value":"cname"},{"key":"param","value":"name"},{"key":"value","value":"www2.fqdn.ZoneNameExample.com"},{"key":"id","value":"2"}],"variable":[]}},"response":[{"id":"90931573-6192-4ee6-b7c6-b9accf458cdb","name":"Modify a CNAME Record","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modrr?fqdn=fqdn.ZoneNameExample.com&type=cname¶m=name&value=www2.fqdn.ZoneNameExample.com&id=2","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modrr"],"query":[{"key":"fqdn","value":"fqdn.ZoneNameExample.com"},{"key":"type","value":"cname"},{"key":"param","value":"name"},{"key":"value","value":"www2.fqdn.ZoneNameExample.com"},{"key":"id","value":"2"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:49:08 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can modify an existing MX record by running the addrr command.
\nWhen modifying an MX record, you can specify either rdata or priority as the param, depending on what parameter you want to modify the value for.
\nAs of LoadMaster version 7.2.60.1, underscores are supported in the value parameter when the param is rdata.
\nTo retrieve the ID number of an existing record, run the showfqdn command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modrr"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"fqdn.ZoneNameExample.com"},{"key":"type","value":"mx"},{"key":"param","value":"rdata"},{"key":"value","value":"NewValue"},{"key":"id","value":"3"}],"variable":[]}},"response":[{"id":"7c772216-a57a-4971-8bde-0a67e7422d1b","name":"Modify an MX Record","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modrr?fqdn=fqdn.ZoneNameExample.com&type=mx¶m=rdata&value=NewValue&id=3","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modrr"],"query":[{"key":"fqdn","value":"fqdn.ZoneNameExample.com"},{"key":"type","value":"mx"},{"key":"param","value":"rdata"},{"key":"value","value":"NewValue"},{"key":"id","value":"3"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:53:01 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can delete an existing TXT, CNAME, or MX record by running the delrr command.
\nTo retrieve the ID number of an existing record, run the showfqdn command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delrr"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fqdn","value":"fqdn.ZoneNameExample.com"},{"key":"id","value":"3"}],"variable":[]}},"response":[{"id":"90d59572-dba2-465c-9b1d-deaa4ab8a18c","name":"Delete an Additional Record","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delrr?fqdn=fqdn.ZoneNameExample.com&id=3","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delrr"],"query":[{"key":"fqdn","value":"fqdn.ZoneNameExample.com"},{"key":"id","value":"3"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:54:07 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe commands in this section relate to GEO FQDNs.
\n","_postman_id":"bd80ef2b-c764-44d0-ad30-4d25c02cb28c"},{"name":"Manage Clusters","item":[{"name":"List Clusters","id":"d81fa061-aeb6-4d7b-85b6-e234b9656540","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listclusters","description":"You can list existing clusters by running the listclusters command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","listclusters"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"e256f0a6-a5db-4638-846d-3a78dfbb641c","name":"List Clusters","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listclusters"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:54:58 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can add a cluster by running the addcluster command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addcluster"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"ip","value":"InsertIPAddress"},{"key":"name","value":"ExampleCluster2"}],"variable":[]}},"response":[{"id":"90af7a93-771d-4f12-ba98-695eab68372e","name":"Add a Cluster","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addcluster?ip=InsertIPAddress&name=ExampleCluster2","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addcluster"],"query":[{"key":"ip","value":"InsertIPAddress"},{"key":"name","value":"ExampleCluster2"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 11:56:39 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe ip and name parameters are required for this command.
\n
You can modify an existing cluster by running the modcluster command.
\nThe modcluster commands accepts the following optional parameters:
\nName | Type | Default | Range | Additional Information |
type | S | Default | default remoteLM localLM | Change the type of the cluster |
name | S |
|
| Specify a name for the cluster |
checker | S | none | none tcp icmp | Specify the method used to check the status of the cluster |
checkerport | I | 0 | 1-65530 | Set the port used for checking the cluster. This parameter is only relevant if the checker is set to tcp. |
enable | B | 1 – Enabled | 1 = Enabled 0 = Disabled | Enable/disable the cluster |
To change a cluster location, run the clustchangeloc command.
\nThe latsecs and longsecs values should be entered as an integer containing the total seconds. This total seconds value is converted to degrees, minutes, and seconds when displayed in the UI.
\nThere are 60 seconds in a minute and 60 minutes in a degree.
\nDegrees = º
\nMinutes = ‘
\nSeconds = “
\n60” = 1’
\n3600” = 1º
\n3660 = 1º1’
\n3661 = 1º1’1”
\nYou can also represent this as a decimal value for degrees where the minutes and seconds are divided by 3600 to get the decimal value.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","clustchangeloc"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"ip","value":"InsertIPAddress"},{"key":"latsecs","value":"3661"},{"key":"longsecs","value":"3661"}],"variable":[]}},"response":[{"id":"3e74b8ba-54fe-44eb-85ba-b4689ecd3ade","name":"Change Cluster Location","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/clustchangeloc?ip=InsertIPAddress&latsecs=3661&longsecs=3661","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","clustchangeloc"],"query":[{"key":"ip","value":"InsertIPAddress"},{"key":"latsecs","value":"3661"},{"key":"longsecs","value":"3661"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 13:08:12 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can display details about a specific cluster by running the showcluster command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","showcluster"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"ip","value":"InsertIPAddress"}],"variable":[]}},"response":[{"id":"7316762d-2f69-468a-b1b6-b37b0f1bf8db","name":"Show a Cluster","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showcluster?ip=InsertIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","showcluster"],"query":[{"key":"ip","value":"InsertIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 07 Aug 2024 13:14:14 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nip is a required parameter for this command.\nThe Address entry is deprecated.
\n
You can delete a cluster by running the delcluster command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delcluster"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"ip","value":"InsertIPAddress"}],"variable":[]}},"response":[{"id":"2ccbb369-0a7e-4c0b-b803-7be61c075658","name":"Delete a Cluster","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delcluster?ip=InsertIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delcluster"],"query":[{"key":"ip","value":"InsertIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 14:43:35 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe ip parameter is required for this command.
\n
These sections contain commands relating to GEO clusters.
\n","_postman_id":"e43de719-39f4-4b30-a354-fc1fae13a967"},{"name":"Miscellaneous Params","item":[{"name":"List the Miscellaneous Parameters","id":"c439c12a-00ac-4cdf-9f1a-bf1250f2c19e","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listparams","description":"To list the GEO miscellaneous parameters, run the listparams command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","listparams"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"69ce3b43-a140-409b-a07f-0289d082a3ee","name":"List the Miscellaneous Parameters","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listparams"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 09:21:55 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can modify the miscellaneous GEO parameters by running the modparams command.
\nThe modparams command accepts the following optional parameters:
\nName | Type | Default | Range | Additional Information |
zone | S | unset |
| Specify the zone name. As of LoadMaster version 7.2.60.1, underscores are supported in this parameter. |
PerZoneSOA | B | 0 - Disabled | 0 - Disabled 1 - Enabled | If this option is enabled, the Source of Authority (SOA) parameters are applied only to the zone. If it is disabled, the SOA parameters apply to all Fully Qualified Domain Names (FQDNs). The Apply to Zone Only option is disabled by default. |
SourceOfAuthority | S | unset |
| Set the response set for Source of Authority requests. As of LoadMaster version 7.2.60.1, underscores are supported in this parameter. |
namesrv | S | unset | The maximum number of characters permitted for this parameter is 1022. | Set the response sent for Name Server requests. As of LoadMaster version 7.2.60.1, underscores are supported in this parameter. |
SOAEmail | S | unset |
| Email address of the person responsible for the zone and to which email may be sent to report errors or problems. This is the email address of a suitable DNS administrator but more commonly the technical contact for the domain. By convention (in RFC 2142) it is suggested that the reserved mailbox hostmaster is used for this purpose but any valid email address will work. The format is MailboxName.Domain.com, for example, hostmaster.example.com (uses a full stop (.) rather than the usual @ symbol because the @ symbol has other uses in the zone file) but mail is sent to hostmaster@example.com. As of LoadMaster version 7.2.60.1, underscores are supported in this parameter. |
dclustunavail | B | 0 - Disabled | 0 - Disabled 1 - Enabled | This option is disabled by default. When this option is enabled, requests to the cluster are dropped if a GEO cluster is disabled. |
glueip | S | This option allows you to set the IP address of the name server to return in additional records in a DNS response. To unset the Glue Record IP so that 0.0.0.0 is returned, set the glueip parameter to an empty string. | ||
TTL | I | unset | 1-86400 | Set the Time To Live (TTL) (in seconds) of the responses returned by the LoadMaster. |
Txt | S | This option allows you to modify the TXT record. | ||
EDNSECS | B | 0 - Disabled 1 - Enabled | The EDNS Client Subnet (ECS) option is enabled by default on new installations but if you are upgrading a LoadMaster that previously used GEO functionality then the option is disabled. When enabled, the ECS field (if included in the request) is used to determine the client location. When disabled, this field is ignored. Note: This parameter is not supported in the LTSF LoadMaster version yet. | |
persist | I | 0 | 0-86400 | This corresponds with the Stickiness WUI field. This determines how long (in seconds) a specific response will be returned to a host. |
CheckInterval | I | 120 | 9-3600 | Set how often (in seconds) that devices will be checked. Note: The interval value must be greater than the ConnTimeout value multiplied by the RetryAttempts value (Interval > Timeout \\\\\\\\\\\\\\\\* Retry + 1). This is to ensure that the next health check does not start before the previous one completes. If the timeout or retry values are increased to a value that breaks this rule, the interval value will be automatically increased. |
ConnTimeout | I | 20 | 4-60 | Set the timeout (in seconds) for the check request. |
RetryAttempts | I | 2 | 2-10 | Set the number of times the check will be retried before the device is marked as failed. |
The timeline diagram below illustrates what happens from the time a resource IP is added or enabled, to when it goes down and then comes back up again.
\n![](\"https://d2uy6b9a6c1fvs.cloudfront.net/files/assets/documents/7.2.48.6.21344-RELEASE/LoadMaster/Interface_Description-RESTful_API/MiscellaneousParams-Diagram.png\")
\n\nWhen a resource IP is enabled/created, an ICMP request is sent by the LoadMaster to the resource IP. Assuming it responds, the resource is marked UP.
\nAfter 120 seconds have elapsed (the default Check Interval), an ICMP request is sent to the resource IP. If 20 seconds (the default Connection Timeout) elapses and the IP fails to respond, the LoadMaster will send up to two additional requests (the default Retry Attempts) and wait for 20 seconds between each. If all three of these requests receive no response, then the resource is marked down, and the Check Interval timer is reset.
\nAfter 120 seconds elapses, the LoadMaster attempts to send an ICMP request to the resource IP. If the resource has now come back up and responds before the Connection Timeout elapses, the LoadMaster marks it UP and resets the Check Interval timer.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modparams"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"namesrv","value":"ExampeNameServer"},{"key":"SOAEmail","value":"example@example.com"}],"variable":[]}},"response":[{"id":"759907ee-250a-4313-83a6-c79cb2b39d92","name":"Modify the Miscellaneous Parameters","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modparams?namesrv=ExampeNameServer&SOAEmail=example@example.com","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modparams"],"query":[{"key":"namesrv","value":"ExampeNameServer"},{"key":"SOAEmail","value":"example@example.com"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 09:33:12 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can download a GEO location data patch file from the Progress Kemp Support site. Then, unzip the file and upload it using this command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","locdataupdate"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"16730bc9-60bb-490f-a773-7581cf8303fc","name":"Upload a Location Data Patch File","originalRequest":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/ExampleFiles/geodata.patch_2024_07_09_1034"}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/locdataupdate"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 19 Aug 2024 14:53:47 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"shell-init","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"job-working-directory","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"job-working-directory","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe sections below provide commands relating to the miscellaneous GEO parameters.
\n","_postman_id":"09634f26-2d8a-4831-8390-ff7582a078c2"},{"name":"IP Range Selection Criteria","item":[{"name":"List the IP Addresses","id":"7088718c-b898-4d64-a8d6-a7fef4c2f5b0","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listips","description":"To list the IP addresses set for the IP range selection criteria, run the listips command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","listips"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"51c7d417-cf1a-4d65-8371-66e5cdbb63cf","name":"List the IP Addresses","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listips"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 09:40:15 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo show details of a specific IP address which is set for the IP range selection criteria, run the showip command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","showip"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"ip","value":"InsertLoadMasterIPAddress"}],"variable":[]}},"response":[{"id":"1f715c31-4552-4b85-ad81-c21c1e27c76e","name":"Show IP Address Details","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showip?ip=InsertIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","showip"],"query":[{"key":"ip","value":"InsertIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Date","value":"Mon, 11 Aug 2025 07:34:49 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nNote: The latitude and longitude values are shown in seconds (rather than degrees/minutes/seconds).
\n
To add an IP address to the IP range selection criteria, run the addip command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addip"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"ip","value":"InsertLoadMasterIPAddress"}],"variable":[]}},"response":[{"id":"88105f27-a4ca-4af7-8a97-2de790fbb09e","name":"Add an IP Address","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addip?ip=InsertLoadMasterIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addip"],"query":[{"key":"ip","value":"InsertLoadMasterIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 09:38:23 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete an IP address, run the delip command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delip"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"ip","value":"InsertLoadMasterIPAddress"}],"variable":[]}},"response":[{"id":"c609d467-cd34-4f26-b454-2b472cf70ece","name":"Delete an IP Address","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delip?ip=InsertLoadMasterIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delip"],"query":[{"key":"ip","value":"InsertLoadMasterIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:26:54 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nNote: You cannot delete IP address ranges if they are configured in an FQDN.
\n
To change the location for an IP address, run the modiploc command.
\nThe lat and long values should be entered as an integer containing the total seconds. This total seconds value is converted to degrees, minutes, and seconds when displayed in the UI.
\nThere are 60 seconds in a minute and 60 minutes in a degree.
\n- \n
- Degrees = º \n
- Minutes = ‘ \n
- Seconds = “ \n
- 60” = 1’ \n
- 3600” = 1º \n
- 3660 = 1º1’ \n
- 3661 = 1º1’1” \n
You can also represent this as a decimal value for degrees where the minutes and seconds are divided by 3600 to get the decimal value.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modiploc"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"ip","value":"InsertLoadMasterIPAddress"},{"key":"lat","value":"3661"},{"key":"long","value":"3661"}],"variable":[]}},"response":[{"id":"cce4480d-749b-4d0c-8ee7-2abac29d328a","name":"Change the Location of an IP Address","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modiploc?ip=InsertLoadMasterIPAddress&lat=3661&long=3661","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modiploc"],"query":[{"key":"ip","value":"InsertLoadMasterIPAddress"},{"key":"lat","value":"3661"},{"key":"long","value":"3661"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 09:48:49 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete the location for an IP address, run the deliploc command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","deliploc"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"ip","value":"InsertLoadMasterIPAddress"}],"variable":[]}},"response":[{"id":"acedcb0e-16da-4a25-ac5a-617d3dbe5a9a","name":"Delete an IP Location","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/deliploc?ip=InsertLoadMasterIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","deliploc"],"query":[{"key":"ip","value":"InsertLoadMasterIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 09:55:10 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo add a country or custom location association to an existing IP address, run the addipcountry command.
\nName | Mandatory | Type | Default | Range | Additional Information |
countrycode | No | S | unset | Valid country code | A valid, uppercase, two-digit country code must be used. |
customloc | No | S | unset | Existing custom location | The name of an existing custom location. |
\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addipcountry"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"ip","value":"InsertLoadMasterIPAddress"},{"key":"countrycode","value":"IE"}],"variable":[]}},"response":[{"id":"eee9bb84-54f6-401b-8723-e863f3aad3e9","name":"Add a Location to an Existing IP Address","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addipcountry?ip=InsertLoadMasterIPAddress&countrycode=IE","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addipcountry"],"query":[{"key":"ip","value":"InsertLoadMasterIPAddress"},{"key":"countrycode","value":"IE"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:00:25 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nEither the countrycode or customloc parameter must be entered when running the command.
\n
To remove the country association from an IP address, run the removeipcountry command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","removeipcountry"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"ip","value":"InsertLoadMasterIPAddress"}],"variable":[]}},"response":[{"id":"58162585-9feb-4bf2-a9e4-834ee25d2011","name":"Delete a Location from an IP Address","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/removeipcountry?ip=InsertLoadMasterIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","removeipcountry"],"query":[{"key":"ip","value":"InsertLoadMasterIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:04:05 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo list the existing custom locations, run the listcustomlocation command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","listcustomlocation"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"5c380086-bfb3-42dd-a5a2-2e2f8ee22561","name":"List the Custom Locations","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listcustomlocation"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:13:41 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can add a custom location by running an addcustomlocation command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addcustomlocation"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"location","value":"Delhi"}],"variable":[]}},"response":[{"id":"2d066aa8-04dc-42d8-9455-07a125c3292e","name":"Add a Custom Location","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addcustomlocation?location=Delhi","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addcustomlocation"],"query":[{"key":"location","value":"Delhi"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:09:22 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe location parameter is required.
\n
To rename an existing custom location, run the editcustomlocation command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","editcustomlocation"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"cloldname","value":"Delhi"},{"key":"clnewname","value":"NewDelhi"}],"variable":[]}},"response":[{"id":"ad767f27-ceeb-45aa-a3bd-4414615e29e0","name":"Edit a Custom Location","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/editcustomlocation?cloldname=Delhi&clnewname=NewDelhi","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","editcustomlocation"],"query":[{"key":"cloldname","value":"Delhi"},{"key":"clnewname","value":"NewDelhi"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:20:46 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo remove an existing custom location, run the deletecustomlocation command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","deletecustomlocation"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"clName","value":"NewDelhi"}],"variable":[]}},"response":[{"id":"cddcb13d-6cdf-40e0-ba15-20593298923e","name":"Delete a Custom Location","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/deletecustomlocation?clName=NewDelhi","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","deletecustomlocation"],"query":[{"key":"clName","value":"NewDelhi"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:24:32 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe commands in this section relate to the GEO IP Range Selection Criteria.
\n","_postman_id":"f5d1cf0e-407c-417c-8c72-ff5fa164a821"},{"name":"IP Access List Settings","item":[{"name":"Retrieve the IP Access List Settings","id":"8c780590-fba0-4f99-9e13-94aba90438b3","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/geoacl/getsettings","description":"To retrieve the IP access-list settings, run the geoacl/getsettings command
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","geoacl","getsettings"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"28c33298-0380-46b8-bbdf-3c44ecd46311","name":"Retrieve the IP Access List Settings","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/geoacl/getsettings"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:31:36 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo enable/disable automatic updates, run the geoacl/setautoupdate command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","geoacl","setautoupdate"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"enable","value":"1"}],"variable":[]}},"response":[{"id":"45dcb7d2-52e3-4d04-9d91-9dfb671f89b6","name":"Enable/Disable Automatic IP Access List Updates","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/geoacl/setautoupdate?enable=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","geoacl","setautoupdate"],"query":[{"key":"enable","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:35:04 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo enable/disable automatic updates, run the geoacl/setautoinstall command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","geoacl","setautoinstall"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"enable","value":"1"}],"variable":[]}},"response":[{"id":"776c826c-0c97-40a5-bb7b-07b466c3c23e","name":"Enable/Disable Automatic Installation of the IP Access List Updates","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/geoacl/setautoinstall?enable=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","geoacl","setautoinstall"],"query":[{"key":"enable","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 11:33:20 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo set the time of the automatic installation, run the geoacl/setinstalltime command.
\nThe hour is the hour value from the 24-hour clock (0-23), for example 13 is 1pm.
\nThe range is 0-23. Minutes cannot be specified. It is not possible to set the install time if automatic installation is disabled.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","geoacl","setinstalltime"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"hour","value":"13"}],"variable":[]}},"response":[{"id":"05d169de-d200-459a-93cf-5de1f056a8ef","name":"Set the Time of the Automatic Installation","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/geoacl/setinstalltime?hour=13","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","geoacl","setinstalltime"],"query":[{"key":"hour","value":"13"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 11:35:01 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo download the updates now, run the geoacl/updatenow command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","geoacl","updatenow"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"dd0888d4-4015-47dd-8c6e-80a555ec8a9b","name":"Download the Updates Now","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/geoacl/updatenow"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 11:37:50 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo install any downloaded updates now, run the geoacl/installnow command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","geoacl","installnow"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"7f210dba-59cf-4527-9385-4cf8d7b7fa22","name":"Install the Updates Now","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/geoacl/installnow"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 11:40:43 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo retrieve the access-list, run the geoacl/downloadlist command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","geoacl","downloadlist"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"344a2f84-e65f-418d-8626-e4c2302f3919","name":"View the Access List","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/geoacl/downloadlist"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 11:43:08 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo retrieve a list of changes that were made to the access-list, run the geoacl/downloadchanges command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","geoacl","downloadchanges"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"1674ad9a-99e7-4ba7-b34c-793bba912bdb","name":"View Changes to the Access List","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/geoacl/downloadchanges"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 11:45:49 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo retrieve the contents of the user-defined allow list (which overrides the access-list), run the geoacl/listcustom command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","geoacl","listcustom"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"1b5de791-de6c-40d9-bbe8-146fc00f0b77","name":"View the User-Defined Allow List","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/geoacl/listcustom"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:59:01 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo add an IP address or network (in CIDR format) to the allow list, run the geoacl/addcustom command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","geoacl","addcustom"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"addr","value":"InsertLoadMasterIPAddress"}],"variable":[]}},"response":[{"id":"c75e48ed-76c3-4655-9bf1-ca7a44b837a0","name":"Add an Address to the Allow List","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/geoacl/addcustom?addr=InsertLoadMasterIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","geoacl","addcustom"],"query":[{"key":"addr","value":"InsertLoadMasterIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:55:02 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"grep","value":"/one4net/geoacl/geowhitelist.txt: No such file or directory"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo remove an IP address or network from the allow list, run the geoacl/removecustom command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","geoacl","removecustom"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"addr","value":"InsertLoadMasterIPAddress"}],"variable":[]}},"response":[{"id":"1e709ffb-807e-46ea-8c16-37dbfe4ce807","name":"Delete an IP Address or Network from the Allow List","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/geoacl/removecustom?addr=InsertLoadMasterIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","geoacl","removecustom"],"query":[{"key":"addr","value":"InsertLoadMasterIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 11:03:40 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRefer to the subsections below for details on the RESTful API commands relating to the IP access-list settings.
\n","_postman_id":"10b4d1cb-dc34-4a60-990c-a1a26294e706"},{"name":"Configure DNSSEC","item":[{"name":"Generate the Key Signing Keys (KSKs)","id":"7e747135-07ad-4272-a3a1-584348842cc3","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/geogenerateksk?algorithm=RSASHA256&keysize=1024","description":"To generate the KSKs, run the geogenerateksk command.
\nName | Type | Default | Range | Description |
algorithm | S | RSASHA256 | RSASHA256, NSEC3RSASHA1, NSEC3RSASHA1 | Specify the cryptographic algorithm to use. If this parameter is omitted, the default value is used. |
keysize | I | 2048 | 1024, 2048, 4096 | Specify the key size (in bits). If this parameter is omitted, the default value is used. |
To import the KSKs, run the geoimportksk command
\nThis command uploads both KSK files at the same time.
\nIf you have GEO partners and want to use DNSSEC, you must generate the KSK files outside of the LoadMaster using the BIND dnssec-keygen command and import them onto each GEO partner separately, for example:
\ndnssec-keygen -a RSASHA256 -f KSK -b 2048 -n ZONE
Then, import the generated KSK files onto each GEO LoadMaster separately.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","geoimportksk"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"ca02a087-4e48-41a0-964a-86856d7e16d0","name":"Import the KSKs","originalRequest":{"method":"GET","header":[],"body":{"mode":"formdata","formdata":[{"key":"privatekey","type":"file","fileNotInWorkingDirectoryWarning":"This file isn't in your working directory. Teammates you share this request with won't be able to use this file. To make collaboration easier you can setup your working directory in Settings.","filesNotInWorkingDirectory":["/C:/ExampleFiles/Ktest.lan.+008+10264.private"],"src":"/C:/ExampleFiles/Ktest.lan.+008+10264.private"},{"key":"publickey","type":"file","src":"/C:/ExampleFiles/Ktest.lan.+008+10264.key"}],"options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/geoimportksk"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 11:49:04 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete the KSK files, run the geodeleteksk command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","geodeleteksk"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"315db061-61bb-4809-9730-10ec7cb3e84e","name":"Delete the KSK Files","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/geodeleteksk"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 11:50:04 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo enable/disable DNSSEC, run the geosetdnssec command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","geosetdnssec"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"enable","value":"yes"}],"variable":[]}},"response":[{"id":"59f68dff-fae1-4aac-ab92-38b97aab2f7a","name":"Enable/Disable DNSSEC","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/geosetdnssec?enable=yes","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","geosetdnssec"],"query":[{"key":"enable","value":"yes"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 11:51:21 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo retrieve the DNSSEC settings, run the geoshowdnssec command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","geoshowdnssec"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"fc9874fa-e80b-4df7-b9ab-0f0e2e8b899f","name":"Retrieve the DNSSEC Configuration Settings","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/geoshowdnssec"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 11:52:22 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo configure DNSSEC using the API, use the commands outlined in the below sections.
\n","_postman_id":"6fde7f78-0764-41b4-9277-4b697cdd639c"},{"name":"GSLB Statistics","item":[{"name":"GSLB Statistics","id":"ca6ecd93-a618-4a69-8612-1f114d5aafe0","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/geostats","description":"To retrieve the Global Server Load Balancing (GSLB) statistics, run the geostats command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","geostats"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"5459b459-abc7-43c8-aa66-d694327f9b43","name":"GSLB Statistics","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/geostats"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 11:12:55 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThis section provides commands relating to GSLB statistics.
\n","_postman_id":"80534df7-cfb0-49b3-906f-8adfa9ff6a05"},{"name":"Enable/Disable GEO","item":[{"name":"Check if GEO is Enabled","id":"21484bd7-b757-44dc-a1bb-7df3c5d80d6b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/isgeoenabled","description":"To check if GEO is enabled, run the isgeoenabled command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","isgeoenabled"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"0672d628-6109-416f-b94c-c72660a3711c","name":"Check if GEO is Enabled","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/isgeoenabled"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 11:17:24 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nGEO can be enabled by running the enablegeo command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","enablegeo"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"b2b126b4-2b55-4aed-bea1-2dd9f135f955","name":"Enable GEO","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/enablegeo"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 11:21:18 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nGEO can be disabled by running the disablegeo command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","disablegeo"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"32c15f5e-3505-4723-b4de-d46c6299df9b","name":"Disable GEO","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/disablegeo"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 11:25:50 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThis section provides commands relating to enabling and disabling GEO.
\n","_postman_id":"321289bf-5c46-4a7b-8e97-969e081db9d3"}],"id":"aab8e8a6-56cf-4179-819f-c43bd7737318","description":"The sections below provide details about the API commands relating to the Global Server Load Balancing (GSLB) functionality in the LoadMaster.
\n","_postman_id":"aab8e8a6-56cf-4179-819f-c43bd7737318"},{"name":"Statistics","item":[{"name":"Statistics","id":"2a8a1e52-bc72-4be4-8baf-08c18d5b83fd","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/stats","description":"Statistics for all the Virtual Services and Real Servers can be obtained by using the stats command.
\n\n\nIf you run the stats command on the admin node when using LoadMaster clustering – the output will show the combined totals of all machines.
\n
\n\nThe Real Server statistics are returned on a per Virtual Service basis.
\n
The statistics are explained in the table below.
\nSection | Name | Additional Information |
CPU | User | The percentage of the CPU spent processing in user mode |
System | The percentage of the CPU spent processing in system mode | |
Idle | The percentage of CPU which is idle | |
IOWaiting | The percentage of the CPU spent waiting for I/O to complete | |
HWInterrupts | The percentage of hardware interrupts | |
SWInterrupts | The percentage of software interrupts | |
Memory | MBtotal | The total memory available in Mb |
Memused | The amount of memory in use | |
| MBused | The amount of memory in use in Mb | |
Percentmemused | The percentage of memory used | |
Memfree | The amount of memory free | |
| MBfree | The amount of free memory in Mb | |
Percentmemfree | The percentage of free memory | |
| DiskUsage | Name | The name of the partition |
| GBtotal | The total disk usage in Gb | |
| GBused | The amount of disk space usage in Gb | |
| Percentused | The percentage of disk space in use | |
| GBfree | The amount of disk space free | |
| Percentfree | The percentage of disk space free | |
| ClientLimits | CurrentConnections | The total number of current connections |
| CurrentConnectionsBlocked | The number of connections currently blocked | |
| SuccessfulConnectionAttempts | The number of successful connection attempts | |
| SuccessfulRequestAttempts | The number of successful request attempts | |
| SuccessfulMatchedRuleAttempts | The number of rules that were successfully matched | |
| ConnectionAttemptsBlocked | The number of connection attempts that were blocked | |
| RequestAttemptsBlocked | The number of request attempts that were blocked | |
| MatchedRulesBlocked | The number of connections that were blocked due to a matching rule limit | |
| glbcps | Global connections per second | |
| glbrps | Global requests per second | |
| DifferentCountries | The number of different countries that connections were made from | |
| LastHour | The number of different countries that connections were made from in the last hour | |
| LastDay | The number of different countries that connections were made from in the last day | |
Network | ifaceID | The ID number of the interface |
Speed | The speed of the link | |
In | Inbound | |
Out | Outbound | |
Total (TPS) | The total number of Transactions Per Second (TPS) | |
SSL (TPS) | The total number of SSL Transactions Per Second (TPS) | |
VStotals | ConnsPerSec | The number of connections per second |
| TotalConns | The total number of Virtual Service connections | |
BitsPerSec | The number of bits per second | |
BytesPerSec | The number of bytes per second | |
PktsPerSec | The number of packets per second | |
| TotalPackets | The total number of packets transferred | |
Vs | VSAddress | The IP address of the Virtual Service |
VSPort | The port of the Virtual Service | |
VSProt | The protocol of the Virtual Service. This will either be tcp or udp. | |
Index | The index (ID) number of the Virtual Service | |
ErrorCode | The error code | |
Enable | Displays whether the Virtual Service is enabled (1) or disabled (0) | |
TotalConns | The total number of connections made | |
TotalPkts | The total number of packets | |
TotalBytes | The total number of bytes | |
TotalBits | The total number of bits | |
ActiveConns | The total number of connections that are currently active. When using ESP, all connections going through the login process are counted as active connections for the Virtual Service. They are not counted as active connections for the Real Server because they are not actual connections to the Real Server. The WUI page displays the number of active connections associated with the Real Servers, while SNMP displays the number of active connections for the Virtual Service. Without ESP, these values are identical. When using ESP, the Virtual Service counts can be much higher than the final counts going to the Real Servers, due to the above reason. | |
BytesRead | The total number of bytes read | |
BytesWritten | The total number of bytes written | |
| ConnsPerSec | The total number of Virtual Service connections per second | |
| ConnsRateBlocked | The rate at which connections were blocked | |
| RequestsRateBlocked | The rate at which requested were blocked | |
| MaxConnsBlocked | The maximum number of connections blocked | |
WafEnable | Displays whether WAF is enabled (1) or disabled (0). The WAF statistics below will only be displayed if WAF is enabled on the Virtual Service. | |
| Requests | The total number of requests handled by the WAF (shows all requests, whether they were blocked or not). Two requests will be recorded for each connection – one incoming and one outgoing request. |
| Incidents | The total number of events handled by the WAF (requests that were blocked). |
| Incidents_Hour | The number of events that have happened in the current hour (since xx.00.00). |
| Incidents_Day | The number of events that have happened since midnight (local time). |
| Incidents_Dayover | The number of times the event counter has gone over the configured warning threshold today. For example, if the threshold is set to 10 and there has been 20 events, this counter will be set to 2. The warning threshold is set on a per-Virtual Service basis by setting the AlertThreshold parameter. For further information, refer to the Virtual Service Control section. |
ChangeTime | ChangeTime | The time of the last configuration change on the LoadMaster. The configuration has not changed if this value has not changed. This only works if session management is enabled. The time is represented in “Unix time or epoch time” (also known as Portable Operating System Interface (POSIX) time) format. This is a system for describing instants in time, defined as the number of seconds that have elapsed since 00:00:00 Coordinated Universal Time (UTC), Thursday 1st January 1970, not counting leap seconds. For example, 1484150723 is the equivalent of GMT: Wed, 11th January 2017 16:05:23 GMT. There are conversion tools are available online to convert the value to an easily readable format. |
This section provides details about the stats command.
\n","_postman_id":"c719b0d1-50e1-4803-ab38-ef50549b3330"},{"name":"Real Servers","item":[{"name":"Real Server Commands","item":[{"name":"Add a Real Server (using IP Address, Port, and Protocol)","id":"1ed948fc-ace9-42a2-9b28-cb055c0272bd","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addrs?vs=InsertVirtualServiceIPAddress&port=443&prot=tcp&rs=InsertRealServerIPAddress&rsport=443","description":"A new Real Server can be added by running the addrs command.
\nTo add a non-local Real Server, set the non_local parameter to 1.
\nFor more details on additional (optional) parameters, refer to the Modify a Real Server (using IP Address, Port, and Protocol) section.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addrs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"}],"variable":[]}},"response":[{"id":"826439c4-2a0f-424e-970c-7e48ebc267e4","name":"Add a Real Server (using IP Address, Port, and Protocol)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addrs?vs=InsertVirtualServiceIPAddress&port=443&prot=tcp&rs=InsertRealServerIPAddress&rsport=443","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addrs"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 01 Aug 2024 10:57:27 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nFrequently adding or deleting Real Servers or SubVSs at a high velocity is not the recommended best practice. If you need to modify parameters, use the modrs command. If you need to constantly modify Real Server IP addresses, moving to FQDNs (rather than IP addresses) is the recommended best practice.
\n
A new Real Server can be added by running the addrs command. This section shows how to add a Real Server to a Virtual Service using the Virtual Service ID.
\nTo add a non-local Real Server, set the non_local parameter to 1.
\nFor more details on additional (optional) parameters, refer to the Modify a Real Server (using IP Address, Port, and Protocol) section.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","showrs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"1"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"}],"variable":[]}},"response":[{"id":"9fe792e5-7776-44c8-9344-5126602e5ef4","name":"Add a Real Server (using the Virtual Service ID)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showrs?vs=1&rs=InsertRealServerIPAddress&rsport=443","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","showrs"],"query":[{"key":"vs","value":"1"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 01 Aug 2024 11:08:33 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nFrequently adding or deleting Real Servers or SubVSs at a high velocity is not the recommended best practice. If you need to modify parameters, use the modrs command. If you need to constantly modify Real Server IP addresses, moving to FQDNs (rather than IP addresses) is the recommended best practice.
\n
To modify Real Server settings, run the modrs command.
\naddrs and modrs accept the following additional (optional) parameters.
\nName | Type | Default | Range | Description |
| addtoallsubvs | B | 0 | 0 - Disabled 1 - Enabled | Enable this option when adding a Real Server to all SubVSs of a Virtual Service. When using this parameter, ensure you set the vs parameter to the ID of the SubVS rather than the parent Virtual Service. Run the listvs command to retrieve the VSIndex of the SubVS. |
weight | I | 1000 | 1-65535 | When using weighted round robin scheduling, the weight of a Real Server is used to indicate what relative proportion of traffic should be sent to the server. Servers with higher values will receive more traffic. The weight of a SubVS can also be updated using the modrs command - set the rs to the number that appears in the Id column for the relevant SubVS in the parent Virtual Service modify screen. |
newport | I | unset | 3-65535 (change the Port of the Real Server) | The port on the Real Server to be used. |
forward | S | nat | nat, route | The type of forwarding method used. The default method is NAT. Direct server return can only be used with Layer 4 services. |
enable | B | 1 |
| Enable or disable the Real Server. |
limit | I | 0 | 0-100000 | The maximum number of open connections that can be sent to a Real Server before it is taken out of rotation. |
non_local | B | 0 | 0 - Disabled 1 - Enabled | By default only Real Servers on local networks can be assigned to a Virtual Service. Enabling this option will allow a non-local Real Server to be assigned to the Virtual Service. This option will only be available if nonlocalrs has been enabled and the Transparent option has been disabled on the relevant Virtual Service. |
critical | B | 0 | 0 - Disabled 1 - Enabled | Enabling this parameter indicates that the Real Server is required for the Virtual Service to be considered available. The Virtual Service will be marked as down if the Real Server has failed or is disabled. |
follow | I | RsIndex of Real Server to follow | Specify what Real Server the health check is based on by setting this parameter to the RsIndex of the Real Server to be followed. This can either be set to the RsIndex of the same Real Server to health check based on that particular Real Server status, or another Real Server can be specified. For example – if Real Server 1 is down, any Real Servers which have their health check based on Real Server 1 will also be marked as down, regardless of their actual Real Server status. |
\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modrs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"}],"variable":[]}},"response":[{"id":"77afcb0f-c291-47ab-a69e-8114196012ab","name":"Modify a Real Server (using IP Address, Port, and Protocol)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modrs?vs=InsertVirtualServiceIPAddress&port=443&prot=tcp&rs=InsertRealServerIPAddress&rsport=443","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modrs"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 01 Aug 2024 11:02:39 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nIf the service is a Layer 7 service then setting the ‘forward’ parameter to ‘route’ will have no effect.
\n
You can modify the SubVS parameters, such as critical using the RsIndex of the SubVS. To modify Real Server settings, run the modrs command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modrs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"1"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"}],"variable":[]}},"response":[{"id":"e251e68c-798c-4eae-83b4-ac6b4e35ff6e","name":"Modify a Real Server using VSIndex","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modrs?vs=1&rs=InsertRealServerIPAddress&rsport=443","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modrs"],"query":[{"key":"vs","value":"1"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 01 Aug 2024 11:10:28 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo modify the settings of a Real Server that has been added to a SubVS, use the VS Index of the SubVS and the RsIndex of the Real Server.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modrs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"1"},{"key":"rs","value":"!1"},{"key":"critical","value":"0"}],"variable":[]}},"response":[{"id":"95e5a91f-1f42-462c-90c9-07970134ba8f","name":"Modify a Real Server using SubVS Index","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modrs?vs=1&rs=!1&critical=0","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modrs"],"query":[{"key":"vs","value":"1"},{"key":"rs","value":"!1"},{"key":"critical","value":"0"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 01 Aug 2024 11:20:08 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo display details about a particular Real Server, run the showrs command.
\nThe Real Server IP address (that the rs parameter can be set to) can be in either IPv4 or IPv6 formats.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addrs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"}],"variable":[]}},"response":[{"id":"1c2e17f2-8c42-4f17-88a5-2643a4122064","name":"Show a Real Server (using IP Address, Port, and Protocol)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addrs?vs=InsertVirtualServiceIPAddress&port=443&prot=tcp&rs=InsertRealServerIPAddress&rsport=443","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addrs"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 01 Aug 2024 11:06:13 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete a Real Server from a Virtual Service, run the delrs command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delrs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"}],"variable":[]}},"response":[{"id":"5a39dfd7-9514-4b5b-adc7-3c6a66c9f0eb","name":"Delete a Real Server (using IP Address, Port, and Protocol)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delrs?vs=InsertVirtualServiceIPAddress&port=443&prot=tcp&rs=InsertRealServerIPAddress&rsport=443","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delrs"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 01 Aug 2024 11:21:44 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nFrequently adding or deleting Real Servers or SubVSs at a high velocity is not the recommended best practice. If you need to modify parameters, use the modrs command. If you need to constantly modify Real Server IP addresses, moving to FQDNs (rather than IP addresses) is the recommended best practice.
\n
To delete a Real Server from a Virtual Service using Real Server ID, run the delrs command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delrs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"1"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"}],"variable":[]}},"response":[{"id":"96041a10-eb98-4d96-a36a-d5b5b4a373bc","name":"Delete a Real Server (using Real Server ID)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delrs?vs=1&rs=InsertRealServerIPAddress&rsport=443","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delrs"],"query":[{"key":"vs","value":"1"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 01 Aug 2024 11:22:56 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nFrequently adding or deleting Real Servers or SubVSs at a high velocity is not the recommended best practice. If you need to modify parameters, use the modrs command. If you need to constantly modify Real Server IP addresses, moving to FQDNs (rather than IP addresses) is the recommended best practice.
\n
The rs parameter accepts integers (ID), service names (for SubVSs), and IP addresses. The ID can be found in the element when doing a showvs command.
\nAlternatively, check the Modify Virtual Service screen in the UI, which lists Real Server ID in the Id column in the Real Servers section.
\nFor the rs parameter, when using RSIndex, always precede it with an exclamation mark (‘!’).
\n","_postman_id":"85111db8-d0e2-486e-bb8c-e987e0d775de"},{"name":"Enabling/Disabling Real Servers","item":[{"name":"Globally Enable a Real Server","id":"74775501-2ea7-4a44-a419-46bd63e552bd","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/enablers?rs=InsertRealServerIPAddress","description":"You can enable Real Server globally, that is, for all Virtual Services by using the enablers command.
\nThe Real Server IP address (that the rs parameter can be set to) can be in either IPv4 or IPv6 formats.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","enablers"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"rs","value":"InsertRealServerIPAddress"}],"variable":[]}},"response":[{"id":"411f09b2-02c7-4800-92cf-258cf596bed3","name":"Globally Enable a Real Server","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/enablers?rs=InsertRealServerIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","enablers"],"query":[{"key":"rs","value":"InsertRealServerIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 01 Aug 2024 11:25:36 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can enable Real Server locally, that is, for specific Virtual Service by using the modrs command.
\nThe Real Server IP address (that the rs parameter can be set to) can be in either IPv4 or IPv6 formats.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modrs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"80"},{"key":"enable","value":"y"}],"variable":[]}},"response":[{"id":"3a80507a-2f41-41ee-a31c-7350db5edf48","name":"Locally Enable a Real Server","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addrs?vs=InsertVirtualServiceIPAddress&port=443&prot=tcp&rs=InsertRealServerIPAddress&rsport=443&enable=y","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addrs"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"},{"key":"enable","value":"y"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 01 Aug 2024 11:28:23 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can disable Real Server globally, that is, for all Virtual Services by using the disablers command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","disablers"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"rs","value":"InsertRealServerIPAddress"}],"variable":[]}},"response":[{"id":"589cdc5d-318e-4f5c-b99b-3907fead5c69","name":"Globally Disable a Real Server","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/disablers?rs=InsertRealServerIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","disablers"],"query":[{"key":"rs","value":"InsertRealServerIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 01 Aug 2024 11:30:18 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can disable Real Server locally, that is, for specific Virtual Service by using the modrs command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modrs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"80"},{"key":"enable","value":"n"}],"variable":[]}},"response":[{"id":"3e4181f0-9e9e-4f08-be40-2d62f361cc95","name":"Locally Disable a Real Server","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modrs?vs=InsertVirtualServiceIPAddress&port=80&prot=tcp&rs=InsertRealServerIPAddress&rsport=80&enable=n","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modrs"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"80"},{"key":"enable","value":"n"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 29 Aug 2024 13:17:20 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can enable Real Server locally, that is, for specific SubVS by using the modrs command and setting the vs parameter to the VSIndex of the SubVS.
\nThe Real Server IP address (that the rs parameter can be set to) can be in either IPv4 or IPv6 format.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modrs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"2"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"80"},{"key":"enable","value":"y"}],"variable":[]}},"response":[{"id":"508982e5-5016-479e-8d0e-74f255a2c353","name":"Locally Enable a Real Server within a SubVS","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modrs?vs=2&rs=InsertRealServerIPAddress&rsport=80&enable=y","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modrs"],"query":[{"key":"vs","value":"2"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"80"},{"key":"enable","value":"y"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 29 Aug 2024 13:11:18 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can disable Real Server locally, that is, for specific SubVS by using the modrs command and setting the vs parameter to the VSIndex of the SubVS.
\nThe Real Server IP address (that the rs parameter can be set to) can be in either IPv4 or IPv6 format.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modrs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"2"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"80"},{"key":"enable","value":"n"}],"variable":[]}},"response":[{"id":"8b757a37-6c30-411b-9935-04bca94d6094","name":"Locally Enable a Real Server within a SubVS","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modrs?vs=2&rs=InsertRealServerIPAddress&rsport=80&enable=n","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modrs"],"query":[{"key":"vs","value":"2"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"80"},{"key":"enable","value":"n"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 29 Aug 2024 13:14:14 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThis section provides commands relating to enabling or disabling Real Servers.
\n","_postman_id":"f86d4cad-4fd6-462e-bed2-3c4ab69b751b"}],"id":"e3ca8b4f-7662-4393-9bdc-d90b9b617341","description":"This section provides commands relating to the Real Servers.
\n","_postman_id":"e3ca8b4f-7662-4393-9bdc-d90b9b617341"},{"name":"Rules & Checking","item":[{"name":"Show Rules","item":[{"name":"Show Rules","id":"93c23069-17eb-44cf-b50f-dc1659f0c090","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showrule?name=Example02","description":"The rules which are in use within the system can be displayed by using the showrule command.
\nRunning the showrule command with no parameters will list all of the existing rules. You can reduce the list by either specifying the name parameter of a rule or the type of the rules.
The type is one of the following:
Value | Type | Description |
0 | MatchContentRule | The original rules. |
1 | AddHeaderRule | Rule to Add header field |
2 | DeleteHeaderRule | Rule to Delete a header field. |
3 | ReplaceHeaderRule | Rule to modify a header field. |
4 | ModifyURLRule | URL rewrite rule. |
5 | ReplaceBodyRule | Rule to replace a body string. |
This section provide details about the showrule command.
\n","_postman_id":"76c91197-829b-4366-a19f-46afe23d021f"},{"name":"Add/Modify a Rule on the System","item":[{"name":"Add a Rule on the System","id":"25bd410e-960d-4b26-9f4c-5d02271ac0f5","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addrule?name=Example02&pattern=s","description":"You can add a rule by using the addrule command.
\nWhen creating a Rule - if the type parameter is not specified, it will default to zero, that is, a MatchContentRule. For more details on the type parameter, refer to the Modify a Rule on the System section.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"Example02"},{"key":"pattern","value":"s"}],"variable":[]}},"response":[{"id":"5669c3de-a179-46f0-8f47-32b9ffa15506","name":"Add a Rule on the System","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addrule?name=Example02&pattern=s","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addrule"],"query":[{"key":"name","value":"Example02"},{"key":"pattern","value":"s"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 06:29:53 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can modify the rules by using the modrule command.
\nThe following parameters can be set (dependent on the type of rule). When creating a Rule - If type parameter is not specified when performing a modify operation, the type will not be changed.
\nUnless modifying/adding an AddHeaderRule, the pattern parameter must be supplied.
\nType 0 (MatchContentRule)
\nName | Type | Default | Range | Additional Information |
matchtype | S | regex |
| The type of matching to be performed by the rule. |
inchost | B | N |
| Prepend the hostname to request URI before performing the match. |
nocase | B | N |
| Ignore case when comparing the strings. |
negate | B | N |
| Invert the sense of the match. |
incquery | B | N |
| Append the query string to the URI before performing a match. |
header | S | unset | See below | The header field name that should be matched. If no header field is set, the default is to match in the URL. Set this to body to match on the body of a request. |
pattern | S | unset |
| The pattern to be matched. |
setonmatch | I | unset | 0-9 | If the rule is successfully matched, set the specified flag. |
onlyonflag | I | unset | 0-9 | Only try to execute this rule if the specified flag is set. Using the onlyonflag, onlyonnoflag, and setonmatch parameters, it is possible to make rules dependent on each other, that is, only execute a particular rule if another rule has been successfully matched. For more detailed instructions on ‘chaining’ rules, refer to the Content Rules, Feature Description document. |
| onlyonnoflag | I | unset | 0-9 | Only try to execute this rule if the specified flag is not set. |
mustfail | B | 0 - Disabled | 0 – Disabled 1 - Enabled | If this rule is matched, then always fail to connect. |
\n\nThe header parameter is optional and is the header in which the match is to be performed.
\n
Type 1 (AddHeaderRule)
\nName | Type | Default | Additional Information |
header | S | unset | Name of the header field to be added. |
replacement | S | unset | The replacement string. You can enter a maximum of 255 characters in this parameter. |
onlyonflag | I | unset | Range: 1-9 Only try to execute this rule if the specified flag is set. Using the onlyonflag, onlyonnoflag, and setonmatch parameters, it is possible to make rules dependent on each other, that is, only execute a particular rule if another rule has been successfully matched. For more detailed instructions on ‘chaining’ rules, refer to the Content Rules, Feature Description document. |
| onlyonnoflag | I | unset | Range: 1-9 Only try to execute this rule if the specified flag is not set. |
Type 2 (DeleteHeaderRule)
\nName | Type | Default | Additional Information |
pattern | S | unset | The pattern to be matched. |
onlyonflag | I | unset | Range: 1-9 Only try to execute this rule if the specified flag is set. Using the onlyonflag, onlyonnoflag, and setonmatch parameters, it is possible to make rules dependent on each other, that is, only execute a particular rule if another rule has been successfully matched. For more detailed instructions on ‘chaining’ rules, refer to the Content Rules, Feature Description document. |
| onlyonnoflag | I | unset | Range: 1-9 Only try to execute this rule if the specified flag is not set. |
Type 3 (ReplaceHeaderRule)
\nName | Type | Default | Additional Information |
header | S | unset | The header field name where the substitution should be performed. |
replacement | S | unset | The replacement string. |
pattern | S | unset | The pattern to be matched. |
onlyonflag | I | unset | Range: 1-9 Only try to execute this rule if the specified flag is set. Using the onlyonflag, onlyonnoflag, and setonmatch parameters, it is possible to make rules dependent on each other, that is, only execute a particular rule if another rule has been successfully matched. For more detailed instructions on ‘chaining’ rules, refer to the Content Rules, Feature Description document. |
| onlyonnoflag | I | unset | Range: 1-9 Only try to execute this rule if the specified flag is not set. |
Type 4 (ModifyURLRule)
\nName | Type | Default | Additional Information |
replacement | S | unset | How the URL is to be modified. |
pattern | S | unset | The pattern to be matched. |
onlyonflag | I | unset | Range: 1-9 Only try to execute this rule if the specified flag is set. Using the onlyonflag, onlyonnoflag, and setonmatch parameters, it is possible to make rules dependent on each other, that is, only execute a particular rule if another rule has been successfully matched. For more detailed instructions on ‘chaining’ rules, refer to the Content Rules, Feature Description document. |
| onlyonnoflag | I | unset | Range: 1-9 Only try to execute this rule if the specified flag is not set. |
Type 5 (ReplaceBodyRule)
\nName | Type | Default | Additional Information |
replacement | S | unset | The replacement string. |
pattern | S | unset | The pattern to be matched. |
onlyonflag | I | unset | Range: 1-9 Only try to execute this rule if the specified flag is set. Using the onlyonflag, onlyonnoflag, and setonmatch parameters, it is possible to make rules dependent on each other, that is, only execute a particular rule if another rule has been successfully matched. For more detailed instructions on ‘chaining’ rules, refer to the Content Rules, Feature Description document. |
caseindependent | B | 0 – Disabled | Enable this parameter to ignore the case of the strings when comparing. 0 – Disabled 1 - Enabled |
| onlyonnoflag | I | unset | Range: 1-9 Only try to execute this rule if the specified flag is not set. |
This section provides commands relating to adding or modifying a rule on the system.
\n","_postman_id":"7d4d4b35-66db-4cdf-82a4-f270141fd114"},{"name":"Delete a Rule from the System","item":[{"name":"Delete a Rule from the System","id":"f188efaa-e7db-4e68-bdb5-d13dd11e6337","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delrule?name=Example02","description":"You can delete the rule by using the delrule command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"Example02"}],"variable":[]}},"response":[{"id":"7ce49a2c-2f4a-4b37-96ad-b61cf555d701","name":"Delete a Rule from the System","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delrule?name=Example02","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delrule"],"query":[{"key":"name","value":"Example02"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 06:36:37 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThis section provides details about the command to delete a rule from the system.
\n","_postman_id":"a571d571-0956-4108-9f19-047bf5ba1089"},{"name":"Add/Delete Real Server Rule","item":[{"name":"Add Real Server Rule","id":"e8831aca-afba-4887-b440-7a94a24ef219","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addrsrule?vs=InsertVirtualServiceIPAddress&port=443&prot=tcp&rs=InsertRealServerIPAddress&rsport=443&rule=Example02","description":"You can add rules to Real Servers by using the addrsrule command.
\nThe rs parameter also accepts integers (ID). The ID (Real Server index) can be found in the RSIndex element when doing a showvs command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addrsrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"},{"key":"rule","value":"Example02"}],"variable":[]}},"response":[{"id":"a265861c-2512-4d33-a619-74311af25ba0","name":"Add Real Server Rule","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addrsrule?vs=InsertVirtualServiceIPAddress&port=443&prot=tcp&rs=InsertRealServerIPAddress&rsport=443&rule=Example02","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addrsrule"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"},{"key":"rule","value":"Example02"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 07:06:16 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can delete rules from Real Servers by using the delrsrule commands.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delrsrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"},{"key":"rule","value":"Example02"}],"variable":[]}},"response":[{"id":"3aacaa75-b1da-4394-9c8d-c20b50b1cfe2","name":"Delete Real Server Rule","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delrsrule?vs=InsertVirtualServiceIPAddress&port=443&prot=tcp&rs=InsertRealServerIPAddress&rsport=443&rule=Example02","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delrsrule"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"},{"key":"rule","value":"Example02"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 07:08:02 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThis section provides commands relating to adding or deleting a Real Server rule.
\n","_postman_id":"b8cafca0-f525-483f-bd5e-acbee0e8bae4"},{"name":"Add/Delete SubVS Rule","item":[{"name":"Add SubVS Rule","id":"347ba451-b864-4517-a2fa-0f64b1a2c777","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addrsrule?vs=InsertVirtualServiceIPAddress&port=443&prot=tcp&rs=!3&rule=Example02","description":"Content rules can be added from SubVSs by using the addrsrule command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addrsrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rs","value":"!3"},{"key":"rule","value":"Example02"}],"variable":[]}},"response":[{"id":"2b92c282-240f-4d9e-8bb7-b01e1fed8d61","name":"Add SubVS Rule","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addrsrule?vs=InsertVirtualServiceIPAddress&port=443&prot=tcp&rs=!3&rule=Example02","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addrsrule"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rs","value":"!3"},{"key":"rule","value":"Example02"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 07:36:26 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo add a content rule to a Real Server which is assigned to a SubVS, run the addrsrule command.
\nContent rules can be added to a SubVS, by using the addprerule, addresponserule, and addrequestrule commands, depending on the type of rule being added.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addrsrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"1"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"},{"key":"rule","value":"Example02"}],"variable":[]}},"response":[{"id":"dfd5dcb4-9e61-4a48-a2af-271ebbf708ed","name":"Add a Content Rule to a Real Server within a SubVS","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addrsrule?vs=1&rs=InsertRealServerIPAddress&rsport=443&rule=Example02","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addrsrule"],"query":[{"key":"vs","value":"1"},{"key":"rs","value":"InsertRealServerIPAddress"},{"key":"rsport","value":"443"},{"key":"rule","value":"Example02"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 07:39:13 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRules can be deleted from SubVS by using the delrsrule command.
\nThe rs parameter value must be set to an exclamation mark (!), followed by the Real Server ID of the SubVS. You can get the Real Server ID of the SubVS by going to the Virtual Service modify screen, expanding the SubVSs section and checking the Id number.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delrsrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rs","value":"!3"},{"key":"rule","value":"Example02"}],"variable":[]}},"response":[{"id":"229c3589-b3cc-4daa-a461-535b1e3adae9","name":"Delete SubVS Rule","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delrsrule?vs=InsertVirtualServiceIPAddress&port=443&prot=tcp&rs=!3&rule=Example02","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delrsrule"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rs","value":"!3"},{"key":"rule","value":"Example02"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 07:40:26 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\n\n\nVirtual Services and SubVSs share the same attributes. If you want to apply a content rule to a SubVS, you must know the RsIndex (ID) of the SubVS. To find the RsIndex, run the listvs command and scroll down to find the RsIndex parameter you want to edit.
\n
To get the RsIndex or VsIndex, run the listvs command. For further information, refer to the List All Virtual Services section.
\n","_postman_id":"7479a7d3-ff2a-4aba-8962-06bcb85c4602"},{"name":"Add Virtual Service Rules","item":[{"name":"Add Virtual Service Rule (Prerule)","id":"47a93178-b640-4d01-8604-17ef942b66f3","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addprerule?vs=InsertVirtualServiceIPAddress&port=443&prot=tcp&rule=Example02","description":"You can add rules to Virtual Services by using the addprerule command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addprerule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rule","value":"Example02"}],"variable":[]}},"response":[{"id":"31ea446f-3ac0-48df-9844-213ad8ca9491","name":"Add Virtual Service Rule (Prerule)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addprerule?vs=InsertVirtualServiceIPAddress&port=443&prot=tcp&rule=Example02","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addprerule"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rule","value":"Example02"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 06:59:59 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can add rules to Virtual Services by using the addresponserule command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addresponserule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rule","value":"ExampleRule2"}],"variable":[]}},"response":[{"id":"26d9a089-a2cd-4d25-a277-a4f2e21300be","name":"Add Virtual Service Rule (Responserule)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addresponserule?vs=InsertVirtualServiceIPAddress&port=80&prot=tcp&rule=ExampleRule2","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addresponserule"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rule","value":"ExampleRule2"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 14:05:50 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can add rules to Virtual Services by using the addrequestrule command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addrequestrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rule","value":"ExampleRequestRule2"}],"variable":[]}},"response":[{"id":"804dd291-db4c-4019-bed3-399175e28c9f","name":"Add Virtual Service Rule (Requestrule)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addrequestrule?vs=InsertVirtualServiceIPAddress&port=80&prot=tcp&rule=ExampleRequestRule2","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addrequestrule"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rule","value":"ExampleRequestRule2"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 14:01:36 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can add Replace String in Response Body rules to Virtual Services by using the addresponsebodyrule command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addresponsebodyrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rule","value":"ExampleResponseRule2"}],"variable":[]}},"response":[{"id":"c94f1f77-bb4b-415e-9ac9-fc09ac120f12","name":"Add Virtual Service Rule (Responsebodyrule)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addresponsebodyrule?vs=InsertVirtualServiceIPAddress&port=80&prot=tcp&rule=ExampleResponseRule2","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addresponsebodyrule"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"rule","value":"ExampleResponseRule2"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 14:03:30 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nIf Kerberos Constrained Delegation (KCD) is enabled on the Virtual Service, it is not possible to add a response body rule.
\n
This section provides commands relating to adding Virtual Service rules.
\n","_postman_id":"f8c4b552-cb64-4648-904e-876f236e9c6e"},{"name":"Delete Virtual Service Rules","item":[{"name":"Delete Virtual Service Rule (Prerule)","id":"1f7a4cfe-f689-48d7-88e2-c7f51464a751","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delprerule?vs=InsertVirtualServiceIPAddress&port=443&prot=tcp&rule=Example02","description":"You can delete rules from Virtual Service by using the delprerule command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delprerule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rule","value":"Example02"}],"variable":[]}},"response":[{"id":"ad2c709c-9983-46b5-8218-d6ca0a150b2d","name":"Delete Virtual Service Rule (Prerule)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delprerule?vs=InsertVirtualServiceIPAddress&port=443&prot=tcp&rule=Example02","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delprerule"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"443"},{"key":"prot","value":"tcp"},{"key":"rule","value":"Example02"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 05 Aug 2024 08:57:30 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can delete rules from Virtual Service by using the delresponserule command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delresponserule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"8810"},{"key":"prot","value":"tcp"},{"key":"rule","value":"ExampleResponseRule3"}],"variable":[]}},"response":[{"id":"efeb289a-dac1-4849-bfd5-dd49b2cb1091","name":"Delete Virtual Service Rule (Responserule)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delresponserule?vs=InsertVirtualServiceIPAddress&port=8810&prot=tcp&rule=ExampleResponseRule3","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delresponserule"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"8810"},{"key":"prot","value":"tcp"},{"key":"rule","value":"ExampleResponseRule3"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 11:48:51 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can delete rules from Virtual Service by using the delrequestrule command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delrequestrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"prot","value":"tcp"},{"key":"port","value":"8810"},{"key":"rule","value":"ExampleRequestRule2"}],"variable":[]}},"response":[{"id":"5d99fe0d-6f6e-4430-9572-e63a21d2f107","name":"Delete Virtual Service Rule (Requestrule)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delrequestrule?vs=InsertVirtualServiceIPAddress&prot=tcp&port=8810&rule=ExampleRequestRule2","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delrequestrule"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"prot","value":"tcp"},{"key":"port","value":"8810"},{"key":"rule","value":"ExampleRequestRule2"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 08 Aug 2024 09:52:05 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can delete rules from Virtual Service by using the delresponsebodyrule command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delresponsebodyrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"8810"},{"key":"prot","value":"tcp"},{"key":"rule","value":"ExampleResponseRule"}],"variable":[]}},"response":[{"id":"3e17df65-d8e4-44f6-8c75-affcf6aa6d61","name":"Delete Virtual Service Rule (Responsebodyrule)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delresponsebodyrule?vs=InsertVirtualServiceIPAddress&port=8810&prot=tcp&rule=ExampleResponseRule","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delresponsebodyrule"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"8810"},{"key":"prot","value":"tcp"},{"key":"rule","value":"ExampleResponseRule"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 11:55:08 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThis section provides commands relating to deleting Virtual Service rules.
\n","_postman_id":"7cfedbcc-4c6d-49a0-b454-876b8406a410"},{"name":"Check Parameters","item":[{"name":"Show a Health Check Parameter","id":"f06cb2b6-6b6b-4c7e-a090-3eec9d3babb2","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showhealth","description":"The Service Check Parameters can be obtained by using the showhealth command.
\nThe output of the showhealth command will display the RetryInterval, Timeout, and RetryCount values.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","showhealth"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"bf66cf26-6eda-401a-8d85-1a375bc74ba1","name":"Show a Health Check Parameter","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showhealth"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 05 Aug 2024 09:02:46 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can modify the Service Check Parameters by using the modhealth command.
\n\n\nNote: This section describes how to set the global adaptive parameters. By default, these values are used when the Schedule parameter for a Virtual Service is set to adaptive. However, you can configure these adaptive parameters on a per-Virtual Service basis, if needed. Refer to the following section for further details on how to do this: Virtual Services > Virtual Service Parameters > Standard Options.
\n
Name | Type | Range | Default | Additional Information | Mandatory |
RetryInterval | I | 9-120 (901) | 9 | Defined in seconds, this is the delay between health checks. This includes clusters and FQDNs. Recommended and default value: 9 seconds Valid values range from the (9) to the (901). The is RetryCount \\\\* Timeout + 1, that is, a value of 9 by default. The is 901 [because that is what 60 (maximum Timeout) \\\\* 15 (maximum RetryCount) + 1 is]. You can manually set the RetryInterval to up to 120 seconds. The RetryInterval value may go above 120 if the Timeout and RetryCount parameters are configured with high enough values. If the RetryInterval is above 120 seconds, you must adjust the Timeout and RetryCount values to modify the RetryInterval. | N |
Timeout | I | 4-60 | 4 | Defined in seconds, this is the allowed maximum wait time for a reply to a health check. | N |
RetryCount | I | 2-15 | 2 | This is the consecutive number of times in which a health check must fail before it is marked down and removed from the load balancing pool. | N |
To configure all three parameters, you must first set the Timeout and/or RetryCount in one request. Then, set the RetryInterval in the second request.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modhealth"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"96526d92-e101-4dd9-9876-cd993a08d63c","name":"Modify a Health Check Parameter","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modhealth"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 05 Aug 2024 09:03:39 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nSet the value of Timeout and RetryCount parameters using the modhealth command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modhealth"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"Timeout","value":"5"},{"key":"RetryCount","value":"3"}],"variable":[]}},"response":[{"id":"e207abea-7b6b-44b7-9978-639295cfa55b","name":"Set the Timeout and RetryCount value","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modhealth?Timeout=5&RetryCount=3","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modhealth"],"query":[{"key":"Timeout","value":"5"},{"key":"RetryCount","value":"3"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 05 Aug 2024 09:06:19 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nSet the value of RetryInterval parameter using the modhealth command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modhealth"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"RetryInterval","value":"18"}],"variable":[]}},"response":[{"id":"0a0136f7-9c93-4e80-8ee5-32edafbc6984","name":"Set the RetryInterval","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modhealth?RetryInterval=18","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modhealth"],"query":[{"key":"RetryInterval","value":"18"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 05 Aug 2024 09:07:18 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe Adaptive Check parameters can be obtained by using the showadaptive command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","showadaptive"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"","value":""}],"variable":[]}},"response":[{"id":"7e80e4d8-aba9-4d0b-86bf-87a6904f2be3","name":"Show the Adaptive Check Parameter","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showadaptive?","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","showadaptive"],"query":[{"key":"","value":null}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 05 Aug 2024 09:08:37 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can modify the Adaptive Check parameters by using the modadaptive command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modadaptive"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"AdaptiveURL","value":"/load"},{"key":"AdaptivePort","value":"80"},{"key":"AdaptiveInterval","value":"11"},{"key":"MinPercent","value":"10"}],"variable":[]}},"response":[{"id":"353a7dc2-59f3-4adc-bdbe-83e35878e104","name":"Modify the Adaptive Check Parameter","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modadaptive?AdaptiveURL=/load&AdaptivePort=80&AdaptiveInterval=11&MinPercent=10","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modadaptive"],"query":[{"key":"AdaptiveURL","value":"/load"},{"key":"AdaptivePort","value":"80"},{"key":"AdaptiveInterval","value":"11"},{"key":"MinPercent","value":"10"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 08 Aug 2024 04:12:06 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThis section provides commands relating to the check parameters.
\n","_postman_id":"55b31ecb-f377-408a-ba2a-9fc42c37de09"}],"id":"e05d6d65-7211-4c04-a2e3-b661a705ce95","description":"Content Rules can be managed using the RESTful API.
\n","_postman_id":"e05d6d65-7211-4c04-a2e3-b661a705ce95"},{"name":"Certificates & Security","item":[{"name":"Certificate Management","item":[{"name":"List the Installed Certificates","id":"c44caac3-08b9-4285-b51b-c6f4e514eebc","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listcert","description":"To list the currently installed certificates and their fingerprints, run the listcert command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","listcert"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"0c21ea25-e3a0-45fa-b5b9-1a67cd861056","name":"List the Installed Certificates","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:{{vault:authorization-password}}@InsertLoadMasterIPAddress/access/listcert"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 10:15:07 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo list the currently installed intermediate certificates, run the listintermediate command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","listintermediate"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"3d85566a-f334-43b7-848b-7de882fe7079","name":"List the Installed Intermediate Certificates","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:{{vault:authorization-password}}@InsertLoadMasterIPAddress/access/listintermediate"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 10:13:56 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo return an existing certificate as a Binary Large Object (BLOB), run the readcert command.
\nBy default the BLOB is in PEM format. There is an optional parameter called outform that can be used to specify the format – either PEM or DER.
DER is Base64-encoded because it is a binary format.
To return an existing intermediate certificate as a BLOB, run the readintermediate command.
\nBy default the BLOB is in PEM format. There is an optional parameter called outform that can be used to specify the format – either PEM or DER.
DER is Base64-encoded because it is a binary format.
To upload a certificate, run the addcert command.
\n\n\nIf a command requires binary data (file uploads), this data must be passed in the \"data\" string and be base64-encoded.
\n
\n\nIf you are uploading a certificate and key file, insert both the certificate and key in the same file.
\n
Name | Type | Default | Additional Information | Mandatory |
cert | S | unset | The identifier that the certificate is known as on the LoadMaster.
| Y |
password | S | unset | The (optional) passphrase that was used to protect the certificate when it was created. | N |
replace | B | unset | 0 - Not replacing 1 - Replacing If you are replacing a certificate that already exists in the LoadMaster, set the replace parameter to 1. If you are uploading a new certificate, set replace to 0. | N |
To delete a certificate, run the delcert command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delcert"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"cert","value":"certificate"}],"variable":[]}},"response":[{"id":"00eaaacc-1544-466f-8526-78904c01f0b7","name":"Delete a Certificate","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delcert?cert=certificate","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delcert"],"query":[{"key":"cert","value":"certificate"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 10:18:21 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nIt is not possible to delete a certificate assigned to a Virtual Service. Remove the certificate from any Virtual Services before deleting.
\n
To upload an intermediate certificate, run the addintermediate command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addintermediate"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"cert","value":"Cert"}],"variable":[]}},"response":[{"id":"1a1b79b4-dd33-4b5c-8cdd-f09e007aca26","name":"Add an Intermediate Certificate","originalRequest":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/ExampleFiles/rdpdoc.net.crt"}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addintermediate?cert=Cert","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addintermediate"],"query":[{"key":"cert","value":"Cert"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 10:21:22 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"shell-init","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"job-working-directory","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"job-working-directory","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"job-working-directory","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"job-working-directory","value":"error retrieving current directory: getcwd: cannot access parent directories: No such file or directory"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nIf a command requires binary data (file uploads), this data must be passed in the \"data\" string and be base64-encoded.
\n
To delete an intermediate certificate, run the delintermediate command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delintermediate"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"cert","value":"cert"}],"variable":[]}},"response":[{"id":"d49795e3-b37d-4e2c-a38b-985320a9068b","name":"Delete an Intermediate Certificate","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delintermediate?cert=cert","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delintermediate"],"query":[{"key":"cert","value":"cert"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 10:19:27 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo back up all certificates, run the backupcert command.
\nThe password (passphrase) must be alpha numeric and is case-sensitive. The minimum number of characters is 7 with a maximum of 64.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","backupcert"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"password","value":"ExamplePassword"}],"variable":[]}},"response":[{"id":"82e4853d-c2d1-4d83-b2d6-38b4bc12c39b","name":"Back up Certificates","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/backupcert?password=ExamplePassword","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","backupcert"],"query":[{"key":"password","value":"ExamplePassword"}]}},"status":"OK","code":200,"_postman_previewlanguage":"raw","header":[{"key":"Date","value":"Fri, 09 Aug 2024 10:24:27 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"application/octet-stream"},{"key":"Content-Disposition","value":"inline; filename=EXAMPLE"}],"cookie":[],"responseTime":null,"body":"To save the file, in Postman - go to the Body of the response, click the three dots on the right, and click Save response to file."}],"_postman_id":"5da757b3-8425-4f54-9664-f84e5025e9ba"},{"name":"Restore the Certificates","id":"19b4143b-37f4-4000-8559-32f21c69d7c0","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/ExampleFiles/CertBackup_2024_08_14.13.52"}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/restorecert?password=InsertPassword&type=full","description":"To restore certificates, run the restorecert command.
\n\n\nIf a command requires binary data (file uploads), this data must be passed in the \"data\" string and be base64-encoded.
\n
The password (passphrase) must be alpha numeric and is case-sensitive. The minimum number of characters is 7 with a maximum of 64.
\nThe type parameter has three possible values:
\n- \n
- full - All Virtual Service and intermediate certificates \n
- third - Intermediate certificates only \n
- vs - Virtual Service certificates only \n
\n\nThe values for the type parameter are case-sensitive. Ensure to use lowercase when setting this parameter.
\n
Replace is a boolean value that tells the LoadMaster whether to replace an existing certificate with the same name or not.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","restorecert"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"password","value":"InsertPassword"},{"key":"type","value":"full"}],"variable":[]}},"response":[{"id":"2374c180-907a-41c6-8f68-c36b9f727db0","name":"Restore the Certificates","originalRequest":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/ExampleFiles/CertBackup_2024_08_14.13.52"}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/restorecert?password=InsertPassword&type=full","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","restorecert"],"query":[{"key":"password","value":"InsertPassword"},{"key":"type","value":"full"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 13:53:42 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can retrieve or configure the admincert or localcert parameter values using the get or set commands.
\nName | Type | Additional Information |
admincert | S |
|
localcert | S | This parameter is only relevant when using HA. |
You can manage certificates using the following commands.
\n","_postman_id":"ac971238-aa57-4cbc-b3fd-721e70ae6693"},{"name":"ACME Certificates","item":[{"name":"Let's Encrypt-specific Operations","item":[{"name":"Get an Existing Let's Encrypt Account","id":"ba6fe0cc-6700-401d-90d5-9811b225a41b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/fetchleaccount?password=ExamplePassword&data=Example","description":"To get an existing Let's Encrypt account registered with other ACME clients such as Certbot, run the fetchleaccount command using the password parameter.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","fetchleaccount"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"password","value":"ExamplePassword"},{"key":"data","value":"Example"}],"variable":[]}},"response":[{"id":"07ad9bf9-24e3-496b-95f2-d24ed0372037","name":"Get an Existing Let's Encrypt Account","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:{{vault:authorization-password}}@InsertLoadMasterIPAddress/access/fetchleaccount?password=ExamplePassword&data=Example","protocol":"https","auth":{"user":"bal","password":"{{vault:authorization-password}}"},"host":["InsertLoadMasterIPAddress"],"path":["access","fetchleaccount"],"query":[{"key":"password","value":"ExamplePassword"},{"key":"data","value":"Example"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 13:32:14 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo register a Let's Encrypt account to the LoadMaster, run the registeracmeaccount command.
\nYou can also register a Let's Encrypt account using the optional parameter email.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","registeracmeaccount"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"acmetype","value":"1"}],"variable":[]}},"response":[{"id":"cce13ec4-9fbc-4bb0-805a-882248922d51","name":"Register a Let's Encrypt Account","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/registeracmeaccount?acmetype=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","registeracmeaccount"],"query":[{"key":"acmetype","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 10:47:42 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo get the Let's Encrypt account information from the LoadMaster, run the leaccountinfo command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","leaccountinfo"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"5c0afd15-7261-440d-9be3-c945b6c75ae1","name":"Get the Let's Encrypt Account Information","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/leaccountinfo"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 25 Mar 2025 14:49:54 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo get the Let's Encrypt directory URL information, run the get command for the directoryurl parameter.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","get"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"param","value":"directoryurl"}],"variable":[]}},"response":[{"id":"c5bb6686-7bdb-40c3-84b5-f258c2f04191","name":"Get the Let's Encrypt Directory URL Information","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/get?param=directoryurl","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","get"],"query":[{"key":"param","value":"directoryurl"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 25 Mar 2025 15:21:52 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo set the Let's Encrypt directory URL information, run the set command for the directoryurl parameter.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","set"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"param","value":"directoryurl"},{"key":"value","value":"https://acme-staging-v02.api.letsencrypt.org/directory"}],"variable":[]}},"response":[{"id":"853d64b3-e363-47c9-b4cb-39a5b91e1562","name":"Get the Let's Encrypt Directory URL Information","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/get?param=directoryurl","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","get"],"query":[{"key":"param","value":"directoryurl"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 25 Mar 2025 15:21:52 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo list the Let's Encrypt certificates that are installed on the LoadMaster, run the listlecert command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","listlecert"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"9a5aa32e-db68-430b-9db3-df0214cbfb44","name":"List the Let's Encrypt Certificates","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listlecert"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 10:47:42 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo get the details of a specific Let's Encrypt certificate from the LoadMaster, run the getlecert command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","getlecert"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"cert","value":"test-cert"}],"variable":[]}},"response":[{"id":"de85ee31-42a0-4aee-a538-b8e98be0bfaa","name":"Get the details about a Specific Let's Encrypt Certificate","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/getlecert?cert=test-cert","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","getlecert"],"query":[{"key":"cert","value":"test-cert"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 10:47:42 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo request a new certificate from Let's Encrypt, run the addlecert command specifying cert, cn, and vid as mandatory parameters.
\nOther optional parameters are also available, such as:
san1,san2,..,san10, vid1,vid2,...vid10 are for SAN and their respective VID, country, state, city, company, organization, email, key_size, and so on.
To renew a Let's Encrypt certificate, run the renewlecert command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","renewlecert"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"cert","value":"vs_le_cert"}],"variable":[]}},"response":[{"id":"b2dc7f78-73c9-4e1b-916f-b358c9ba90ce","name":"Renew a Let's Encrypt Certificate","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/renewlecert?cert=vs_le_cert","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","renewlecert"],"query":[{"key":"cert","value":"vs_le_cert"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 25 Mar 2025 14:49:54 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete a Let's Encrypt certificate from the LoadMaster, run the dellecert command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","dellecert"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"cert","value":"vs_le_cert"}],"variable":[]}},"response":[{"id":"3d18527a-cd2f-45d1-9c7c-75799c70e717","name":"Delete a Let's Encrypt Certificate","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/dellecert?cert=vs_le_cert","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","dellecert"],"query":[{"key":"cert","value":"vs_le_cert"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 25 Mar 2025 14:49:54 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo get the details of the Renew Period for the Let's Encrypt certificates, run the get command for the renewperiod parameter.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","get"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"param","value":"renewperiod"}],"variable":[]}},"response":[{"id":"520280ab-6758-421a-bc19-f1c0248dc0ef","name":"Get the Renew Period","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/get?param=renewperiod","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","get"],"query":[{"key":"param","value":"renewperiod"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 25 Mar 2025 15:16:06 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo set the Renew Period for the Let's Encrypt certificates, run the set command for the renewperiod parameter.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","set"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"param","value":"renewperiod"},{"key":"value","value":"40"}],"variable":[]}},"response":[{"id":"e4763fdb-b36f-4032-8982-f5d2e5c8789f","name":"Set the Renew Period","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/set?param=renewperiod&value=40","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","set"],"query":[{"key":"param","value":"renewperiod"},{"key":"value","value":"40"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 25 Mar 2025 15:17:02 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThere are a number of legacy Let's Encrypt-specific commands that still work for backwards compatibility such as registerleaccount, addlecert, renewlecert, dellecert, listlecert, leaccountinfo, and getlecert. These legacy Let's Encrypt-specific commands work on LTSF LoadMasters. The acme commands mentioned for Let's Encrypt in the sections below are not supported in the LTSF LoadMaster version yet.
\n","_postman_id":"d4f78d1d-2faf-4238-a2df-a1beb2c782fc"},{"name":"DigiCert-specific Operations","item":[{"name":"Set the DigiCert Key ID","id":"ace8db52-d08a-48e8-920d-e74fd92f44f9","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setacmekid?kid=1&acmetype=2","description":"The account Key ID is used for identification on the DigiCert account.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","setacmekid"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"kid","value":"1"},{"key":"acmetype","value":"2"}],"variable":[]}},"response":[{"id":"8c18b695-26ae-479d-a827-740ab0832b0e","name":"Set the DigiCert Key ID","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setacmekid?kid=1&acmetype=2","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","setacmekid"],"query":[{"key":"kid","value":"1"},{"key":"acmetype","value":"2"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 10:50:59 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe Hash-Based Message Authentication Code (HMAC) key used to authenticate to the DigiCert account.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","setacmehmac"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"hmac","value":"1"},{"key":"acmetype","value":"2"}],"variable":[]}},"response":[{"id":"a6fa7bc3-9b8f-4bbc-a6bb-9763d2e26ae7","name":"Set the DigiCert HMAC","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setacmehmac?hmac=1&acmetype=2","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","setacmehmac"],"query":[{"key":"hmac","value":"1"},{"key":"acmetype","value":"2"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 10:52:02 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe sections below describe the DigiCert-specific operations.
\n","_postman_id":"8ace4584-b552-45e9-b327-a131965ed4c8"},{"name":"ACME Certificate Commands","item":[{"name":"Get the Renew Period","id":"d428225c-950d-4c42-95a4-2e9cc349e7f9","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/getacmerenewperiod?acmetype=1","description":"Retrieve the renew period value.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","getacmerenewperiod"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"acmetype","value":"1"}],"variable":[]}},"response":[{"id":"cfe4e8e3-ba62-4238-aabe-263c7dd16757","name":"Get the Renew Period","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/getacmerenewperiod?acmetype=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","getacmerenewperiod"],"query":[{"key":"acmetype","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 11:09:41 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nValid values for the Renew Period range from 1 to 60 (days).
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","setacmerenewperiod"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"renewperiod","value":"20"},{"key":"acmetype","value":"1"}],"variable":[]}},"response":[{"id":"18476773-cda6-4e7d-a337-b1115811ad51","name":"Set the Renew Period","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setacmerenewperiod?renewperiod=20&acmetype=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","setacmerenewperiod"],"query":[{"key":"renewperiod","value":"20"},{"key":"acmetype","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 11:08:52 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRetrieve the ACME Directory URL information.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","getacmedirectoryurl"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"acmetype","value":"1"}],"variable":[]}},"response":[{"id":"40d73bca-6935-465f-8a18-a814a87a69eb","name":"Get the ACME Directory URL Information","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/getacmedirectoryurl?acmetype=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","getacmedirectoryurl"],"query":[{"key":"acmetype","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 11:12:45 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nSet the ACME Directory URL.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","setacmedirectoryurl"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"directoryurl","value":"https://acme-v02.api.letsencrypt.org/directory"},{"key":"acmetype","value":"1"}],"variable":[]}},"response":[{"id":"c1bbac78-742b-4211-98d7-9c4f9225309d","name":"Set the ACME Directory URL Information","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setacmedirectoryurl?directoryurl=https://acme-v02.api.letsencrypt.org/directory&acmetype=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","setacmedirectoryurl"],"query":[{"key":"directoryurl","value":"https://acme-v02.api.letsencrypt.org/directory"},{"key":"acmetype","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 14:07:11 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete the ACME configuration parameters (which allows you to configure either the Let's Encrypt or DigiCert configuration from the start), run the delacmeconfig command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delacmeconfig"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"acmetype","value":"1"}],"variable":[]}},"response":[{"id":"bb8a521d-dd73-4a5c-819c-b10bc91c7662","name":"Delete the ACME Configuration Parameters","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delacmeconfig?acmetype=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delacmeconfig"],"query":[{"key":"acmetype","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 14:08:18 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can only delete the configuration if there are no ACME certificates.
\n
To request a new ACME certificate, run the addacmecert command using cert, cn, vid (Virtual Service ID), and acmetype as mandatory parameters.
\nTo request a wildcard certificate using ACME, run the addacmecert command using cert, cn (for wildcard certificates, the common name must start with *.), vid (Virtual Service ID), dnsapi, dnsapiparams, and acmetype as mandatory parameters.
\nOther optional parameters are also available, such as:
san1,san2,..,san10, vid1,vid2,...vid10 which are for SANs and their respective VIDs, country, state, city, company, organization, email, key_size, and so on.
\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addacmecert"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"cert","value":"Identifier"},{"key":"cn","value":"example4.ddns.net"},{"key":"vsid","value":"1"},{"key":"keysize","value":"2048"},{"key":"acmetype","value":"1"}],"variable":[]}},"response":[{"id":"0d00f43a-5079-4736-8f60-156b61166760","name":"Request a New ACME Certificate","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addacmecert?cert=Identifier&cn=example4.ddns.net&vsid=1&keysize=2048&acmetype=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addacmecert"],"query":[{"key":"cert","value":"Identifier"},{"key":"cn","value":"example4.ddns.net"},{"key":"vsid","value":"1"},{"key":"keysize","value":"2048"},{"key":"acmetype","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 13:36:16 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nWhen requesting a Let’s Encrypt certificate, you can optionally specify an email parameter. You cannot specify an email parameter when requesting a DigiCert certificate.
\n
To request a wildcard certificate using ACME, you must run the addacmecert command and:
\n- \n
Specify a Common Name (cn) beginning with *.,
\n \nSpecify the DNS provider using the dnsapi parameter, and
\n \nSpecify the access credential parameters using the dnsapiparams parameter for the selected DNS provider
\n \n
You can specify multiple credentials parameters using a comma-separated list. For example, if you specify Progress-LM-GEO as the DNS provider then you must set the dnsapiparams parameter to the DNS URL followed by the DNS API key in a comma-separated list. The access credential parameters differ depending on the DNS provider selected. A list of DNS providers and their credential parameters are detailed in the below table.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addacmecert"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"cert","value":"Identifier"},{"key":"cn","value":"*.postman.kempqa2.com"},{"key":"vid","value":"1"},{"key":"dnsapi","value":"godaddy.com"},{"key":"dnsapiparams","value":"{{DNSapiparamsvalue}}"},{"key":"keysize","value":"2048"},{"key":"acmetype","value":"1"}],"variable":[]}},"response":[{"id":"553a5438-cf6f-4f27-ad19-51c1d8d4abbf","name":"Request a Wildcard Certificate","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addacmecert?cert=Identifier&cn=*.postman.kempqa2.com&vid=1&dnsapi=godaddy.com&dnsapiparams={{DNSapiparamsvalue}}&keysize=2048&acmetype=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addacmecert"],"query":[{"key":"cert","value":"Identifier"},{"key":"cn","value":"*.postman.kempqa2.com"},{"key":"vid","value":"1"},{"key":"dnsapi","value":"godaddy.com"},{"key":"dnsapiparams","value":"{{DNSapiparamsvalue}}"},{"key":"keysize","value":"2048"},{"key":"acmetype","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 13:42:11 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo renew an ACME certificate, run the renewacmecert command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","renewacmecert"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"cert","value":"vs_le_cert"},{"key":"acmetype","value":"1"}],"variable":[]}},"response":[{"id":"0ea18e8f-4c66-4b56-8511-08970db3891c","name":"Renew an ACME Certificate","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/renewacmecert?cert=vs_le_cert&acmetype=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","renewacmecert"],"query":[{"key":"cert","value":"vs_le_cert"},{"key":"acmetype","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 13:46:19 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete an ACME certificate from the LoadMaster, run the delacmecert command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delacmecert"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"cert","value":"CertificateName"},{"key":"acmetype","value":"1"}],"variable":[]}},"response":[{"id":"9db0a954-b25d-456c-9ddb-1f05289680cf","name":"Delete an ACME Certificate","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delacmecert?cert=CertificateName&acmetype=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delacmecert"],"query":[{"key":"cert","value":"CertificateName"},{"key":"acmetype","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 13:54:06 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo list the ACME certificates that are installed on the LoadMaster, run the listacmecert command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","listacmecert"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"acmetype","value":"1"}],"variable":[]}},"response":[{"id":"918b6bca-7585-497e-a3ea-0c3b5efc349e","name":"List the ACME Certificates","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"{\r\n \"cmd\": \"listacmecert\",\r\n \"apikey\": \"InsertAPIKey\"\r\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listacmecert?acmetype=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","listacmecert"],"query":[{"key":"acmetype","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Content-Type","value":"application/xml","description":"","type":"text"}],"cookie":[],"responseTime":null,"body":"\nTo get the ACME account information from the LoadMaster, run the acmeaccountinfo command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","acmeaccountinfo"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"acmetype","value":"1"}],"variable":[]}},"response":[{"id":"15b24500-2d55-4f90-be28-e85773f97cc1","name":"Get the ACME Account Information","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/acmeaccountinfo?acmetype=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","acmeaccountinfo"],"query":[{"key":"acmetype","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 11:19:14 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo get the details of a specific ACME certificate from the LoadMaster, run the getacmecert command using the cert and acmetype parameters.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","getacmecert"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"cert","value":"CertificateName"},{"key":"acmetype","value":"1"}],"variable":[]}},"response":[{"id":"f82cacbf-4117-4b97-826d-c04573d605cf","name":"Get Details about a Specific ACME Certificate","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/getacmecert?cert=CertificateName&acmetype=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","getacmecert"],"query":[{"key":"cert","value":"CertificateName"},{"key":"acmetype","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 13:58:43 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThis section contains details about the ACME API commands and parameters.
\n\n\n","_postman_id":"6ff0489f-9c52-4589-bf5b-dd1ab891f730"}],"id":"93664be2-90a9-4045-b32d-bef793c913d1","description":"There are a number of legacy Let's Encrypt-specific commands that still work for backwards compatibility such as registerleaccount, addlecert, renewlecert, dellecert, listlecert, leaccountinfo, and getlecert. These legacy Let's Encrypt-specific commands work on LTSF LoadMasters. The acme commands mentioned for Let's Encrypt in the sections below are not supported in the LTSF LoadMaster version yet.
\n
The LoadMaster provides an option of two Automated Certificate Management Environment (ACME) providers:
• Let's Encrypt
• DigiCert
The API commands and parameters relating to ACME certificates are mostly the same, apart from a few exceptions that are specific to Let's Encrypt and DigiCert. Refer to the relevant sections below for further details.
The acmetype parameter is required for a lot of these commands. This relates to the ACME provider:
\n- \n
1 - Let's Encrypt
\n \n2 - DigiCert
\n \n
\n\nThere are a number of legacy Let's Encrypt-specific commands that still work for backwards compatibility such as registerleaccount, addlecert, renewlecert, dellecert, listlecert, leaccountinfo, and getlecert. These legacy Let's Encrypt-specific commands work on LTSF LoadMasters. The acme commands mentioned for Let's Encrypt in the sections below are not supported in the LTSF LoadMaster version yet.
\n
\n\n","_postman_id":"93664be2-90a9-4045-b32d-bef793c913d1"},{"name":"Cipher Sets","item":[{"name":"Modify a Custom Cipher Set/Create a New Custom Cipher Set","id":"ce6c6b89-e2ef-4a36-a1d4-c8cdb5a9502f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modifycipherset?name=ExampleCipherSet&value=InsertCipher(s)","description":"Note: The DigiCert-specific commands are not supported in the LTSF LoadMaster version yet.
\n
The modifycipherset command can be used to update an existing custom cipher set or create a new custom cipher set.
\n\n\nIf the name of an existing custom cipher set is specified, that cipher set will be updated. If a new name is used, a new cipher set will be created.
\n
Multiple ciphers can be assigned by separating them with a colon (:).
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modifycipherset"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"ExampleCipherSet"},{"key":"value","value":"InsertCipher(s)"}],"variable":[]}},"response":[{"id":"0c13fe09-7625-42aa-9c67-1d397620955e","name":"Modify a Custom Cipher Set/Create a New Custom Cipher Set","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modifycipherset?name=ExampleCipherSet&value=InsertCipher(s)","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modifycipherset"],"query":[{"key":"name","value":"ExampleCipherSet"},{"key":"value","value":"InsertCipher(s)"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 11:31:13 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can use the getcipherset command to retrieve the list of ciphers that are in the specified cipher set.
\nThe valid values for the name parameter are below:
\n- \n
- Default \n
- Default_NoRc4 \n
- BestPractices \n
- Intermediate_compatibility \n
- Backward_compatibility \n
- WUI \n
- FIPS \n
- Legacy \n
\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","getcipherset"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"ExampleCipherSet"}],"variable":[]}},"response":[{"id":"9bfd1a91-0b39-4d9e-8299-d519556a19f2","name":"Retrieve the Details of an Existing Cipher Set","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/getcipherset?name=ExampleCipherSet","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","getcipherset"],"query":[{"key":"name","value":"ExampleCipherSet"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 11:32:33 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThese values are case-sensitive.
\n
You can use the delcipherset command to delete an existing custom cipher set.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delcipherset"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"ExampleCipherSet"}],"variable":[]}},"response":[{"id":"df6d4e2d-181b-4540-bf9f-41ba6d0eb621","name":"Delete a Custom Cipher Set","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delcipherset?name=ExampleCipherSet","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delcipherset"],"query":[{"key":"name","value":"ExampleCipherSet"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 11:33:51 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nA custom cipher set cannot be deleted if it is assigned to any Virtual Services. If this command is run when a cipher set is assigned to a Virtual Service, an error message will be returned which says Command Failed: Cipher set in use.
\n
Custom cipher sets can be manipulated using the commands below.
\n\n\n","_postman_id":"e7ef7479-6a52-484a-a9ee-e268c45fabeb"},{"name":"Remote Access","item":[{"name":"Set Admin Access and Get GEO Partner Status","item":[{"name":"Set Admin Access","id":"85e4f6fb-247b-4efc-83a1-81d5fe95cac5","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setadminaccess?wuiiface=0&wuiport=443","description":"It is not possible to modify or delete system-defined cipher sets.
\n
The web administrative access interface and the administrative default gateway can be set in one step by running the setadminaccess command with the associated parameters.
\nParameters relating to the setadminaccess command are shown in the following table:
\nParameter | Type | Range | Additional Information | Mandatory |
wuiiface | I | Valid interface index | The index of an existing interface. This index number corresponds to the interface number in the LoadMaster UI, for example, the index for eth0 is 0. | Y |
wuiport | I | 3-65535 | Specify the port used to access the administrative web interface. | Y |
wuidefaultgateway | S | Valid IP address | When administering the LoadMaster from a non-default interface, a different default gateway for administrative traffic only can be specified using this parameter. | N |
To return the status of all configured GEO partners, run the getgeopartnerstatus command.
\nAn empty list is returned if there are no GEO partners configured. If the status of a particular partner is not known, it is reported as “Unknown”.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","getgeopartnerstatus"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"03645ea4-ef95-4c06-90e6-df12a1c8ead1","name":"Get GEO Partner Status","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/getgeopartnerstatus"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 12 Aug 2024 04:31:21 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRefer to the sections below for commands to set the admin access and get the GEO partner status.
\n","_postman_id":"8b0c7579-1755-4957-bfa6-fcaff0d42e28"},{"name":"WUI Authentication and Authorization Options","item":[],"id":"7d761318-7f17-4b6c-a0cf-09e9b8fa38e2","description":"Parameters relating to WUI Authentication and Authorization Options that can be managed using get and set commands are detailed in the following table. Refer to the Using get and set commands section for the get and set commands.
\nName | Type | Range | Description |
wuildapep | S | A valid LDAP endpoint name | Specify the name of the LDAP endpoint to use for UI authentication. |
ldapbackupserver | A |
| Specifies the backup LDAP server for authentication. |
ldapsecurity | I | 0 = Not Encrypted 1 = StartTLS 2 = LDAPS | Specifies the security mode for LDAP authentication. |
ldapserver | A |
| Specifies the LDAP server to use for authentication. |
ldaprevalidateinterval | B |
| Specifies how often to revalidate the authentication to the LDAP server. |
wuiservercertval | B | 0 - Disabled 1 - Enabled | This option is only relevant when the LDAP endpoint has either StartTLS or LDAPS selected as the LDAP Protocol. When the wuiservercertval parameter is enabled, it ensures that the host name or IP address that was used to initiate the secure connection resides in the Certificate Subject or Subject Alternative Names (SAN) of the certificate. |
wuiusergroups | S | Enter a space-separated list of existing remote user groups to assign, for example testgroup testgroup2. Set the parameter to an empty value to remove all assigned groups, for example value=. | |
wuinestedgroups | B | 0 = Disabled 1 = Enabled | Enable or disable nested remote user groups. |
wuidomain | S | Specify the domain to use if no domain is provided in the username when group UI authentication is in use. It is always used as the domain for group search if the Windows logon is used in the format prefix\\username. | |
radiusbackupport | I | 3-65535 | Specifies the TCP port for the backup RADIUS server. |
radiusbackupsecret | S |
| Specifies the password (secret) to the backup RADIUS server. |
radiusbackupserver | A |
| Specifies the backup RADIUS server to use for authentication. |
radiusport | I | 3-65535 | Specifies the TCP port for communication to the RADIUS server. |
radiusrevalidateinterval | I | 10-86400 | Specifies when to revalidate the authentication to the RADIUS server. |
radiussendnasid | B | 0 - Disabled 1 - Enabled | If this parameter is disabled (default), a NAS identifier is not sent to the RADIUS server. If it is enabled, a Network Access Server (NAS) identifier string is sent to the RADIUS server. By default, this is the hostname. Alternatively, if you specify a value in the radiusnasid parameter, this value is used as the NAS identifier. If the NAS identifier cannot be added, the RADIUS access request is still processed. |
radiusnasid | S | If the radius_send_nas_id parameter is enabled, the radius_nas_id parameter is relevant. When specified, this value is used as the NAS identifier. Otherwise, the hostname is used as the NAS identifier. If the NAS identifier cannot be added, the RADIUS access request is still processed. This parameter is only relevant if the radiussendnasid parameter is enabled. | |
radiussendvendorspec | b | 0 - Disabled 1 - Enabled | If this parameter is disabled (default), an Attribute Value Pair (AVP) is not send to the RADIUS server. If it is enabled, an Attribute Value Pair in the RADIUS request sent to the server doing the authentication against the user trying to log in to the LoadMaster UI. |
radiussecret | S |
| Specifies the password (secret) to the RADIUS server. |
radiusserver | A |
| Specifies the RADIUS server to use for authentication. Note: IPv6 is not supported for RADIUS authentication. |
sessionlocalauth | B |
| Enables or disables local authentication. |
sessionauthmode | I | Refer to the table below. | Specifies the authentication mode for the load balancer.
|
The following table describes the RADIUS, LDAP and Local user options that are selected depending on the value given to the sessionauthmode parameter
\n\n
| Radius | LDAP | Local | ||
Value | Authent. | Author. | Authent. | Authent. | Author. |
7 | No | No | No | No | No |
263 | Yes | No | No | Yes | Yes |
775 | Yes | Yes | No | Yes | Yes |
23 | No | No | Yes | Yes | Yes |
22 | No | No | Yes | No | Yes |
788 | Yes | Yes | Yes | No | No |
790 | Yes | Yes | Yes | No | Yes |
791 | Yes | Yes | Yes | Yes | Yes |
789 | Yes | Yes | Yes | Yes | No |
773 | Yes | Yes | No | Yes | No |
262 | Yes | No | No | No | Yes |
774 | Yes | Yes | No | No | Yes |
772 | Yes | Yes | No | No | No |
278 | Yes | No | Yes | No | No |
279 | Yes | No | Yes | Yes | Yes |
This secret must have a minimum of 8 and a maximum of 127 characters. The following characters are supported:
\n- \n
- Numeric: 0-9 \n
- Uppercase alphabetic: A-Z \n
- Lowercase alphabetic: a-z \n
- Special characters: !\"#$%&()*+,-./:;<=>?[\\~]^_@`{|} \n
The Partner Shared Secret is required to secure communications between partner devices and must be enabled on all High Availability (HA) partners, all LoadMasters in a cluster, and all GEO partners. The Partner Shared Secret must be the same on:
\n- \n
- Both units in a HA setup \n
- All units in a LoadMaster cluster \n
- All remote GEO machines that retrieve Virtual Services from this device \n
When an incoming shared secret does not match the local Partner Shared Secret (including if only one side is providing a shared secret), a warn-level log message is recorded that says Unauthorized Remote Machine connection from and the connection fails.
\n","_postman_id":"918f5135-a31d-417b-bc3e-d03d76a1d09e"}],"id":"8ad68425-e090-479f-a2e4-8d27f2d42564","description":"Parameters relating to Remote Access that can be managed using get and set commands are detailed in the following table. Refer to the Using get and set commands section for details on the get and set commands.
\nName | Type | Range | Additional Information |
admingw | A |
| When administering the LoadMaster from a non-default interface, this option allows the user to specify a different default gateway for administrative traffic only. To unset this, set the value to an empty string. |
enableapi | B | no (or 0) – Disabled yes - Enabled | Enables and disables the RESTful API Interface described in this document. To enable the API, you must send a GET command along with \"param\": \"enableapi\", \"value\": \"yes\" – in that order. (The value 1 is not supported and returns an error.) |
eccerts | I | 0 - RSA self-signed certs 1 - EC certs with a RSA signature 2 - EC certs with an EC signature | Specify the type of self-signed certificates that the system will use. The options are described below:
You should not switch from RSA self-signed certs to EC certs with an EC signature directly. If you do this, connections will fail because there is no EC Progress Kemp Certificate Authority (CA) certificate. To work around this, you must first switch from RSA self-signed certs to EC certs with a RSA signature. Then, download the new EC Progress Kemp CA certificate by clicking Download ECC Root Cert in the bottom-right of the WUI under the main menu after refreshing the page. After you have downloaded the certificate, you can switch to EC certs with an EC signature with no loss of connection. |
outboundcipherset | S | The valid values are below: Default Default_NoRc4 BestPractices Intermediate_compatibility Backward_compatibility WUI FIPS Legacy Null_Ciphers ECDSA_Default ECDSA_BestPractices - This resets to the default value (None - Outbound Default). | Specify the cipher set to use on outbound connections (OCSP, email, LDAP, and so on). This is global for all outbound connections. For information on each of the cipher sets available, refer to the SSL Accelerated Services Feature Description. Re-encrypt connections are not affected by the outbound cipher set. |
adminclientaccess | I | 0 – Password only access (default) 1 – Password or client certificate 2 – Client certificate required 3 – Client certificate required (verify via OCSP) | This parameter is only relevant if Session Management is enabled. |
allownolocaluserclientcert | B | 0 – Disabled 1 – Enabled | Enabling this parameter allows client certificate logins for local users even if the client certificate has been deleted from the LoadMaster. By default, this option is disabled. Legacy local certificate login is not secure. Only enable this option if necessary. Note: When enabling this option, a confirmation warning appears. Note: In the LTSF version, this parameter is enabled by default. |
tethering | B | 0 – Disabled 1 – Enabled | Enable or disable the Kemp Analytics feature that enables statistical and usage data to be sent to Progress Kemp for analysis. This data is strictly about product usage, enhanced capabilities, and statistics. No sensitive user data or traffic of any kind is either collected or communicated. For more information, visithttps://kemp.ax/KempAnalytics. |
geoclients | A |
| Set the addresses of the GEO LoadMasters that can retrieve service status information from the LoadMaster. Multiple GEO LoadMasters addresses can be specified using a comma-separated list. To unset this, set the value to an empty string. |
geosshport | I | 3-65530 | The port over which GEO LoadMasters will communicate with each other. |
sshaccess | B |
| Specify over which addresses remote administrative SSH access to the LoadMaster is allowed. |
sshiface | S |
| Specify the addresses over which remote administrative SSH access to the LoadMaster is allowed. |
sshport | I | 3-65530 | Specify the port used to access the LoadMaster using the SSH protocol. |
wuiaccess | B |
| Enables or disables WUI access. |
wuiiface | I |
| Specifies the interface for WUI. |
wuiport | I |
| Specifies the port to access the WUI. This has a default value of 443. |
geopartners | A |
| Set the IP address of the GEO LoadMaster partner(s). These GEO LoadMasters will keep their DNS configurations in sync. To unset this, set the value to an empty string. Note: Before partnering GEO LoadMasters, a backup should be taken of the relevant GEO LoadMaster that has the correct/preferred configuration. This backup should then be restored to the other LoadMasters that will be partnered with the original LoadMaster. For more information and step-by-step instructions, refer to the GEO, Feature Description. |
multihomedwui | B |
| Allow WUI access from multiple interfaces. Apart from the main administrative interface, each interface can then be enabled to allow WUI access. |
apiport | l | Specify the port used to access the API interface. If the port is unset, you can access the API over the web interface port. Some things to note are as follows: - If you try to use the API on a port other than one on which its running, the LoadMaster returns a HTML 404 (not found) response. - If you try to use the WUI on the port configured specifically for the API, an unreadable page and/or 404 response is displayed (depending on the browser used). - You can set the apiport value to an empty string which will unset the value. If the API port is not set, the WUI port is used. | |
SSHPreAuth | S | Up to 5,000 characters | Set the SSH pre-authentication banner, which is displayed before the login prompt when logging in using SSH. Space characters should be escaped by entering . This field accepts up to 5,000 characters. Anything past the 5,000 character limit will not be displayed. |
geo_ssh_iface | I |
| Specify the ID of the GEO interface in which the SSH partner tunnel is created, for example setting this to 0 means the interface eth0. This is the interface that the GEO partners will communicate through. |
Parameters relating to Admin WUI Access that can be managed using get and set commands are detailed in the following table. Refer to the Using get and set commands section for details on the get and set commands.
\nName | Type | Range | Description |
wuicipherset | S | The valid values are below: Default Default_NoRc4 BestPractices Intermediate_compatibility Backward_compatibility WUI FIPS Legacy Null_Ciphers ECDSA_Default ECDSA_BestPractices | Specify the cipher set to use for the LoadMaster UI. |
WUITLS13Ciphersets | S | All TLS1.3 available cipher sets | Specify which TLS1.3 cipher sets to use for UI access. Multiple ciphers can be specified using a space or comma separated list. Also, setting this parameter value to an empty string will select the default value (that is, a combination of ciphers TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, and TLS_AES_128_GCM_SHA256). The list of supported TLS1.3 Ciphers is as follows: - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - TLS_AES_128_GCM_SHA256 - TLS_AES_128_CCM_8_SHA256 - TLS_AES_128_CCM_SHA256 |
WUICACertList | S | When assigning multiple certificates for UI authentication, the certificates must be specified in a single space-separated list. | |
sessioncontrol | B |
| Enables or disables session control. |
sessionbasicauth | B | 0 – Disabled 1 – Enabled | If the sessioncontrol and sessionbasicauth parameters are both enabled, there are two levels of authentication enforced to access the LoadMaster UI. The initial level is Basic Authentication where users log in using the bal or user logins, which are default usernames defined by the system. |
sessionidletime | I | 60-86400 | Specifies the number of seconds that the UI can be idle before logging the user out. This can be set from 60 to 86400 seconds. |
sessionmaxfailattempts | I | 1-999 | Number of failed attempts before locking the user account. |
sessionconcurrent | S | 0-9 | Limit the maximum number of concurrent logins that a single user can have to the LoadMaster UI (a value of 0 means there is no limit). |
WUIPreAuth | S | Up to 5,000 characters | Set the pre-authentication click through banner which will be displayed before the LoadMaster login page. This parameter can contain plain text or HTML code. The field cannot contain JavaScript. This field accepts up to 5,000 characters. Anything past the 5,000 character limit will not be displayed. |
WUITLSProtocols | I | 0 – 30 bitmask | Specify whether or not it is possible to connect to the LoadMaster UI using the following protocols; SSLv3, TLS1.0, TLS1.1, TLS1.2, or TLS1.3. The protocols can be enabled and disabled using a bitmask value. Refer to the following table to find out which number corresponds to which settings. |
Note: To add line breaks to the WUIPreAuth message, use HTML code, such as the following tags:
\ncURL responses do not show HTML code as it would be shown in the WUI, for example,
appears as:
Number | SSLv3 | TLS1.0 | TLS1.1 | TLS1.2 | TLS1.3 |
0 | Enabled | Enabled | Enabled | Enabled | Enabled |
1 | Disabled | Enabled | Enabled | Enabled | Enabled |
2 | Enabled | Disabled | Enabled | Enabled | Enabled |
3 | Disabled | Disabled | Enabled | Enabled | Enabled |
4 | Enabled | Enabled | Disabled | Enabled | Enabled |
5 | Disabled | Enabled | Disabled | Enabled | Enabled |
6 | Enabled | Disabled | Disabled | Enabled | Enabled |
7 | Disabled | Disabled | Disabled | Enabled | Enabled |
8 | Enabled | Enabled | Enabled | Disabled | Enabled |
9 | Disabled | Enabled | Enabled | Disabled | Enabled |
10 | Enabled | Disabled | Enabled | Disabled | Enabled |
11 | Disabled | Disabled | Enabled | Disabled | Enabled |
12 | Enabled | Enabled | Disabled | Disabled | Enabled |
13 | Disabled | Enabled | Disabled | Disabled | Enabled |
14 | Enabled | Disabled | Disabled | Disabled | Enabled |
15 | Disabled | Disabled | Disabled | Disabled | Enabled |
16 | Enabled | Enabled | Enabled | Enabled | Disabled |
17 | Disabled | Enabled | Enabled | Enabled | Disabled |
18 | Enabled | Disabled | Enabled | Enabled | Disabled |
19 | Disabled | Disabled | Enabled | Enabled | Disabled |
20 | Enabled | Enabled | Disabled | Enabled | Disabled |
21 | Disabled | Enabled | Disabled | Enabled | Disabled |
22 | Enabled | Disabled | Disabled | Enabled | Disabled |
23 | Disabled | Disabled | Disabled | Enabled | Disabled |
24 | Enabled | Enabled | Enabled | Disabled | Disabled |
25 | Disabled | Enabled | Enabled | Disabled | Disabled |
26 | Enabled | Disabled | Enabled | Disabled | Disabled |
27 | Disabled | Disabled | Enabled | Disabled | Disabled |
28 | Enabled | Enabled | Disabled | Disabled | Disabled |
29 | Disabled | Enabled | Disabled | Disabled | Disabled |
30 | Enabled | Disabled | Disabled | Disabled | Disabled |
Parameters relating to the Online Certificate Status Protocol (OCSP) configuration that can be managed using get and set commands are detailed in the table below. Refer to the Using get and set commands section for details on the get and set commands.
\nName | Type | Additional Information |
OCSPPort | I | The port of the OCSP server. |
OCSPUseSSL | B | Use SSL to connect to the OCSP server. |
OCSPOnServerFail | B | Treat an OCSP server connection failure or timeout as if the OCSP server had returned a valid response, that is, treat the client certificate as valid. |
OCSPServer | A | The address of the OCSP server. This can either be in IP address or Fully Qualified Domain Name (FQDN) format. |
OCSPUrl | S | The URL to access on the OCSP server. |
| OCSPcertChecking | B | Enabling the OCSPcertChecking parameter enables the LoadMaster to perform OCSP checks on certain outbound connections. This is disabled by default. |
SSLStapling | B | Enable this parameter to enable the LoadMaster to respond to OCSP stapling requests. If a client connects using SSL and asks for an OCSP response, this is returned. Only Virtual Service certificates are validated. The system holds a cache of OCSP responses that are sent back to the client. This cache is maintained by the OCSP daemon. When the OCSP daemon sends a request to the server, it uses the name specified in the certificate (in the Authority Information Access field). If it cannot resolve this name, then it uses the default OCSP server specified in the OCSPServer parameter. |
SSLRefreshInterval | I | Specify how often the LoadMaster should refresh the OCSP stapling information. The OCSP daemon caches the entry for up to the amount of time specified here, after which it is refreshed. Valid values range from 3600 (1 hour (default)) to 86400 seconds (24 hours). |
To retrieve the details of all existing LDAP endpoints, run the showldaplist command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","showldaplist"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"3388d377-d893-4643-9b47-801566a9531b","name":"Retrieve the Details of All LDAP Endpoints","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showldaplist"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 12 Aug 2024 04:44:22 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nAdd a new LDAP endpoint by running the addldapendpoint command.
\n\n\nThe name cannot contain any spaces or special characters, for example:
\n
!@#$%^^&*()+={}[]|\\:;\"'<>?/
You can also specify the following optional parameters when running the addldapendpoint command. If you do not specify these parameters – default values are used.
\nName | Type | Description | Additional Information |
ldaptype | I | Specify the transport protocol to use when communicating with the LDAP server. | 0 – Unencrypted (default) 1 – StartTLS 2 – LDAPS |
server | S | Specify the address, or addresses, of the LDAP server to be used. | You can also specify a port number, if desired. Separate multiple addresses with a space. |
vinterval | I | Specify how often to revalidate the user the with the LDAP server. | Range: 10 – 86400 seconds Default: 60 |
referralcount | I | The LoadMaster offers beta functionality to support LDAP referral replies from Active Directory Domain Controllers. If this is set to 0, referral support is not enabled. Set this field to a value between 1 and 10 to enable referral chasing. The number specified will limit the number of hops (referrals chased). | Multiple hops may increase authentication latency. There is a performance impact that depends on the number and depth of referrals required in your configuration. You must have intimate knowledge of your Active Directory structure to set the referral limit appropriately. The same credentials are used for all lookups, and so on. The use of Active Directory Global Catalog (GC) is the preferred configuration as the primary means of resolution instead of enabling LDAP referral chasing. A GC query can be used to query the GC cache instead of relying on LDAP and the referral process. Using Active Directory GC has little or no performance drag on the LoadMaster. For steps on how to add/remove the GC, refer to the following TechNet article: https://technet.microsoft.com/en-us/library/cc755257(v=ws.11).aspx |
| timeout | I | Specify the LDAP server timeout in seconds. | The default value is 5. Valid values range from 5 to 60. |
adminuser | S | Specify the username of an administrator user. | The username that is used to check the LDAP server. |
adminpass | S | Specify the password for the specified administrator user. | The password that is used to check the LDAP server. |
Modify an existing LDAP endpoint by running the modifyldapendpoint command.
\nName | Type | Description | Additional Information |
ldaptype | I | Specify the transport protocol to use when communicating with the LDAP server. | 0 – Unencrypted (default) 1 – StartTLS 2 – LDAPS |
server | S | Specify the address, or addresses, of the LDAP server to be used. | You can also specify a port number, if desired. Separate multiple addresses with a space. |
vinterval | I | Specify how often to revalidate the user the with the LDAP server. | Range: 10 – 86400 seconds Default: 60 |
referralcount | I | The LoadMaster offers beta functionality to support LDAP referral replies from Active Directory Domain Controllers. If this is set to 0, referral support is not enabled. Set this field to a value between 1 and 10 to enable referral chasing. The number specified will limit the number of hops (referrals chased). | Multiple hops may increase authentication latency. There is a performance impact that depends on the number and depth of referrals required in your configuration. You must have intimate knowledge of your Active Directory structure to set the referral limit appropriately. The same credentials are used for all lookups, and so on. The use of Active Directory Global Catalog (GC) is the preferred configuration as the primary means of resolution instead of enabling LDAP referral chasing. A GC query can be used to query the GC cache instead of relying on LDAP and the referral process. Using Active Directory GC has little or no performance drag on the LoadMaster. For steps on how to add/remove the GC, refer to the following TechNet article: https://technet.microsoft.com/en-us/library/cc755257(v=ws.11).aspx |
| timeout | I | Specify the LDAP server timeout in seconds. | The default value is 5. Valid values range from 5 to 60. |
adminuser | S | Specify the username of an administrator user. | The username that is used to check the LDAP server. |
adminpass | S | Specify the password for the specified administrator user. | The password that is used to check the LDAP server. |
To retrieve the details of a specific LDAP endpoint, run the showldapendpoint command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","showldapendpoint"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"ExampleEndpoint"}],"variable":[]}},"response":[{"id":"a721b67b-dd5c-45cc-9d56-45ce85350721","name":"Retrieve Details of a Specific LDAP Endpoint","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showldapendpoint?name=ExampleEndpoint","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","showldapendpoint"],"query":[{"key":"name","value":"ExampleEndpoint"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 12 Aug 2024 04:45:29 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nDelete an existing LDAP endpoint by running the deleteldapendpoint command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","deleteldapendpoint"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"ExampleEndpoint"}],"variable":[]}},"response":[{"id":"20a3bf11-6e29-4bdd-aa4d-42636e00abb6","name":"Delete an LDAP Endpoint","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/deleteldapendpoint?name=ExampleEndpoint","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","deleteldapendpoint"],"query":[{"key":"name","value":"ExampleEndpoint"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 12 Aug 2024 05:19:00 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nIt is not possible to delete an LDAP endpoint that is currently in use.
\n
Refer to the sections below for details about the different RESTful API commands relating to LDAP endpoint configuration.
\n","_postman_id":"193d03e1-7948-4715-93f5-cc1163326ae8"},{"name":"Intrusion Detection Options (IPS/IDS)","item":[{"name":"Update the Intrusion Detection Rules","id":"07dfb784-f730-4e67-80a0-084a637bb223","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/ExampleFiles/community-rules(1).tar.gz"}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/updatedetect","description":"The Intrusion Detection Rules can be updated using the updatedetect command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","updatedetect"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"9535214c-3dc4-49b8-a919-cb041943f1e7","name":"Update the Intrusion Detection Rules","originalRequest":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/ExampleFiles/community-rules(1).tar.gz"}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/updatedetect"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 16 Aug 2024 10:52:58 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can retrieve or modify the Detection Level using the get or set commands.\nRefer to the Using get and set commands section for details on the get and set commands.
\nName | Type | Range | Description |
paranoia | I | 0 = Low 1 = Default 2 = High 3 = Paranoid | Sets the sensitivity of the Intrusion Detection System (IDS) detection. |
Refer to the section below for details on the IPS/IDS RESTful API command and parameter.
\n","_postman_id":"203c9244-efad-49c1-bf45-398e4cb8b93c"}],"id":"0f395bf4-b3bf-45bc-b06c-c27fc229ea19","description":"The following sections provide details on the RESTful API commands and parameters relating to the Certificates & Security section of the LoadMaster.
\n","_postman_id":"0f395bf4-b3bf-45bc-b06c-c27fc229ea19"},{"name":"Web Application Firewall","item":[{"name":"Access Settings","item":[{"name":"Enable Automatic Commercial Rule File Updates","id":"86d88543-adf6-4170-82e3-40bfc3119f83","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setwafautoupdate?enable=1","description":"The setwafautoupdate command allows you to enable the automatic downloading of updates to commercial WAF rule files. When this option is enabled, updated rules are downloaded on a daily basis from Progress Kemp. The default installation time for these rule updates is 4am. The time at which the installation of these rule file updates can be set by running the SetWafInstallTime command. For more information, refer to the Set the Time of the Automatic Commercial Rule File Installation section.
\nYou can see what this is currently set to by running the GetWafSettings command. For more information, refer to the following section:
\nDisplay the Commercial WAF Rule Settings
\nRelated UI Item
\nWeb Application Firewall > Access Settings
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","setwafautoupdate"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"enable","value":"1"}],"variable":[]}},"response":[{"id":"8bf6866a-046d-47de-b589-11441ba33107","name":"Enable Automatic Commercial Rule File Updates","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setwafautoupdate?enable=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","setwafautoupdate"],"query":[{"key":"enable","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 16 Aug 2024 15:25:08 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe WAF commercial rule file updates can be manually downloaded to the LoadMaster by running the downloadwafrules command. This relates to the Download Now button in the Access Settings screen in the UI.
\nRelated UI Item
\nWeb Application Firewall > Access Settings
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","downloadwafrules"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"cfd5c74f-bc95-46b8-bb24-10270b1b8c8e","name":"Download WAF Commercial Rule File Updates Now","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/downloadwafrules"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 16 Aug 2024 15:25:42 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nIf there are no updates because the latest rules have already been downloaded, a message will be displayed which says No updates available.
\n
Automatic installation of updated commercial rule files can be enabled/disabled by running the following command.
\nRelated WUI Item
\nWeb Application Firewall > Access Settings
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","setwafautoinstall"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"enable","value":"0"}],"variable":[]}},"response":[{"id":"44610dba-8b7b-4877-a007-fddc0ef52a0b","name":"Enable/Disable Automatic Installation of Commercial Rule File Updates","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setwafautoinstall?enable=0","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","setwafautoinstall"],"query":[{"key":"enable","value":"0"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 16 Aug 2024 15:28:29 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe time of day of the automatic commercial rule file installation can be set by running the following command. This relates to the When to Install drop-down menu in the Access Settings screen in the WUI.
\nRelated WUI Items
\nWeb Application Firewall > Access Settings
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","setwafinstalltime"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"hour","value":"13"}],"variable":[]}},"response":[{"id":"bfec383d-74c9-4bfa-9f43-1bb83c94dc83","name":"Set the Time of the Automatic Commercial Rule File Installation","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setwafinstalltime?hour=13","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","setwafinstalltime"],"query":[{"key":"hour","value":"13"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 16 Aug 2024 15:28:57 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nA log of the changes which have been made to the Progress Kemp WAF rule set can be downloaded by running the following command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","getwafchangelog"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"1e608cd9-1446-4c76-86ce-f1998e7aea2a","name":"Display the WAF Rule Change Log","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/getwafchangelog"},"status":"Internal Server Error","code":500,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 16 Aug 2024 15:29:25 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe commercial rule files can be manually installed by running the following command. This relates to the Install Now button in the Access Settings screen in the WUI.
\nRelated WUI Item
\nWeb Application Firewall > Access Settings
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","maninstallwafrules"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"dbb33cb8-87a8-409c-9052-23b96f7f2916","name":"Manually Install Commercial Rule Files","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/maninstallwafrules"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 19 Aug 2024 15:26:18 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe commands in this section are all related to commercial rule files.
\n","_postman_id":"012fc862-aaa7-4179-9f7a-056fc5062770"},{"name":"Export Logs","item":[{"name":"Set the WAF Logging Format","id":"95d81b0d-9328-4d92-bac2-256b67c959d1","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setwaflogformat?logformat=json","description":"Set the WAF logging format by using the setwaflogformat command.
\nValid values for the logformat parameter are:
\n- \n
- native \n
- json \n
- splunk \n
\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","setwaflogformat"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"logformat","value":"json"}],"variable":[]}},"response":[{"id":"ab8056ec-6fd9-47cc-b9f9-7040a4506bef","name":"Set the WAF Logging Format","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setwaflogformat?logformat=json","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","setwaflogformat"],"query":[{"key":"logformat","value":"json"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 16 Aug 2024 15:38:44 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo enable Splunk as the logformat, run the enablewafremotelogging command first, followed by the setwaflogformat command.
\n
WAF remote logging can be disabled by running the disablewafremotelogging command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","disablewafremotelogging"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"db00ee84-d972-4910-a930-dc3a1105c9e4","name":"Disable Remote Logging","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/disablewafremotelogging"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 16 Aug 2024 15:39:15 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"mlogc","value":"no process found"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nWAF remote logging can be enabled by running the enablewafremotelogging command.
\nTo enable remote logging when using Splunk as the logging format, specify any random string as the username and the Splunk token as in the passwd.
\nDo not use SPLUNK as the username if you are using a logging format other than Splunk.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","enablewafremotelogging"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"remoteuri","value":"https://Example.com"},{"key":"username","value":"ExampleRemoteUser"},{"key":"passwd","value":"ExampleRemotePassword"}],"variable":[]}},"response":[{"id":"5f780350-b99d-4d59-acde-cc594c6f61e9","name":"Enable Remote Logging","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/enablewafremotelogging?remoteuri=https://Example.com&username=ExampleRemoteUser&passwd=ExampleRemotePassword","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","enablewafremotelogging"],"query":[{"key":"remoteuri","value":"https://Example.com"},{"key":"username","value":"ExampleRemoteUser"},{"key":"passwd","value":"ExampleRemotePassword"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 16 Aug 2024 15:40:05 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe commands in this section relate to the WAF remote logging feature which allows the WAF audit logs to be sent to a central log repository.
\n","_postman_id":"aa7c1e2b-e3c1-4896-ac45-bf89d48d8e30"},{"name":"Custom Rules","item":[{"name":"Upload a Custom Rule File","id":"263ce42a-5e0c-4489-adaa-d704570c5673","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/ExampleFiles/modsecurity_crs_42_tight_security.conf"}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addwafcustomrule?filename=known","description":"You can upload a WAF custom rule file by running the addwafcustomrule command.
\n\n\nIf a command requires binary data (file uploads), this data must be passed in the \"data\" string and be base64-encoded.
\n
This relates to the Custom Rules section in the WAF Settings screen in the LoadMaster UI.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addwafcustomrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"filename","value":"known"}],"variable":[]}},"response":[{"id":"f54a208e-dd83-465f-b119-9ba92730c170","name":"Upload a Custom Rule File","originalRequest":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/ExampleFiles/modsecurity_crs_42_tight_security.conf"}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addwafcustomrule?filename=known","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addwafcustomrule"],"query":[{"key":"filename","value":"known"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 19 Aug 2024 15:21:10 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nIn addition to uploading individual custom rule files, you can also upload custom rule sets (.tar.gz files).
\n\n\nIf a command requires binary data (file uploads), this data must be passed in the \"data\" string and be base64-encoded.
\n
This relates to the Custom Rules section in the WAF Settings screen in the LoadMaster UI.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addwafcustomrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"filename","value":"SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz"}],"variable":[]}},"response":[{"id":"6902b93d-08d9-441b-8bc1-84755120cb05","name":"Upload a Custom Rule Set","originalRequest":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/ExampleFiles/SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz"}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addwafcustomrule?filename=SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addwafcustomrule"],"query":[{"key":"filename","value":"SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 19 Aug 2024 15:22:21 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can delete a custom rule by running the delwafcustomrule command.
\n\n\nThis does not delete the associated data file.
\n
Related UI Item
\nWeb Application Firewall > Custom Rules > Delete
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delwafcustomrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"filename","value":"modsecurity_crs_11_brute_force"}],"variable":[]}},"response":[{"id":"20ace37b-e749-430a-942d-b65d55f310ce","name":"Delete a Custom Rule File","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delwafcustomrule?filename=modsecurity_crs_11_brute_force","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delwafcustomrule"],"query":[{"key":"filename","value":"modsecurity_crs_11_brute_force"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 19 Aug 2024 15:22:53 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can download a custom rule file cto your local machine by running the downloadwafcustomrule command.
\nIf you run this command using cURL the file will be downloaded to your working directory in Linux.
\nRelated UI Item
\nWeb Application Firewall > Custom Rules > WAF Custom Rule Data > Download
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","downloadwafcustomrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"filename","value":"modsecurity_crs_11_dos_protection"}],"variable":[]}},"response":[{"id":"606b19a7-1f73-4701-8a2e-c106c12673f6","name":"Download a Custom Rule File","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/downloadwafcustomrule?filename=modsecurity_crs_11_dos_protection","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","downloadwafcustomrule"],"query":[{"key":"filename","value":"modsecurity_crs_11_dos_protection"}]}},"status":"OK","code":200,"_postman_previewlanguage":"raw","header":[{"key":"Date","value":"Mon, 19 Aug 2024 15:23:13 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"application/octet-stream"},{"key":"Content-Disposition","value":"inline; filename=\"modsecurity_crs_11_dos_protection.conf\""}],"cookie":[],"responseTime":null,"body":"#\n# Anti-Automation rule set for detecting Denial of Service Attacks. \n#\n\nRule details would appear here"}],"_postman_id":"eafe8e8b-0546-411d-9d0c-e8d05ece6818"},{"name":"Upload a Custom Rule Data File","id":"3989cc2e-5b5e-4679-9f66-19233e0277d6","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"file","file":{"src":"/C:/ExampleFiles/owasp_cust.data"}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addwafcustomdata?filename=owasp_cust.data","description":"You can upload a custom rule data file by running a cURL command with the addwafcustomdata command.
\n\n\nIf a command requires binary data (file uploads), this data must be passed in the \"data\" string and be base64-encoded.
\n
This relates to the Custom Rules section in the WAF Settings screen in the LoadMaster UI.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addwafcustomdata"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"filename","value":"owasp_cust.data"}],"variable":[]}},"response":[{"id":"584d41b5-9dbe-49fc-b339-8b38073d61db","name":"Upload a Custom Rule Data File","originalRequest":{"method":"GET","header":[],"body":{"mode":"file","file":{"src":"/C:/ExampleFiles/owasp_cust.data"}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addwafcustomdata?filename=owasp_cust.data","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addwafcustomdata"],"query":[{"key":"filename","value":"owasp_cust.data"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 19 Aug 2024 15:24:18 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can delete a custom rule data file by running the delwafcustomdata command.
\nRelated UI Item
\nWeb Application Firewall > Custom Rules > WAF Custom Rule Data > Delete
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delwafcustomdata"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"filename","value":"modsecurity_35_bad_robots.data"}],"variable":[]}},"response":[{"id":"5cdf0cc8-b47e-4658-903b-bc6680e684c9","name":"Delete a Custom Rule Data File","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delwafcustomdata?filename=modsecurity_35_bad_robots.data","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delwafcustomdata"],"query":[{"key":"filename","value":"modsecurity_35_bad_robots.data"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 19 Aug 2024 15:24:41 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can download a custom rule data file by running the downloadwafcustomdata command.
\nRelated UI Item
\nWeb Application Firewall > Custom Rules > WAF Custom Rule Data > Download
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","downloadwafcustomdata"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"filename","value":"modsecurity_46_slr_et_sqli.data"}],"variable":[]}},"response":[{"id":"fcac00f1-8521-4830-97e6-34b785858e40","name":"Download a Custom Rule Data File","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/downloadwafcustomdata?filename=modsecurity_46_slr_et_sqli.data","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","downloadwafcustomdata"],"query":[{"key":"filename","value":"modsecurity_46_slr_et_sqli.data"}]}},"status":"OK","code":200,"_postman_previewlanguage":"raw","header":[{"key":"Date","value":"Mon, 19 Aug 2024 15:25:13 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"application/octet-stream"},{"key":"Content-Disposition","value":"inline; filename=\"modsecurity_46_slr_et_sqli.data\""}],"cookie":[],"responseTime":null,"body":"Data file contents would appear here"}],"_postman_id":"350b930c-ba85-49a5-a246-9016d8831e2c"}],"id":"f12e37f7-41fc-4a00-b3f3-055ae73bd814","description":"The commands in this section are all related to custom rules.
\n","_postman_id":"f12e37f7-41fc-4a00-b3f3-055ae73bd814"}],"id":"fff71c13-d12b-450a-882e-3e9e77713626","description":"Refer to the following sections for details on the LoadMaster RESTful API commands relating to the Web Application Firewall.
\n","_postman_id":"fff71c13-d12b-450a-882e-3e9e77713626"},{"name":"Interfaces","item":[{"name":"Get/Modify Interface Details","item":[{"name":"Get Interface Details","id":"779b8dc5-a3b5-4782-96e7-0ff629129794","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showiface?interface=0","description":"Get the interface details by using the showiface command.
\nTo view the interface ID for each of the interfaces, run the stats command. The interface IDs are displayed as the ifaceID in the output. For further information on the stats command, refer to the Statistics section.
Running the showiface command without using the interface parameter displays details for all existing interfaces.
You can modify interface parameters using the modiface command.
\n\n\nOnly one parameter can be changed on each call. The parameters are checked in the order below.
\n
Name | Type | Description | Additional Information |
interface | I | The number of the interface to modify | To view the interface ID for each of the interfaces, run the stats command. The interface IDs are displayed as the ifaceID in the output. For further information on the stats command, refer to the Statistics section. |
addr | S | IP address | Specify the internet address of this interface. |
mtu | I | MTU size Range: 512-9216 | Change the maximum size of the Ethernet frame that will be sent from this interface. |
hacheck | B | 0 – Not used for HA/cluster checks 1 – Used for HA/cluster checks | This parameter is only relevant in a HA/cluster configuration. Specify whether or not to use this interface for HA/cluster checks. The default interface used for checking is eth0. When this option is enabled for an interface, you are prevented from disabling it on that interface. To switch to another interface, specify hacheck=yes/1 for a different interface. You cannot disable this parameter by specifying hacheck=no/0. |
clupdate | B | Use this interface for cluster synchronization operations. | There must be exactly one interface that is configured for cluster updates. The default interface used for updates is eth0. When this option is enabled for an interface, you are prevented from disabling it on that interface. To switch to another interface, specify clupdate=yes/1 for a different interface. You cannot disable this parameter by specifying clupdate=no/0. |
gwiface | B | Use this interface as the default gateway 0 - Disabled 1 - Enabled | Specifies if this is a network gateway interface. If enabling this option, you must then set the dfltgw parameter to an empty string. |
bondmode | I | 1 = active-backup 4 = 802.3ad | The bondmode determines the way in which traffic sent out of the bonded interface is actually dispersed over the real interfaces. |
partner | A | IP address of the partner machine (HA only) | This parameter is only relevant for LoadMasters in HA mode |
shared | A | IP address of the shared address (HA only) | This parameter is only relevant for LoadMasters in HA mode |
adminwuienable | B | This option can only be set to yes (1) if the multihomedwui parameter is set to yes. | When both of the adminwuienable and multihomedwui parameters are enabled, the WUI can be accessed from the IP address of the relevant interface, and any Additional addresses set up for that interface. Refer to the Remote Access section for further information on the multihomedwui parameter. |
geotraffic | B | 0 – Do not use for GEO requests and responses 1 – Use for GEO requests and responses | Specify whether or not to use this interface for GEO responses and requests. |
This section provides commands relating to retrieving and modifying interface details.
\n","_postman_id":"667d4509-93b4-4d08-8bf7-d299ea67e0bb"},{"name":"Additional Addresses","item":[{"name":"Add an Additional Address","id":"e7147cf6-58ea-4da7-9a68-cc22eccc62f6","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addadditional?interface=0&addr=InsertAdditionalAddress/Prefix","description":"You can add an additional address to an interface by using the addadditional command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addadditional"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"interface","value":"0"},{"key":"addr","value":"InsertAdditionalAddress/Prefix"}],"variable":[]}},"response":[{"id":"e8523c89-4132-49ef-86d8-facd73efaca9","name":"Add an Additional Address","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addadditional?interface=0&addr=InsertAdditionalAddress/Prefix","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addadditional"],"query":[{"key":"interface","value":"0"},{"key":"addr","value":"InsertAdditionalAddress/Prefix"}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Date","value":"Wed, 20 Jul 2022 11:22:04 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/json"}],"cookie":[],"responseTime":null,"body":"This command may return an error even if it ran successfully. You can run the showiface command or check the User Interface (UI) to see if the additional address was added successfully."}],"_postman_id":"e7147cf6-58ea-4da7-9a68-cc22eccc62f6"},{"name":"Delete an Additional Address","id":"96837e33-10fe-4eba-94fe-1ce32a556775","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/deladditional?interface=0&addr=InsertAdditionalAddress/Prefix","description":"You can delete an additional addresses from an interface by using the deladditional command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","deladditional"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"interface","value":"0"},{"key":"addr","value":"InsertAdditionalAddress/Prefix"}],"variable":[]}},"response":[{"id":"4833c480-c2d2-4c84-b6c2-7fc55ed0c360","name":"Delete an Additional Address","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/deladditional?interface=0&addr=InsertAdditionalAddress/Prefix","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","deladditional"],"query":[{"key":"interface","value":"0"},{"key":"addr","value":"InsertAdditionalAddress/Prefix"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 05:12:25 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRefer to the sections below for commands to add and delete additional addresses.
\n","_postman_id":"7d1f417a-c7ee-4db8-b7a3-ebef47f55d61"},{"name":"Bonded Interfaces","item":[{"name":"Create a Bonded Interface","id":"20963c71-05dc-4a79-bf19-d5090c7802c1","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/createbond?interface=1","description":"You can create a bonded interface by using the createbond command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","createbond"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"interface","value":"1"}],"variable":[]}},"response":[{"id":"7633a80f-47fc-4331-ba59-12b4886805f6","name":"Create a Bonded Interface","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/createbond?interface=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","createbond"],"query":[{"key":"interface","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 08:20:06 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can add an interface to a bonded interface by using the addbond command.
\nThe interface and bond parameters are reversed - so:
\n* For the interface parameter, specify the bond value, and;\n* For the bond parameter, specify the interface value.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addbond"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"interface","value":"1"},{"key":"bond","value":"2"}],"variable":[]}},"response":[{"id":"ca73aa7a-8998-4377-9e76-a5090703e6a6","name":"Add an Interface to a Bonded Interface","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addbond?interface=1&bond=2","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addbond"],"query":[{"key":"interface","value":"1"},{"key":"bond","value":"2"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 11:56:23 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can remove an interface from a bonded interface by using the delbond command.
\nThe interface and bond parameters are reversed - so:
\n* For the interface parameter, specify the bond value, and;
* For the bond parameter, specify the interface value.
You can convert a bond back to a port by using the unbond command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","unbond"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"interface","value":"1"}],"variable":[]}},"response":[{"id":"33ccd51b-2a29-49e1-be48-1d7a09c202af","name":"Unbond an Interface","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/unbond?interface=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","unbond"],"query":[{"key":"interface","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 09:05:42 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRefer to the following sections for RESTful API commands and parameters relating to bonded interfaces.
\nTo view the interface ID for each of the interfaces, run the stats command. The interface IDs are displayed as the ifaceID in the output. For further information on the stats command, refer to the Statistics section.
The BondID is the number of the bond in the Interfaces section of the main menu in the UI. For example, bnd2 will have a BondID of 2.
You can add a new VLAN to an interface using the addvlan command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addvlan"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"interface","value":"0"},{"key":"vlanid","value":"1"}],"variable":[]}},"response":[{"id":"d2318c76-fbd3-4246-891f-bce44712e294","name":"Add a VLAN to an Interface","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addvlan?interface=0&vlanid=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addvlan"],"query":[{"key":"interface","value":"0"},{"key":"vlanid","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 09:14:24 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can remove a VLAN from an interface using the delvlan command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delvlan"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"interface","value":"2"},{"key":"vlanid","value":"1"}],"variable":[]}},"response":[{"id":"659afc1d-3686-4b74-ab62-24ff5288c5b5","name":"Remove a VLAN from an Interface","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delvlan?interface=2&vlanid=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delvlan"],"query":[{"key":"interface","value":"2"},{"key":"vlanid","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 02 Aug 2024 09:16:04 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRefer to the sections below for details on adding and deleting VLANs.
\n","_postman_id":"5bba8d3a-e0ae-43a6-9078-86280c844699"},{"name":"VXLANs","item":[{"name":"Add a VXLAN (using the group parameter)","id":"691f8a5d-f61f-442b-b0c3-5471653f208d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addvxlan?interface=1&vni=1&group=InsertIPAddress","description":"You can add a VXLAN by running the addvxlan command with the remote parameter.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addvxlan"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"interface","value":"1"},{"key":"vni","value":"1"},{"key":"group","value":"InsertIPAddress"}],"variable":[]}},"response":[{"id":"d904fa3b-6e57-482b-85a1-e24a1558eb8f","name":"Add a VXLAN (using the group parameter)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:{{vault:authorization-password}}@InsertLoadMasterIPAddress/access/addvxlan?interface=1&vni=1&group=InsertIPAddress","protocol":"https","auth":{"user":"bal","password":"{{vault:authorization-password}}"},"host":["InsertLoadMasterIPAddress"],"path":["access","addvxlan"],"query":[{"key":"interface","value":"1"},{"key":"vni","value":"1"},{"key":"group","value":"InsertIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 13:20:06 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can add a VXLAN by running the addvxlan command with the remote parameter.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addvxlan"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"interface","value":"0"},{"key":"vni","value":"2"},{"key":"remote","value":"InsertRemoteIPAddress"}],"variable":[]}},"response":[{"id":"122421ce-aab5-4aba-b3a9-67a0507f6e33","name":"Add a VXLAN (using the remote parameter)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addvxlan?interface=0&vni=2&remote=InsertRemoteIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addvxlan"],"query":[{"key":"interface","value":"0"},{"key":"vni","value":"2"},{"key":"remote","value":"InsertRemoteIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 15:37:37 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo modify VXLAN details (for example set the IP address) use the modiface command.
\nOnly one parameter can be changed on each call. The parameters are checked in the order outlined in the Modify Interface Details section.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modiface"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"interface","value":"1"},{"key":"mtu","value":"9216"}],"variable":[]}},"response":[{"id":"af7c6d9f-c98e-422c-9c2e-89b6b174207f","name":"Modify a VXLAN","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modiface?interface=1&mtu=9216","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modiface"],"query":[{"key":"interface","value":"1"},{"key":"mtu","value":"9216"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 15:39:41 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"SIOCSIFMTU","value":"Invalid argument"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo retrieve VXLAN details, use the showiface command.
\nTo view the interface ID for each of the interfaces, run the stats command. The interface IDs are displayed as the ifaceID in the output. For further information on the stats command, refer to the Statistics section.
Running the showiface command without using the interface parameter displays details for all existing interfaces.
You can delete a VXLAN by running the delvxlan command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delvxlan"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"interface","value":"2"}],"variable":[]}},"response":[{"id":"c91f0f1e-536d-4cae-a800-51b830e6179c","name":"Delete a VXLAN","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delvxlan?interface=2","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delvxlan"],"query":[{"key":"interface","value":"2"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 09 Aug 2024 15:41:58 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRefer to the following sections for details on the RESTful API commands relating to VXLANs.
\n","_postman_id":"0686c59d-e594-4d9a-88d0-e0042792d1ef"}],"id":"baa66ebf-3d15-49a3-9a04-7f59410ac3de","description":"Refer to the sections below for details on the RESTful API commands and parameters relating to interfaces.
\n","_postman_id":"baa66ebf-3d15-49a3-9a04-7f59410ac3de"},{"name":"Host & DNS Configuration","item":[{"name":"Host & DNS Configuration Parameters","item":[],"id":"217c13c1-ff12-414f-aaac-bcd56d2f23aa","description":"Some parameters relating to Host & DNS Configuration can be managed using the get and set commands. Refer to the Using get and set commands section for details about the get and set commands.
\nName | Type | Additional Information |
Hostname | S | Set the hostname of the local machine. |
ha1hostname | S | Set the hostname for the active LoadMaster |
ha2hostname | S | Set the hostname for the standby LoadMaster |
namserver | A | The IP address of a DNS server which is to be used to resolve names locally on the LoadMaster. Setting this parameter to an empty string will delete the name servers. The last remaining name server cannot be deleted if the dnssecclient parameter is enabled. This parameter has been deprecated and replaced with the nameserver parameter. |
nameserver | A | The IP address of a DNS server to resolve names locally on the LoadMaster. Setting this parameter to an empty string will delete the name servers. The last remaining name server cannot be deleted if the dnssecclient parameter is enabled. |
searchlist | S | Specify the domain name that is to be prepended to requests to the DNS name server. |
dnssecclient | B | Enable or disable DNSSEC client capabilities on the LoadMaster. At least one name server must be configured before DNSSEC can be enabled. After changing this setting, the LoadMaster must be rebooted for the change to be applied. Once the setting is changed, it cannot be changed again until the LoadMaster has been rebooted. If using HA, please set the parameter on both devices separately. 0 - Disabled 1 – Enabled |
DNSNamesEnable | B | When this option is enabled, the LoadMaster automatically attempts to update any changedDNS names (based on the update interval):: If the address is not found, or if it is the same as before – nothing is done (except a log entry is generated). If the address is different, the Real Server entry will be updated with the new address, if possible. If the new address is invalid for some reason, for example if it is a non-local address and the nonlocalrs option has been disabled, no changes are made and a log is generated. |
| dnsupdateinterval | I | Set the update interval for DNS entries. Valid values range from 1 to 60 (minutes). The default value is 60. |
| dnsreloadonerror | B | If this parameter is enabled, DNS entries are reloaded when health checks have errors and an FQDN is associated with the Real Server IP address. |
The LoadMaster will try to resolve the DNS names:
\n- \n
- If the address is not found or if it is the same as before – nothing is done (except a log entry is generated). \n
- If the address is different, the Real Server entry will be updated with the new address, if possible. \n
- If the new address is invalid for some reason, for example, if it is a non-local address and the nonlocalrs parameter has been disabled, no changes are made and a log is generated. The log is found in the normal syslog messages. The message \"DNS update failed\" appears and includes the reason why. It is a descriptive error message based on what is incorrect. \n
To force a new resolution of DNS names, run the resolvenow command.
\n","_postman_id":"36c70069-cf4e-461c-b867-92aa400f6037"},{"name":"Hosts for Local Resolution","item":[{"name":"List the Existing Hosts for Local Resolution","id":"2a9ac1e8-8886-474f-8253-507f0d6cd5fd","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/gethosts","description":"To list the existing hosts for local resolution, run the gethosts command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","gethosts"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"ad70b3a4-d2e1-4e10-be8c-f76d9aac9f2b","name":"List the Existing Hosts for Local Resolution","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/gethosts"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 08 Aug 2024 09:50:26 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo add a host IP address and host FQDN, run the addhostsentry command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addhostsentry"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"hostip","value":"InsertHostIPAddress"},{"key":"hostfqdn","value":"example.com"}],"variable":[]}},"response":[{"id":"e6a065f9-97e2-4bee-9c02-5ca592d6c444","name":"Add a Host IP Address and Host FQDN","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addhostsentry?hostip=InsertHostIPAddress&hostfqdn=example.com","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addhostsentry"],"query":[{"key":"hostip","value":"InsertHostIPAddress"},{"key":"hostfqdn","value":"example.com"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 08 Aug 2024 09:49:09 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete a host IP address and host FQDN, run the delhostsentry command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delhostsentry"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"hostip","value":"InsertHostIPAddress"}],"variable":[]}},"response":[{"id":"e21ff7ff-6e53-4143-94fc-f7a6dc8d84b8","name":"Delete a Host IP Address and Host FQDN","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delhostsentry?hostip=InsertHostIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delhostsentry"],"query":[{"key":"hostip","value":"InsertHostIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 08 Aug 2024 09:52:40 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRefer to the following sections for commands relating to hosts for local resolution.
\n","_postman_id":"31a48b17-d769-4b6b-a672-0649989f2a68"}],"id":"d83ca603-2ef6-4a1e-89c0-0e0e8da9a585","description":"Refer to the following sections for details on the Host & DNS Configuration RESTful API commands and parameters.
\n","_postman_id":"d83ca603-2ef6-4a1e-89c0-0e0e8da9a585"},{"name":"Route Management","item":[{"name":"Default Gateway","item":[{"name":"Set the Network Interface Address","id":"fd788e84-f8d2-4838-a314-4d589de866a8","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modiface?interface=1&gwiface=1","description":"Before setting the default gateway, you must configure the network interface addresses.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modiface"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"interface","value":"1"},{"key":"gwiface","value":"1"}],"variable":[]}},"response":[{"id":"a85ac360-c1d0-4108-9d42-83b267a181d8","name":"Set the Network Interface Address","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modiface?interface=1&gwiface=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modiface"],"query":[{"key":"interface","value":"1"},{"key":"gwiface","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 06:49:29 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can retrieve or modify the default gateway by running the get or set command.
\nRefer to the Using get and set commands section for details about the get and set commands.
\nName | Type | Default | Additional Information |
dfltgw | A (IPv4) | unset | Specify the IPv4 default gateway that is to be used for communicating with the internet. |
dfltgwv6 | A (IPv6) | unset | Specify the IPv6 default gateway that is to be used for communicating with the internet. |
Refer to the sections below for details about the Default Gateway RESTful API parameters.
\n","_postman_id":"2c26b6e2-74b9-4160-a1f1-c90e7abc094a"},{"name":"Additional Routes","item":[{"name":"List Existing Additional Routes","id":"c624f847-59bb-431a-8606-989a964c120a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showroute","description":"List existing Additional Routes by running the showroute command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","showroute"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"b954deea-c1e0-4e59-9b6f-65af58571751","name":"List Existing Additional Routes","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showroute"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 06:55:25 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can add an Additional Route by running the addroute command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addroute"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"dest","value":"InsertDestinationIPAddress"},{"key":"gateway","value":"InsertGatewayIPAddress"}],"variable":[]}},"response":[{"id":"d999e414-8f13-43a5-a09c-e302ea6168b0","name":"Add an Additional Route","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addroute?dest=InsertDestinationIPAddress&gateway=InsertGatewayIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addroute"],"query":[{"key":"dest","value":"InsertDestinationIPAddress"},{"key":"gateway","value":"InsertGatewayIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 06:54:11 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can delete an Additional Route by running the delroute command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","delroute"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"dest","value":"InsertDestinationIPAddress"}],"variable":[]}},"response":[{"id":"2f196293-d3f2-444a-9e2b-6cbef00fe6db","name":"Delete an Additional Route","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/delroute?dest=InsertDestinationIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","delroute"],"query":[{"key":"dest","value":"InsertDestinationIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 06:58:48 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRefer to the following sections for details about the RESTful API commands and parameters relating to Additional Routes.
\n","_postman_id":"587da3ba-2fa9-4281-9231-d4214d496b1e"},{"name":"Packet Routing Filter","item":[{"name":"Check if the Packet Routing Filter is Enabled","id":"13194946-3994-487a-a6c5-ef1c853eb198","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/aclcontrol?isenabled=","description":"To check if the packet routing filter is enabled, run the aclcontrol?isenabled command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","aclcontrol"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"isenabled","value":""}],"variable":[]}},"response":[{"id":"1e74a7a5-9a66-42ce-835e-61aa2025849a","name":"Check if the Packet Routing Filter is Enabled","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/aclcontrol?isenabled","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","aclcontrol"],"query":[{"key":"isenabled","value":null}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 07:18:59 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo enable/disable the packet routing filter, run the aclcontrol command and set the enable parameter.
\n\n\nIt is not possible to disable the packet routing filter if GEO is enabled. If you try to disable the packet routing filter with GEO enabled, you get the following error:
\n
Cannot disable aclcontrol while GSLB is enabled
The remaining ACL control parameters in the sections below can only be set if the packet filter is enabled.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","aclcontrol"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"enable","value":"1"}],"variable":[]}},"response":[{"id":"222939cc-a405-4eaf-b0ec-e2c98a7d2b71","name":"Enable/Disable the Packet Routing Filter","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/aclcontrol?enable=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","aclcontrol"],"query":[{"key":"enable","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 07:20:49 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nCheck if the connection is dropped or rejected when it is on the block list.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","aclcontrol"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"isdrop","value":""}],"variable":[]}},"response":[{"id":"5bf258ca-6849-4eaa-a56a-e78847eda90d","name":"Check if the Connection is Dropped or Rejected When it is on the Blocked List","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/aclcontrol?isdrop","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","aclcontrol"],"query":[{"key":"isdrop","value":null}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 07:22:00 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nEnable dropping of block list entries.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","aclcontrol"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"drop","value":"1"}],"variable":[]}},"response":[{"id":"a3ea86b3-c002-47e6-893f-c340dadb5028","name":"Enable Dropping of Block List Entries","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/aclcontrol?drop=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","aclcontrol"],"query":[{"key":"drop","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 07:23:17 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nDisable dropping of block list entries.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","aclcontrol"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"drop","value":"0"}],"variable":[]}},"response":[{"id":"aa9ae9e6-2142-4746-a31e-7b5ffee592a2","name":"Disable Dropping of Block List Entries","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/aclcontrol?drop=0","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","aclcontrol"],"query":[{"key":"drop","value":"0"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 07:25:15 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nWhen the Restrict traffic to Interfaces option is enabled, restrictions are enforced upon routing between attached subnets. To check if the Restrict traffic to Interfaces option is enabled or disabled, run the aclcontrol.isifblock command.
\n- \n
- block - enabled \n
- free - disabled \n
Enable the Restrict traffic to Interfaces option.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","aclcontrol"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"ifblock","value":"1"}],"variable":[]}},"response":[{"id":"394f190f-757a-4ebc-a871-18cb83120743","name":"Enable the Restrict Traffic to Interfaces Option","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/aclcontrol?ifblock=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","aclcontrol"],"query":[{"key":"ifblock","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 07:29:57 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nDisable the Restrict traffic to Interfaces option.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","aclcontrol"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"ifblock","value":"0"}],"variable":[]}},"response":[{"id":"feedefa1-af9a-41fa-9233-654b3a229da4","name":"Disable the Restrict Traffic to Interfaces Option","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/aclcontrol?ifblock=0","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","aclcontrol"],"query":[{"key":"ifblock","value":"0"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 07:32:42 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nIf the Include WUI in IP Access Lists option is enabled, access to the UI is also controlled by the packet filter. In this case, the client that enabled the Include WUI in IP Access Lists option will still have access. If this option is disabled, access to the UI is not affected by the packet filter.
To check if Include WUI in IP Access Lists is enabled or disabled, run the aclcontrol.iswuiblock command.
To enable the Include WUI in IP Access Lists option, run the aclcontrol command and enable the wuiblock parameter.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","aclcontrol"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"wuiblock","value":"1"}],"variable":[]}},"response":[{"id":"3a142cb8-0493-4601-807a-077037481f05","name":"Enable the Include WUI in IP Access Lists Option","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/aclcontrol?wuiblock=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","aclcontrol"],"query":[{"key":"wuiblock","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 07:35:41 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo disable the Include WUI in IP Access Lists option, run the aclcontrol command and disable the wuiblock parameter.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","aclcontrol"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"wuiblock","value":"0"}],"variable":[]}},"response":[{"id":"b0869371-017c-4f90-9ed8-696d12d557a8","name":"Disable the Include WUI in IP Access Lists Option","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/aclcontrol?wuiblock=0","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","aclcontrol"],"query":[{"key":"wuiblock","value":"0"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 07:36:34 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo check the IP address of the last client that changed the packet filter (that is, the host that is allowed in), run the aclcontrol.wuiaddr command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","aclcontrol"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"wuiaddr","value":""}],"variable":[]}},"response":[{"id":"c43f4a93-e3be-4011-96c6-7ea68f73be4e","name":"Check the IP Address of the Last Client that Changed the Packet Filter","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/aclcontrol?wuiaddr","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","aclcontrol"],"query":[{"key":"wuiaddr","value":null}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 07:37:26 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe wuiaddr command is only relevant if the Include WUI in IP Access Lists option is enabled.
\n
The commands in this section relate to the global packet routing filter option. Packet filtering is enabled by default. It is not possible to disable the packet routing filter if GEO is enabled. Refer to the Enable/Disable GEO section for commands to enable and disable GEO.
\n","_postman_id":"1446e194-025f-4cfb-9042-6d2d88130f4e"},{"name":"VPN Management","item":[{"name":"VPN Commands","item":[{"name":"Create a New VPN Connection","id":"55b26953-16d7-419f-a3a7-b6c6b36626a7","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/createvpncon?name=VPNname","description":"To create a new Virtual Private Network (VPN) connection, run the createvpncon command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","createvpncon"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"VPNname"}],"variable":[]}},"response":[{"id":"6a32760e-5c13-4669-ae28-93cd0d0afd3f","name":"Create a New VPN Connection","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/createvpncon?name=VPNname","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","createvpncon"],"query":[{"key":"name","value":"VPNname"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 07:42:26 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can delete an existing IPsec connection by running the deletevpncon command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","deletevpncon"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"VPNname"}],"variable":[]}},"response":[{"id":"7a20bf76-f07d-46bc-a7d5-a4c14a25a7c0","name":"Delete an Existing IPSec Connection","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/deletevpncon?name=VPNname","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","deletevpncon"],"query":[{"key":"name","value":"VPNname"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 07:46:03 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can set all of the VPN addresses at the same time by running the setvpnaddr command.
\nAll of the parameters in the following table are required when running the setvpnaddr command.
\n\n\nYou can also set these parameters individually by running the commands listed in the following sections.
\nMultiple IP addresses can be specified using a comma-separated list.
\n
Name | Type | Default | Additional Information |
localip | String | See additional information | In non-HA mode, the default is the LoadMaster IP address, that is, the IP address of the default gateway interface. In HA-mode, the default is the shared IP address. |
localsubnets | String | See additional information | Set the subnet for the local side of the connection. The local IP can be the only participant if applicable, given the /32 CIDR. When the localip is set, the localsubnet is automatically populated. Multiple local subnets can be specified using a comma-separated list. Up to 10 IP addresses can be specified. |
remoteip | String | unset | Set the IP address for the remote side of the connection. |
remotesubnets | String | unset | Set the subnet for the remote side of the connection. Multiple remote subnets can be specified using a comma-separated list. Up to 10 IP addresses can be specified. |
To set the Local IP Address, run the setvpnlocalip command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","setvpnlocalip"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"VPNname"},{"key":"localip","value":"InsertLocalIPAddress"}],"variable":[]}},"response":[{"id":"fdbd6972-8ac3-4117-b6a6-193c3692e8b4","name":"Set the Local IP Address","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setvpnlocalip?name=VPNname&localip=InsertLocalIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","setvpnlocalip"],"query":[{"key":"name","value":"VPNname"},{"key":"localip","value":"InsertLocalIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 10:11:42 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo set the Local Subnet Address, run the setvpnlocalsubnets command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","setvpnlocalsubnets"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"VPNname"},{"key":"localsubnets","value":"InsertLocalSubnetAddress"}],"variable":[]}},"response":[{"id":"b2388f2c-a16a-4acf-bc38-e3f138a3f227","name":"Set the Local Subnet Address","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setvpnlocalsubnets?name=VPNname&localsubnets=InsertLocalSubnetAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","setvpnlocalsubnets"],"query":[{"key":"name","value":"VPNname"},{"key":"localsubnets","value":"InsertLocalSubnetAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 10:25:38 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo set the Remote IP Address, run the setvpnremoteip command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","setvpnremoteip"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"VPNname"},{"key":"remoteip","value":"InsertRemoteIPAddress"}],"variable":[]}},"response":[{"id":"8afd1e04-02d2-4f37-8f07-b2440c54e07f","name":"Set the Remote IP Address","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setvpnremoteip?name=VPNname&remoteip=InsertRemoteIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","setvpnremoteip"],"query":[{"key":"name","value":"VPNname"},{"key":"remoteip","value":"InsertRemoteIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 10:30:44 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo set the Remote Subnet Address, run the setvpnremoteubnets command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","setvpnremotesubnets"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"VPNname"},{"key":"remotesubnets","value":"InsertRemoteSubnetAddress"}],"variable":[]}},"response":[{"id":"04a6b32e-2f57-4ffb-b166-67003e0f973d","name":"Set the Remote Subnet Address","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setvpnremotesubnets?name=VPNname&remotesubnets=InsertRemoteSubnetAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","setvpnremotesubnets"],"query":[{"key":"name","value":"VPNname"},{"key":"remotesubnets","value":"InsertRemoteSubnetAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 10:32:43 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRefer to the following sections for details on some VPN RESTful API commands.
\n","_postman_id":"52bd5d6e-50a4-48e8-9f6b-fa61e6d7aadb"},{"name":"Set the Perfect Forward Secrecy Option","item":[{"name":"Enable the Perfect Forward Secrecy Option","id":"64c3c670-5a19-40f1-9ff4-48e88d7844c5","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setvpnpfsenable?name=VPNname","description":"To enable the Perfect Forward Secrecy option on a particular connection, run the setvpnpfsenable command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","setvpnpfsenable"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"VPNname"}],"variable":[]}},"response":[{"id":"acae28e4-fa9b-4bda-b2ec-d96bd3f601ba","name":"Enable the Perfect Forward Secrecy Option","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setvpnpfsenable?name=VPNname","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","setvpnpfsenable"],"query":[{"key":"name","value":"VPNname"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 08:16:40 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo disable the Perfect Forward Secrecy option on a particular connection, run the setvpnpfsdisable command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","setvpnpfsdisable"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"VPNname"}],"variable":[]}},"response":[{"id":"cb4aa13c-aa8f-4fd2-b058-6ed2bf8538f8","name":"Disable the Perfect Forward Secrecy Option","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setvpnpfsdisable?name=VPNname","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","setvpnpfsdisable"],"query":[{"key":"name","value":"VPNname"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 08:17:39 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRefer to the following commands for details on how to enable or disable the Perfect Forward Secrecy option.
\n","_postman_id":"b801f252-663a-4bc8-ab48-dc546884e33c"},{"name":"VPN Connection Commands","item":[{"name":"Set the Connection Secret","id":"46e8c5b7-7d48-41a7-af6e-3e151d1bee47","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setvpnsecret?name=VPNname&localid=InsertLocalIPAddress&remoteid=InsertRemoteIPAddress&key=PreSharedKeyExample","description":"To set the connection secret details, run the setvpnsecret command.
\nAll of the parameters are required for this command to work.
\nName | Type | Default | Additional Information |
localid | String | Same as the localip | Identification for the local side of the connection |
remoteid | String | unset | Identification for the remote side of the connection. This can be the remoteip. |
key | String | unset | The Pre Shared Key (PSK) string. This is the Shared key which is generated and managed on the Azure side. The key length should be at least 16 and at most 64 characters. |
To start the connection, run the startvpncon command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","startvpncon"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"VPNname"}],"variable":[]}},"response":[{"id":"e87ecdac-4d5a-4be2-902f-17598d00b515","name":"Start the Connection","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/startvpncon?name=VPNname","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","startvpncon"],"query":[{"key":"name","value":"VPNname"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 11:03:36 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo stop the connection, run the stopvpncon command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","stopvpncon"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"VPNname"}],"variable":[]}},"response":[{"id":"8b4a9908-692b-4ed3-9a58-42855f6b15cd","name":"Stop the Connection","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/stopvpncon?name=VPNname","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","stopvpncon"],"query":[{"key":"name","value":"VPNname"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 11:08:08 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo view the status of the connection, run the getvpnstatus command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","getvpnstatus"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"VPNname"}],"variable":[]}},"response":[{"id":"8ded3c65-6343-4e64-8183-0cfec37447be","name":"Get the Connection Status","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/getvpnstatus?name=VPNname","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","getvpnstatus"],"query":[{"key":"name","value":"VPNname"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 11:06:18 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo list the details about all of the existing VPN connections, run the listvpns command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","listvpns"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"1c2a1a6b-553c-4064-bbee-00b36d5f5370","name":"List All Existing Connections","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"cmd\": \"listvpns\",\r\n \"apikey\": \"InsertAPIKey\"\r\n}","options":{"raw":{"language":"json"}}},"url":"https://InsertLoadMasterIPAddress/accessv2"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Date","value":"Fri, 22 Jul 2022 15:42:04 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/json"}],"cookie":[],"responseTime":null,"body":"{\n \"code\": 200,\n \"VPN\": [\n {\n \"name\": \"VPNname\",\n \"status\": \"Down\",\n \"localIP\": \"IP address would appear here\",\n \"localSubnets\": \"IP address would appear here/32\",\n \"remoteIP\": \"IP address would appear here\",\n \"remoteSubnets\": \"Refer to the following sections for details on the VPN connection RESTful API commands.
\n","_postman_id":"1afba649-d5b1-4287-bd40-053e79a7f491"},{"name":"IKE Daemon Commands","item":[{"name":"Stop the IKE Daemon","id":"30503702-ad9e-4513-bbb1-e58f0948e0d3","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/stopikedaemon","description":"To list the details about all of the existing VPN connections, run the listvpns command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","stopikedaemon"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"092a803d-9fc3-429e-8e55-993c00c87ab7","name":"Stop the IKE Daemon","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/stopikedaemon"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 09:34:55 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo start the IKE daemon, run the startikedaemon command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","startvpncon"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"VPNname"}],"variable":[]}},"response":[{"id":"5b230fdb-1352-4ac1-a5b2-4f553e9b120e","name":"Start the IKE Daemon","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/startvpncon?name=VPNname","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","startvpncon"],"query":[{"key":"name","value":"VPNname"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 08:23:33 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo view the status of the IKE daemon, run the statusikedaemon command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","getvpnstatus"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"VPNname"}],"variable":[]}},"response":[{"id":"88226a37-633d-4689-a8f5-44f8e683348b","name":"Get the IKE Daemon Status","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/getvpnstatus?name=VPNname","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","getvpnstatus"],"query":[{"key":"name","value":"VPNname"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 08:24:47 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRefer to the following sections for RESTful API commands relating to the IKE Daemon.
\n","_postman_id":"f55a191a-0427-43ae-ab20-afb98916a7fd"}],"id":"88dee221-19f4-4a7c-8f35-572344cd876c","description":"Refer to the following sections for details on the RESTful API commands and parameters relating to VPN Management.
\n","_postman_id":"88dee221-19f4-4a7c-8f35-572344cd876c"}],"id":"31e78076-ff74-4ec0-8409-2ed8dbdebd1f","description":"Refer to the following sections for details on the Route Management RESTful API commands and parameters.
\n","_postman_id":"31e78076-ff74-4ec0-8409-2ed8dbdebd1f"},{"name":"Access Lists","item":[{"name":"List the Block or Allow List for a Specific Virtual Service","id":"2616bdf1-9536-45d0-b98d-07c59b01f10b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/aclcontrol?listvs=block&vsip=InsertVirtualServiceIPAddress&vsprot=tcp&vsport=443","description":"List the block or allow list for a specific Virtual Service by using aclcontrol command.
\nVirtual Server Protocol |
tcp |
udp |
\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","aclcontrol"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"listvs","value":"block"},{"key":"vsip","value":"InsertVirtualServiceIPAddress"},{"key":"vsprot","value":"tcp"},{"key":"vsport","value":"443"}],"variable":[]}},"response":[{"id":"5f2e0b19-f38f-451d-9df7-98433bcd9cb4","name":"List the Block or Allow List for a Specific Virtual Service","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/aclcontrol?listvs=allow&vsip=InsertVirtualServiceIPAddress&vsprot=tcp&vsport=443","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","aclcontrol"],"query":[{"key":"listvs","value":"allow"},{"key":"vsip","value":"InsertVirtualServiceIPAddress"},{"key":"vsprot","value":"tcp"},{"key":"vsport","value":"443"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 08 Aug 2024 06:20:47 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nIf the CIDR is not specified, the system will use its own default value which is /32.
\n
To retrieve the Virtual Service index, run the listvs command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","listvs"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"53e3f096-0856-494c-a6c2-f7c098d6525e","name":"Retrieve the Virtual Service Index","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listvs"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 08 Aug 2024 06:25:01 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo list the block or allow list using the Virtual Service index for a specific Virtual Service, run the aclcontrol command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","aclcontrol"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"listvs","value":"allow"},{"key":"vs","value":"1"}],"variable":[]}},"response":[{"id":"94dd9993-e680-4268-adf2-f732bcedc25a","name":"List the Block or Allow List for a Specific Virtual Service (using Virtual Service Index)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/aclcontrol?listvs=block&vs=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","aclcontrol"],"query":[{"key":"listvs","value":"block"},{"key":"vs","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 08 Aug 2024 06:28:07 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo add an address to the global block or allow list, run the aclcontrol command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","aclcontrol"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"add","value":"allow"},{"key":"addr","value":"InsertVirtualServiceIPAddress"}],"variable":[]}},"response":[{"id":"6e79c6f0-73dd-4bb0-8b0a-2217e636a9b1","name":"Add an Address to the Global Allow List","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/aclcontrol?add=allow&addr=InsertVirtualServiceIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","aclcontrol"],"query":[{"key":"add","value":"allow"},{"key":"addr","value":"InsertVirtualServiceIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 08 Aug 2024 06:34:29 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe addr can be an IPv4 or an IPv6 address. If the CIDR is not specified, the system uses a default of /32.
\n
To add an address to a Virtual Service block or allow list, run the aclcontrol command.
\nThe comment parameter is optional. The comment parameter accepts a maximum of 127 characters.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","aclcontrol"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"addvs","value":"block"},{"key":"vsip","value":"InsertVirtualServiceIPAddress"},{"key":"vsprot","value":"tcp"},{"key":"vsport","value":"443"},{"key":"addr","value":"InsertVirtualServiceIPAddress"},{"key":"comment","value":"Add a service"}],"variable":[]}},"response":[{"id":"dc0fe039-61f2-48c5-a8f9-56086bef8d87","name":"Add an Address to a Virtual Service Allow List","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/aclcontrol?addvs=allow&vsip=InsertVirtualServiceIPAddress&vsprot=tcp&vsport=443&addr=InsertVirtualServiceIPAddress&comment=Add a service","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","aclcontrol"],"query":[{"key":"addvs","value":"allow"},{"key":"vsip","value":"InsertVirtualServiceIPAddress"},{"key":"vsprot","value":"tcp"},{"key":"vsport","value":"443"},{"key":"addr","value":"InsertVirtualServiceIPAddress"},{"key":"comment","value":"Add a service"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 08 Aug 2024 06:39:07 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo add an address to a Virtual Service block or allow list (using Virtual Service index), run the aclcontrol command.
\nThe comment parameter is optional. The comment parameter accepts a maximum of 127 characters.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","aclcontrol"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"addvs","value":"allow"},{"key":"vs","value":"1"},{"key":"addr","value":"InsertVirtualServiceIPAddress"},{"key":"comment","value":"Add a service"}],"variable":[]}},"response":[{"id":"9f5c7c80-49c9-41ec-941e-29862d71dced","name":"Add an Address to a Virtual Service Block or Allow List (using Virtual Service Index)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/aclcontrol?addvs=allow&vs=1&addr=InsertVirtualServiceIPAddress&comment=Add a service","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","aclcontrol"],"query":[{"key":"addvs","value":"allow"},{"key":"vs","value":"1"},{"key":"addr","value":"InsertVirtualServiceIPAddress"},{"key":"comment","value":"Add a service"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 08 Aug 2024 06:46:13 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo display the addresses on the global block or allow list, run the aclcontrol command.
\nList Type |
block |
allow |
To delete an address from the global block or allow list, run the aclcontrol command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","aclcontrol"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"del","value":"block"},{"key":"addr","value":"InsertVirtualServiceIPAddress"}],"variable":[]}},"response":[{"id":"0e988612-6efc-4feb-8c37-aabe640df1ac","name":"Delete an Address from Global Block or Allow List","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/aclcontrol?del=allow&addr=InsertVirtualServiceIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","aclcontrol"],"query":[{"key":"del","value":"allow"},{"key":"addr","value":"InsertVirtualServiceIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 08 Aug 2024 06:53:35 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete an address from a Virtual Service block or allow list, run the aclcontrol command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","aclcontrol"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"delvs","value":"allow"},{"key":"vsip","value":"InsertVirtualServiceIPAddress"},{"key":"vsprot","value":"tcp"},{"key":"vsport","value":"443"},{"key":"addr","value":"InsertVirtualServiceIPAddress"},{"key":"comment","value":"Delete a service"}],"variable":[]}},"response":[{"id":"6cdcf6e0-3232-435d-b089-7a3af5fe15a6","name":"Delete an Address from a Virtual Service Block List","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/aclcontrol?delvs=block&vsip=InsertVirtualServiceIPAddress&vsprot=tcp&vsport=443&addr=InsertVirtualServiceIPAddress&comment=Delete a service","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","aclcontrol"],"query":[{"key":"delvs","value":"block"},{"key":"vsip","value":"InsertVirtualServiceIPAddress"},{"key":"vsprot","value":"tcp"},{"key":"vsport","value":"443"},{"key":"addr","value":"InsertVirtualServiceIPAddress"},{"key":"comment","value":"Delete a service"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 08 Aug 2024 06:57:51 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete an address from a Virtual Service block or allow list (using Virtual Service index), run the aclcontrol command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","aclcontrol"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"delvs","value":"allow"},{"key":"vs","value":"1"},{"key":"addr","value":"InsertVirtualServiceIPAddress"},{"key":"comment","value":"Delete a service"}],"variable":[]}},"response":[{"id":"22cbb225-cc3e-4314-82c8-59f8aecae9ac","name":"Delete an Address to a Virtual Service Block or Allow List (using Virtual Service Index)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/aclcontrol?delvs=allow&vs=1&addr=InsertVirtualServiceIPAddress&comment=Delete a service","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","aclcontrol"],"query":[{"key":"delvs","value":"allow"},{"key":"vs","value":"1"},{"key":"addr","value":"InsertVirtualServiceIPAddress"},{"key":"comment","value":"Delete a service"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 08 Aug 2024 07:01:09 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\n\n\n","_postman_id":"d3e409a6-3693-42db-82df-6fb0d3dd99b7"},{"name":"HA Parameters","item":[{"name":"Force Partner Update","id":"8a946b40-ca75-44dd-b8b4-dadb11ca1cc5","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/forceupdatepartner","description":"The Access Control List (ACL) commands allow you to switch on or off the ACL and set or get the related parameters. When running an ACL command without a specified Virtual Service IP address, the command is run for the global ACL. If a Virtual Service IP address is set, the command is only run for the ACL for that specific Virtual Service.
\n
Only users with ‘All Permissions’ can run the global commands.
Users with ‘All Permissions’ and ‘Virtual Service’ permissions can run the Virtual Service-specific commands.
Immediately forces the configuration from the active to standby unit without waiting for a normal update.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","forceupdatepartner"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"9f439469-ccc0-40cf-a216-7d9a97eabc08","name":"Force Partner Update","originalRequest":{"method":"GET","header":[],"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/forceupdatepartner"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 19 Mar 2025 09:24:12 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\n\n\nIf using the LoadMaster for Azure product, please refer to the next section.
\n
Parameters relating to HA Parameters that can be managed using get and set commands are detailed in the following table.
\nRefer to the Using get and set commands section for the get and set commands.
\nName | Type | Range | Description |
hastatus | S | Normal HA: Active, Standby, Passive (all as expected). Cloud HA: Active, Standby, Passive (if status not yet set). Cluster: Active (if master), Standby (if slave), Passive (if disabled). For clusters, there is one master and all of the others are standby. If HA is not configured, HA not configured is returned. | Retrieve the status of a HA or cluster unit. This is a read-only parameter and cannot be set. |
haif | I |
| The network interface used when synchronising the configuration between the members of the HA cluster |
hainitial | B | 0 – Disabled 1 – Enabled | Perform extra network checks at boot time. This may cause instability and should not be used. |
macglobal | B | 0 - Disabled 1 - Enabled | By default, the LoadMaster uses an IP multicast address when sending CARP packets. Enabling this option forces the use of the IP broadcast address instead. |
haprefered | I | 0 = No preferred host 1 = Prefer First HA 2 = Prefer Second HA | By default, neither partner in a HA cluster has priority. When a machine restarts after a switchover that machine becomes a standby. Specifying a preferred host means that when this machine restarts it will always become active and the partner will revert to standby mode. |
hastyle | B | 0 = legacy heart beat 1 = carp | By default, the system uses a version of VRRP (carp) to check the status of the partner. The system can also support the legacy Heartbeat program. This option only takes effect when both machines are rebooted |
hatimeout | I | 1 = 3 seconds 2 = 6 seconds 3 = 9 second 4 = 12 seconds 5 = 15 seconds | The time the active must be unavailable before a switchover occurs. |
havhid | I | 1-255 | When using multiple HA LoadMasters on the same network, this value identifies each cluster so that there are no potential unwanted interactions. |
hawait | I | 0-200 | This is how long (in seconds) after the initial boot, before the LoadMaster becomes active. If the partner machine is running this value is ignored. This value can be changed to mitigate the time taken for some intelligent switches to detect that the LoadMaster has started and to bring up the link. |
mcast | I |
| The network interface used for multicast traffic which is used to synchronize Layer 4 and Layer 7 traffic when Inter HA Updates are enabled. |
vmac | B |
| This option creates a shared MAC address for both units. When failover occurs, the LoadMaster handles the MAC address handover too. This allows the switches to keep the MAC address and not worry about ARP caches or stale records. |
Tcpfailover | B | 0 – Disable 1 – Enable
| When using L4 services, enabling updates allows L4 connection maintenance across a HA switchover. This option is ignored for L7 services. This parameter is now deprecated and has been replaced with the hal4update parameter. |
hal4update | B | 0 – Disable 1 – Enable
| When using L4 services, enabling updates allows L4 connection maintenance across a HA switchover. This option is ignored for L7 services. |
L4SyncThreshold | I | 1-(L4SyncPeriod-1) | The minimum number of incoming packets that a connection needs to receive before the connection will be synchronized. Default value: 3 seconds Valid values range from the 1 to the L4SyncPeriod-1. For example, if the L4SyncPeriod is set to 50, the maximum L4SyncThreshold is 49. |
L4SyncPeriod | I | (L4SyncThreshold+1)-255 | A connection gets synchronized every time the number of its incoming packets modulus sync_period equals the threshold. Default value: 50 seconds Valid values range from the L4SyncThreshold+1 to 255. |
L4SyncRefreshPeriod | I | 0-10 | This is the allowed difference time (in seconds) in the reported connection timer that triggers a new sync message. Default value: 0 Valid values range from 0 to 10. |
cookieupdate | B | 0 – Disable 1 – Enable
| When using L7 services, enabling this option allows sharing of persistency information between HA partners. If a HA switchover occurs, the persistency information will then not be lost. Enabling this option can have a significant performance impact. This parameter is now deprecated and has been replaced with the hal7update parameter. |
hal7update | B | 0 – Disable 1 – Enable
| When using L7 services, enabling this option allows sharing of persistency information between HA partners. If a HA switchover occurs, the persistency information will then not be lost. Enabling this option can have a significant performance impact. |
finalpersist | I | 0, 60-86400 | When a Real Server is disabled, the sessions persisting on that Real Server continue to be served until the Drain Time has expired or until no more sessions are being handled by the Real Server. No new sessions will be handled by the Real Server. |
hamode | I | 0 – HA mode disabled 1 – HA 1 mode 2 – HA 2 mode 3 – System is using cloud HA 4 – System is in a cluster | Specify the HA mode. If only using a single LoadMaster, use Non-HA Mode. In non-cloud HA mode, one LoadMaster must be specified as the first and another as second. HA will not work if both LoadMasters are specified the same. HA enables two physical or virtual LoadMasters to become one logical device. Only one of these units is active and handling traffic at any one time (HA 1 mode) while the other is a hot standby (passive - HA 2 mode). |
hacheck | B | 0 - Disable 1 - Enable | Enable HA health checking. At least one interface must be enabled. |
halinkfailreboot | B | 0 - Disable 1 - Enable | Enables LoadMaster to reboot if there is a link failure. |
Simply changing the HA mode does not switch between non-HA and HA. The partner and Virtual IP (VIP) Addresses also need to be set and a reboot is needed before the system is fully switched over. For instructions on how to set up HA using the RESTful API, refer to the Setting Up HA using the RESTful API section.
\n\n\n","_postman_id":"3a8edf2c-9c7b-4907-b73b-db342caa5a25"},{"name":"Cloud HA Parameters","item":[{"name":"Generic Gloud Commands","item":[{"name":"Get the Cloud HA Parameters","id":"e8b633a4-a71e-48ff-8e96-e3baade4972c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress:8443/access/getCloudHaParams","description":"After changing the hastyle or hamode a reboot is required for the changes to take effect.
\n
You can retrieve the HA parameters for a cloud LoadMaster by running the getCloudHaParams command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","port":"8443","path":["access","getCloudHaParams"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"d0ae8a96-8078-418b-9c86-f4411d629776","name":"Get the Cloud HA Parameters","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress:8443/access/getCloudHaParams"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:21:17 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can set the cloud HA mode by running the setcloudhamode command.
\nValid values for the hamode parameter are as follows:
\n- \n
- first \n
- second \n
- single \n
Setting the hamode to single disables HA (the LoadMaster is treated as a single unit).
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","port":"8443","path":["access","setcloudhamode"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"hamode","value":"second"}],"variable":[]}},"response":[{"id":"90856960-549a-478c-b5e9-939340edc6f4","name":"Set the Cloud HA Mode","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress:8443/access/setcloudhamode?hamode=second","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"port":"8443","path":["access","setcloudhamode"],"query":[{"key":"hamode","value":"second"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:23:14 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can set the cloud HA parameters by running the setcloudhaparam command.
\nName | Type | Range | Additional Information |
partner | S | Must be a valid IP address | Specify the hostname or IP address of the HA partner unit. |
hcp | I | Must be a valid port value | Set the port to run the health check on. The port must be the same on both the active and standby unit for HA to function correctly. |
haprefered | B | 0 – No Preferred Host 1 – Prefer First | There are two possible values to set: 0 - No Preferred Host: Each unit takes over when the other unit fails. No switchover is performed when the partner is restarted. 1 - Prefer First: The active unit always takes over. This is the default option. |
| hcai | B | 0 - Disabled 1 - Enabled | When this option is enabled, the health check listens on all interfaces. This is required when using a multi-arm configuration. If this is disabled, the health check listens on the primary eth0 address (this is the default behavior). |
Refer to the sections below for details on some RESTful API HA commands that work for both Azure and AWS LoadMasters.
\n","_postman_id":"438609ee-c19a-4a43-a673-838cedde25cc"},{"name":"Azure HA Parameters","item":[{"name":"Get the Azure HA Parameters","id":"bdafa2f3-8893-4a01-9b45-fc41b1e070d6","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress:8443/access/getazurehaparams","description":"You can retrieve the Azure HA parameters by using the getazurehaparams command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","port":"8443","path":["access","getazurehaparams"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"05573e37-3c26-4889-9f10-f069fa66a0e3","name":"Get the Azure HA Parameters","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress:8443/access/getazurehaparams"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:26:52 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can set the Azure HA mode by running the azurehamode command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","port":"8443","path":["access","azurehamode"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"hamode","value":"first"}],"variable":[]}},"response":[{"id":"6d905b6d-fc61-4f68-aea1-36e150503e39","name":"Set the Azure HA Mode","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress:8443/access/azurehamode?hamode=first","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"port":"8443","path":["access","azurehamode"],"query":[{"key":"hamode","value":"first"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:28:25 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can set the Azure HA parameters by running the azurehaparam command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","port":"8443","path":["access","azurehaparam"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"hcp","value":"8443"}],"variable":[]}},"response":[{"id":"872157a3-0e20-4e36-9ecf-6c077f482fc5","name":"Set the Azure HA Parameters","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress:8443/access/azurehaparam?hcp=8443","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"port":"8443","path":["access","azurehaparam"],"query":[{"key":"hcp","value":"8443"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:29:53 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThese commands are only relevant to the LoadMasters running in an Azure environment.
\n","_postman_id":"c75faa95-d5f8-4f1c-81a2-031ba6ab66da"},{"name":"AWS HA Parameters","item":[{"name":"Get the AWS HA Parameters","id":"317aa664-7fc7-4cae-b1ca-5db2f35efa05","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertCloudIPAddress/access/getawshaparams","description":"You can retrieve the AWS HA parameters by using the getawshaparams command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","getawshaparams"],"host":["InsertCloudIPAddress"],"query":[],"variable":[]}},"response":[{"id":"9c2f3a11-c6f9-491d-b870-e39e5b6e3899","name":"Get the AWS HA Parameters","originalRequest":{"method":"GET","header":[{"key":"Content-Type","value":"text/plain","type":"text"}],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"text"}}},"url":"https://bal:InsertPassword@InsertCloudIPAddress/access/getawshaparams"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 30 Sep 2022 10:21:51 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"application/xml","description":"","type":"text"}],"cookie":[],"responseTime":null,"body":"\nYou can set the AWS HA mode by using the awshamode command.
\nValid values for the hamode parameter are:
\n* first\n* second\n* single
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","awshamode"],"host":["InsertCloudIPAddress"],"query":[{"key":"hamode","value":"second"}],"variable":[]}},"response":[{"id":"14dba850-4280-481e-aefa-2b32e37dab6d","name":"Set the AWS HA Mode","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertCloudIPAddress/access/awshamode?hamode=second","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertCloudIPAddress"],"path":["access","awshamode"],"query":[{"key":"hamode","value":"second"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 30 Sep 2022 10:28:57 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"application/xml","description":"","type":"text"}],"cookie":[],"responseTime":null,"body":"\nYou can set the AWS HA parameters by using the awshaparam command.
\nName | Type | Range | Additional Information |
partner | S | Must be a valid IP address | Specify the host name or IP address of the HA partner unit. |
hcp | I | Must be a valid port value | Set the port over which the health check will be run. The port must be the same on both the active and standby unit for HA to function correctly. |
haprefered | B | 0 – No Preferred Host 1 – Prefer First | There are two possible values to set: 0 - No Preferred Host: Each unit takes over when the other unit fails. No switchover is performed when the partner is restarted. 1 - Prefer First: The HA1 (active) unit always takes over. This is the default option. |
| hcai | B | 0 - Disabled 1 - Enabled | When this option is enabled, the health check listens on all interfaces. This is required when using a multi-arm configuration. If this is disabled, the health check listens on the primary eth0 address (this is the default behavior). |
These commands are only relevant to LoadMasters running in AWS.
\n","_postman_id":"c52f7013-c751-4a2c-baa5-6131496de5a3"}],"id":"32d1dc3a-5303-422d-a0fb-bda5fadf684d","description":"Refer to the following sections for details on the cloud HA parameters.
\n","_postman_id":"32d1dc3a-5303-422d-a0fb-bda5fadf684d"},{"name":"QoS/Limiting","item":[{"name":"QOS/Limiting Commands","item":[{"name":"Example Get Command","id":"086b7d79-f720-48b7-9a5b-8f72a12f98aa","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/get?param=MaxConnsLimit","description":"To get the MaxConnsLimit parameter value, run the get command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","get"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"param","value":"MaxConnsLimit"}],"variable":[]}},"response":[{"id":"3df404a6-61ba-454f-accf-222cecccb986","name":"Example Get Command","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/get?param=MaxConnsLimit","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","get"],"query":[{"key":"param","value":"MaxConnsLimit"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 05 Aug 2024 09:19:00 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo set the MaxConnsLimit parameter value, run the set command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","set"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"param","value":"MaxConnsLimit"},{"key":"value","value":"80000"}],"variable":[]}},"response":[{"id":"fafea4c6-241d-4437-ae5f-6fdb3d27d212","name":"Example Set Command","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/set?param=MaxConnsLimit&value=80000","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","set"],"query":[{"key":"param","value":"MaxConnsLimit"},{"key":"value","value":"80000"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 05 Aug 2024 09:20:03 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe sections below provide an example get and example set command. You can use these commands to retrieve and configure the parameters mentioned in the previous section.
\n","_postman_id":"295a2ce2-1242-4297-b540-bb1cec39f323"},{"name":"Maximum Client Concurrent Connection Limit","item":[{"name":"List the Client Concurrent Connection Limits","id":"58453511-8df0-4d0a-afa6-d6a83645d2e1","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/clientmaxclimitlist","description":"To list the existing client concurrent connection limits, run the clientmaxclimitlist command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","clientmaxclimitlist"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"bc069b8c-9b48-4055-8b2e-a165556fe564","name":"List the Client Concurrent Connection Limits","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/clientmaxclimitlist"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 05:12:20 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo add a new client concurrent connection limit, run the clientmaxclimitadd command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","clientmaxclimitadd"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"l7addr","value":"InsertVirtualServiceIPAddress"},{"key":"l7limit","value":"10"}],"variable":[]}},"response":[{"id":"6eeaf27b-c049-459a-a5e7-203dbf002b12","name":"Add a New Client Concurrent Connection Limit","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/clientmaxclimitadd?l7addr=InsertVirtualServiceIPAddress&l7limit=10","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","clientmaxclimitadd"],"query":[{"key":"l7addr","value":"InsertVirtualServiceIPAddress"},{"key":"l7limit","value":"10"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 05:11:50 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete an existing client concurrent connection limit, run the clientmaxclimitdel command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","clientmaxclimitdel"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"l7addr","value":"InsertVirtualServiceIPAddress"}],"variable":[]}},"response":[{"id":"606fd0c9-c66a-4a14-ba6d-0feae8e321ee","name":"Delete an Existing Client Concurrent Connection Limit","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/clientmaxclimitdel?l7addr=InsertVirtualServiceIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","clientmaxclimitdel"],"query":[{"key":"l7addr","value":"InsertVirtualServiceIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 05:15:33 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThis section provides commands relating to the maximum client concurrent connection limit.
\n","_postman_id":"43e0986d-1a07-47b1-9cdb-68d0013d44de"},{"name":"Client CPS Limit","item":[{"name":"List the Existing Connections Per Second (CPS) Limits","id":"e8249910-9770-4c09-84f6-159fcd4a1721","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/clientcpslimitlist","description":"To list the existing Connections Per Second (CPS) limits, run the clientcpslimitlist command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","clientcpslimitlist"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"46025e62-5a67-415d-bb2d-cb7501e37538","name":"List the Existing Connections Per Second (CPS) Limits","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/clientcpslimitlist"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 05:17:50 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo add a new CPS limit, run the clientcpslimitadd command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","clientcpslimitadd"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"l7addr","value":"InsertVirtualServiceIPAddress"},{"key":"l7limit","value":"12"}],"variable":[]}},"response":[{"id":"4c94aa44-57b3-4b09-bdec-bf5a1b3cde63","name":"Add a New CPS limit","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/clientcpslimitadd?l7addr=InsertVirtualServiceIPAddress&l7limit=12","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","clientcpslimitadd"],"query":[{"key":"l7addr","value":"InsertVirtualServiceIPAddress"},{"key":"l7limit","value":"12"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 05:17:10 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete an existing CPS limit, run the clientcpslimitdel command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","clientcpslimitdel"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"l7addr","value":"InsertVirtualServiceIPAddress"}],"variable":[]}},"response":[{"id":"efb3c085-cf58-406c-9c37-e14d3a3a3efc","name":"Delete an Existing CPS Limit","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/clientcpslimitdel?l7addr=InsertVirtualServiceIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","clientcpslimitdel"],"query":[{"key":"l7addr","value":"InsertVirtualServiceIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 05:19:35 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThis section provides commands relating to the client CPS limit.
\n","_postman_id":"0082caab-a687-4938-abff-ae2cf96780f6"},{"name":"Legacy Client CPS Limit Commands","item":[{"name":"Limit the Maximum Number of Connection Attempts","id":"35195fbd-fb31-48bf-9ceb-b585a97bc791","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/set?param=l7limitinput&value=25","description":"Client limiting can be used to limit the default maximum number of connection attempts (per second) from a specified host. The limit can be set using the set parameter.
\nSetting the limit to zero disables the option.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","set"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"param","value":"l7limitinput"},{"key":"value","value":"25"}],"variable":[]}},"response":[{"id":"7ec3890b-d722-46de-b15b-649f5a521168","name":"Limit the Maximum Number of Connection Attempts","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/set?param=l7limitinput&value=25","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","set"],"query":[{"key":"param","value":"l7limitinput"},{"key":"value","value":"25"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 05:26:07 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo list the addresses and their limits, run the afeclientlimitlist command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","afeclientlimitlist"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"","value":""}],"variable":[]}},"response":[{"id":"ce300bc4-8452-4073-a28b-4e5450118235","name":"List the Addresses and their Limits","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/afeclientlimitlist?","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","afeclientlimitlist"],"query":[{"key":"","value":null}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 05:28:11 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nA number of addresses or networks can be specified to be limited. To add an address, run the afeclientlimitadd command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","afeclientlimitadd"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"l7addr","value":"InsertVirtualServiceIPAddress"},{"key":"l7limit","value":"14"}],"variable":[]}},"response":[{"id":"b3973467-ea9d-4227-96da-c67462f2e24f","name":"Add an Address and its Limit","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/afeclientlimitadd?l7addr=InsertVirtualServiceIPAddress&l7limit=14","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","afeclientlimitadd"],"query":[{"key":"l7addr","value":"InsertVirtualServiceIPAddress"},{"key":"l7limit","value":"14"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 05:27:39 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete an address, run the afeclientlimitdel command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","afeclientlimitdel"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"l7addr","value":"InsertVirtualServiceIPAddress"}],"variable":[]}},"response":[{"id":"f2c2e16f-9608-416d-addc-e5bcdc7e8cf6","name":"Delete an Address","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/afeclientlimitdel?l7addr=InsertVirtualServiceIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","afeclientlimitdel"],"query":[{"key":"l7addr","value":"InsertVirtualServiceIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 05:29:55 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nBefore the rate limiting functionality was improved in LoadMaster version 7.2.52, you could run the following commands relating to client CPS limits.
\n\n\n","_postman_id":"9914881a-196d-49c7-8a22-56a4278c31a9"},{"name":"Client RPS Limit","item":[{"name":"List the Existing RPS Limits","id":"a7b9a025-6fc7-4a02-8ab5-b8ea32647ead","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/clientrpslimitlist","description":"Although these commands still work - we recommend using the new commands outlined in the Client CPS Limit section above.
\n
To list the existing RPS limits, run the clientrpslimitlist command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","clientrpslimitlist"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"7aaad279-29ac-4b82-9efb-2b34ded1f220","name":"List the Existing RPS Limits","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/clientrpslimitlist"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 05:36:53 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo add a new RPS limit, run the clientrpslimitadd command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","clientrpslimitadd"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"l7addr","value":"InsertVirtualServiceIPAddress"},{"key":"l7limit","value":"16"}],"variable":[]}},"response":[{"id":"84a7cdef-859f-48c0-859e-0f2d7d50ee8b","name":"Add a New RPS Limit","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/clientrpslimitadd?l7addr=InsertVirtualServiceIPAddress&l7limit=16","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","clientrpslimitadd"],"query":[{"key":"l7addr","value":"InsertVirtualServiceIPAddress"},{"key":"l7limit","value":"16"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 05:36:15 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete an existing RPS limit, run the clientrpslimitdel command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","clientrpslimitdel"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"l7addr","value":"InsertVirtualServiceIPAddress"}],"variable":[]}},"response":[{"id":"556df0ee-af3d-4f80-b075-d1f4215938d7","name":"Delete an Existing RPS Limit","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/clientrpslimitdel?l7addr=InsertVirtualServiceIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","clientrpslimitdel"],"query":[{"key":"l7addr","value":"InsertVirtualServiceIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 05:38:12 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThis section provides commands relating to the client RPS limit.
\n","_postman_id":"21be3dba-b259-474f-ac43-cbf2bdab0885"},{"name":"Client Bandwidth Limit","item":[{"name":"List the Existing Client Bandwidth Limits","id":"e4e8f99e-9014-401b-8ead-a2affbef610c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/clientbandwidthlimitlist","description":"To list the existing client bandwidth limits, run the clientbandwidthlimitlist command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","clientbandwidthlimitlist"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"31333189-b234-45ea-8e6c-c9c1a53e414c","name":"List the Existing Client Bandwidth Limits","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/clientbandwidthlimitlist"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 05:45:46 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo add a new client bandwidth limit, run the clientbandwidthlimitadd command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","clientbandwidthlimitadd"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"l7addr","value":"InsertVirtualServiceIPAddress"},{"key":"l7limit","value":"18"}],"variable":[]}},"response":[{"id":"e31bbe71-65ea-4c8f-8cee-e16e8ceacf60","name":"Add a New Client Bandwidth Limit","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/clientbandwidthlimitadd?l7addr=InsertVirtualServiceIPAddress&l7limit=18","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","clientbandwidthlimitadd"],"query":[{"key":"l7addr","value":"InsertVirtualServiceIPAddress"},{"key":"l7limit","value":"18"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 05:41:06 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe global client maximum bandwidth limit (ClientMaxBandwidthLimit) must be set before you add a specific client bandwidth limit.
\n
To delete an existing client bandwidth limit, run the clientbandwidthlimitdel command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","clientbandwidthlimitdel"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"l7addr","value":"InsertVirtualServiceIPAddress"}],"variable":[]}},"response":[{"id":"064d5539-0447-4b59-b4dd-87ce58646cfb","name":"Delete an Existing Client Bandwidth Limit","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/clientbandwidthlimitdel?l7addr=InsertVirtualServiceIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","clientbandwidthlimitdel"],"query":[{"key":"l7addr","value":"InsertVirtualServiceIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 05:47:25 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThis section provides commands relating to the client bandwidth limit.
\n","_postman_id":"a57659da-9430-4013-89cb-97b6fa29f784"},{"name":"Per-Virtual Service Limits","item":[{"name":"Add a New Virtual Service with Limits","id":"d4d2ca96-ee6b-430b-8644-e8f959080ddc","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addvs?vs=InsertVirtualServiceIPAddress&port=80&prot=tcp&ConnsPerSecLimit=10&RequestsPerSecLimit=10&MaxConnsLimit=50&bandwidth=17","description":"To add a new Virtual Service with limits, run the addvs command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addvs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"ConnsPerSecLimit","value":"10"},{"key":"RequestsPerSecLimit","value":"10"},{"key":"MaxConnsLimit","value":"50"},{"key":"bandwidth","value":"17"}],"variable":[]}},"response":[{"id":"3f38972b-723a-4e50-a8e7-41ab935d9f82","name":"Add a New Virtual Service with Limits","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addvs?vs=InsertVirtualServiceIPAddress&port=80&prot=tcp&ConnsPerSecLimit=10&RequestsPerSecLimit=10&MaxConnsLimit=50&bandwidth=17","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addvs"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"ConnsPerSecLimit","value":"10"},{"key":"RequestsPerSecLimit","value":"10"},{"key":"MaxConnsLimit","value":"50"},{"key":"bandwidth","value":"17"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 05:55:45 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo modify the limits for an existing Virtual Service, run the modvs command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modvs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"ConnsPerSecLimit","value":"10"},{"key":"RequestsPerSecLimit","value":"10"},{"key":"MaxConnsLimit","value":"40"},{"key":"bandwidth","value":"17"}],"variable":[]}},"response":[{"id":"a5d4ebc9-52fc-487b-a21e-c7627a2afffb","name":"Modify the Limits for an Existing Virtual Service","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modvs?vs=InsertVirtualServiceIPAddress&port=80&prot=tcp&ConnsPerSecLimit=10&RequestsPerSecLimit=10&MaxConnsLimit=40&bandwidth=17","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modvs"],"query":[{"key":"vs","value":"InsertVirtualServiceIPAddress"},{"key":"port","value":"80"},{"key":"prot","value":"tcp"},{"key":"ConnsPerSecLimit","value":"10"},{"key":"RequestsPerSecLimit","value":"10"},{"key":"MaxConnsLimit","value":"40"},{"key":"bandwidth","value":"17"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 06:02:15 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo modify the limits for an existing SubVS, run the modvs command.
\nYou can retrieve the SubVS Index by running the listvs command or by checking the Id at the top of the SubVS modify screen.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modvs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"vs","value":"3"},{"key":"ConnsPerSecLimit","value":"10"},{"key":"RequestsPerSecLimit","value":"10"},{"key":"MaxConnsLimit","value":"40"},{"key":"bandwidth","value":"17"}],"variable":[]}},"response":[{"id":"be680f7a-f0bb-4611-b7c8-f43e7a9f1cf6","name":"Modify the Limits for an Existing SubVS","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modvs?vs=3&ConnsPerSecLimit=10&RequestsPerSecLimit=10&MaxConnsLimit=40&bandwidth=17","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modvs"],"query":[{"key":"vs","value":"3"},{"key":"ConnsPerSecLimit","value":"10"},{"key":"RequestsPerSecLimit","value":"10"},{"key":"MaxConnsLimit","value":"40"},{"key":"bandwidth","value":"17"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 06:04:52 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThis section provides commands relating to the per-Virtual Service limits.
\n","_postman_id":"d3c1737d-4572-4bc6-ae9f-6f32d37ff8a2"},{"name":"URL-Based Limiting Rules","item":[{"name":"List the Existing URL-Based Limiting Rules","id":"f3f82f50-4c9a-4ab2-bea0-57b5840fe8ed","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listlimitrules","description":"You can list the existing URL-based limiting rules by running the listlimitrules command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","listlimitrules"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"2e2fd24a-917d-4e17-a504-d894fb5efc96","name":"List the Existing URL-Based Limiting Rules","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listlimitrules"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 06:09:12 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can add a new URL-based limiting rule by running the addlimitrule command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addlimitrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"ExampleRule"},{"key":"pattern","value":"/test/a.html"},{"key":"limit","value":"5"},{"key":"match","value":"0"}],"variable":[]}},"response":[{"id":"93657cd9-4df5-4dca-a0ec-f64e0660e8db","name":"Add a New URL-Based Limiting Rule","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addlimitrule?name=ExampleRule&pattern=/test/a.html&limit=5&match=0","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","addlimitrule"],"query":[{"key":"name","value":"ExampleRule"},{"key":"pattern","value":"/test/a.html"},{"key":"limit","value":"5"},{"key":"match","value":"0"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 06:08:30 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can modify an existing URL-based limiting rule by running the modlimitrule command.
\nValid values for the match parameter are as follows:
\n- \n
- 0 - Request \n
- 1 - Host \n
- 2 - User Agent \n
- 64 - !Request \n
- 65 - !Host \n
- 66 - !UserAgent \n
\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modlimitrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"ExampleRule"},{"key":"pattern","value":"/test/b.html"},{"key":"limit","value":"5"},{"key":"match","value":"0"}],"variable":[]}},"response":[{"id":"aa068e98-46af-4678-a2e2-6ba9ff77f90a","name":"Modify an Existing URL-Based Limiting Rule","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modlimitrule?name=ExampleRule&pattern=/test/b.html&limit=5&match=0","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modlimitrule"],"query":[{"key":"name","value":"ExampleRule"},{"key":"pattern","value":"/test/b.html"},{"key":"limit","value":"5"},{"key":"match","value":"0"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 06:10:31 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe values with an exclamation mark (!) before them matches the inverse, for example, not a specific request or not a specific user agent.
\n
You can delete an existing URL-based limiting rule by running the dellimitrule command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","dellimitrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"ExampleRule"}],"variable":[]}},"response":[{"id":"18fa5f51-9f81-4c40-a36e-9f4237f92bf1","name":"Delete an Existing URL-Based Limiting Rule","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/dellimitrule?name=ExampleRule","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","dellimitrule"],"query":[{"key":"name","value":"ExampleRule"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 06:11:29 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can move the position of an existing URL-based limiting rule by running the movelimitrule command.
\nSetting the position parameter to a value larger than the size of the list will move the rule to the end of the list.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","movelimitrule"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"ExampleRule"},{"key":"position","value":"1"}],"variable":[]}},"response":[{"id":"3726be88-67a6-48e0-97e6-35ace883f5e3","name":"Move the Position of an Existing URL-Based Limiting Rule","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/movelimitrule?name=ExampleRule&position=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","movelimitrule"],"query":[{"key":"name","value":"ExampleRule"},{"key":"position","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 06:12:38 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThis section provides commands relating to URL-based limiting rules.
\n","_postman_id":"392cbe89-14d0-4990-99e5-346f8b1568e4"}],"id":"ec2d2b1a-0726-4e95-bda7-ff93e011c41c","description":"This section contains details about the QoS/Limiting API commands and parameters. You can retrieve or configure each of these parameters using the get or set RESTful API commands. Refer to the Using get and set commands section for details about the get and set commands.
\nThe following limiting parameters can be retrieved or configured using the get or set commands:
\n- \n
MaxConnsLimit: The maximum number of simultaneous connections (TCP and UDP).
\n \nMaxCPSLimit: The global connection limit (per second).
\n \nMaxRPSLimit: The global request limit (per second).
\n \nMaxBandwidthLimit: The global bandwidth limit (kilobits per second)
\n \nSendRateLimitError: This parameter accepts the following values:
\n- \n
- 0 - no error response (the connection is simply dropped) \n
- 1 - Send 429 Too Many Requests error response \n
- 2 - Send 503 Service Unavailable error response \n
\nRateLimitFail: Fail on rate limit. This parameter accepts the following values:
\n- \n
- 0 - disabled the LoadMasterttempts to select a different RS or SubVS to use for the connection) \n
- 1 - enabled (forces an error) \n
\nLimitLogging: Generate a summary log entry every 5 seconds. This parameter accepts the following values:
\n- \n
- 0 - disabled \n
- 1 - enabled \n
\nClientRepeatDelay: Set the minimum time after a client is no longer limited before a new message is generated. If a client generates a message and continues to be blocked for continuously hitting the limit, no new message is generated. Only if the client goes quiet for the delay period will a new message be generated. Valid values range from 10 - 86400 seconds.
\n \nClientMaxConnsLimit: This limits the default maximum number of concurrent connection attempts (per second) from a specific host. Setting the limit to 0 disables this option. Valid values range from 0 - 1000000.
\n \nClientCPSLimit: The global client connection limit.
\n \nClientRPSLimit: The global client request limit.
\n \nClientMaxBandwidthLimit: The global client maximum bandwidth limit.
\n \n
To list all local users and their permissions, run the userlist command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","userlist"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"9208cbe5-950d-4c65-9f26-3e543994565b","name":"List All Local Users","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/userlist"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 06:38:21 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo add a new local user, run the useraddlocal command.
\nName | Type | Description | Mandatory |
user | String | The username of the new user. | Yes |
password | String | The password of the new user. | Yes – unless nopass or radius is set to yes. |
radius | Boolean | Determines whether the user will use RADIUS server authentication or not when logging in to the LoadMaster. The RADIUS server details must be set up before this option can be enabled. | No |
nopass | Boolean | This option is only valid if session management is enabled. Set this option to yes to create a user with no password. This can be used to allow certificate-based access. For further information, please refer to the Local Certificate Management section. | No |
To change the password of a local user, run the userchangelocpass command.
\n\n\nThe username is case sensitive - ensure to enter the username exactly as it has been set.
\n
All parameters are required. The radius parameter determines whether the user will use RADIUS server authentication or not when logging in to the LoadMaster. The RADIUS server details must be set up before this option can be used.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","userchangelocpass"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"user","value":"bal01"},{"key":"password","value":"InsertPassword"},{"key":"radius","value":"0"}],"variable":[]}},"response":[{"id":"8ecc4954-711c-4c21-ab8e-3fd2dc0471d0","name":"Change the Password of a Local User","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/userchangelocpass?user=bal01&password=InsertPassword&radius=0","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","userchangelocpass"],"query":[{"key":"user","value":"bal01"},{"key":"password","value":"InsertPassword"},{"key":"radius","value":"0"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 06:42:00 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo change the password of the default bal user, run the usersetsyspassword command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","usersetsyspassword"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"currpassword","value":"InsertPassword"},{"key":"password","value":"InsertNewPassword"}],"variable":[]}},"response":[{"id":"7abfa377-a834-450b-8f10-151fb3457a83","name":"Change the System Password","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/usersetsyspassword?currpassword=InsertPassword&password=InsertNewPassword","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","usersetsyspassword"],"query":[{"key":"currpassword","value":"InsertPassword"},{"key":"password","value":"InsertNewPassword"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 08:24:43 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo set the minimum password length for local users, run the set command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","set"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"param","value":"minpassword"},{"key":"value","value":"8"}],"variable":[]}},"response":[{"id":"cd28229c-42d3-4913-8d63-4427a2cbf375","name":"Set the Minimum Password Length","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/set?param=minpassword&value=8","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","set"],"query":[{"key":"param","value":"minpassword"},{"key":"value","value":"8"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 08:27:56 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo display permissions for a particular local user, run the showlist command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","usershow"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"user","value":"bal01"}],"variable":[]}},"response":[{"id":"1c8ed781-57bc-45b3-8c35-9fbd1077b4c8","name":"Show Permissions for a Particular Local User","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/usershow?user=bal01","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","usershow"],"query":[{"key":"user","value":"bal01"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 08:31:06 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo set permissions for a local user, run the usersetperms command.
\nMultiple permissions can be set at the same time by separating the values with a comma.
\n\n\nRunning this command will overwrite any previous permissions for this user. For example, if a user had the rules permission and you ran the command listed above, the user would no longer have the rules permission but would have the real and vs permission.
\n
Valid values for the perms parameter are listed and described in the table below.
\nValue | Description |
real | This role permits enabling and disabling Real Servers. Users with the Real Servers permission cannot add SubVSs. |
vs | This role relates to managing Virtual Services. This includes SubVSs. Virtual Service actions permitted vary depending on whether or not the extendedperms parameter is enabled. For further information, refer to the User Management Feature Description. |
rules | This role permits managing Rules. Rule modifications permitted include add, delete and modify. |
backup | This role permits performing system backups. |
certs | This role permits managing SSL Certificates. Certificate management includes adding, deleting and modifying SSL Certificates. |
cert3 | This role permits managing intermediate Certificates. Certificate management includes the ability to add and delete intermediate certificates. |
certbackup | This role permits the ability to export and import certificates. |
users | This role is allowed access to all functionality within the System Configuration > System Administration > User Management WUI screen. |
root | This role gives users all permissions except the permission to change the bal password and the permission to create or delete other users. |
geo | This role is used only with the LoadMaster GEO product. For more information on GEO and the Global Server Load Balancing (GSLB) Feature Pack, refer to the GEO Feature Description. |
addvs | This parameter can only be enabled if the extendedperms parameter is enabled. This role relates to managing Virtual Services. This includes SubVSs. Refer to the User Management Feature Description for further details on the permissions provided by this option. |
| To set the permissions to none, leave the parameter blank, for example &perms= |
To return a previously generated certificate for a user, run the userreadcert command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","userreadcert"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"user","value":"bal01"}],"variable":[]}},"response":[{"id":"1a826dd1-22c2-45ed-8842-65d4a3c7ec15","name":"Return a Previously Generated Certificate for a User","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:{{vault:authorization-password}}@InsertLoadMasterIPAddress/access/userreadcert?user=bal01","protocol":"https","auth":{"user":"bal","password":"{{vault:authorization-password}}"},"host":["InsertLoadMasterIPAddress"],"path":["access","userreadcert"],"query":[{"key":"user","value":"bal01"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 08:45:42 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo download a previously generated certificate for a user, run the userdownloadcert command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","userdownloadcert"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"user","value":"bal01"}],"variable":[]}},"response":[{"id":"4feb13c5-6793-45fb-a423-1417d77409d3","name":"Download a Previously Generated Certificate for a User","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:{{vault:authorization-password}}@InsertLoadMasterIPAddress/access/userdownloadcert?user=bal01","protocol":"https","auth":{"user":"bal","password":"{{vault:authorization-password}}"},"host":["InsertLoadMasterIPAddress"],"path":["access","userdownloadcert"],"query":[{"key":"user","value":"bal01"}]}},"status":"OK","code":200,"_postman_previewlanguage":"raw","header":[{"key":"Date","value":"Tue, 13 Aug 2024 08:44:14 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"application/octet-stream"},{"key":"Content-Disposition","value":"inline; filename=\"EXAMPLE\""}],"cookie":[],"responseTime":null,"body":"-----BEGIN CERTIFICATE-----\nCertificate contents would appear here\n-----END RSA PRIVATE KEY-----\n"}],"_postman_id":"265ebf98-bd42-47e9-acb4-f9863014ec6b"},{"name":"Generate a New Certificate for a User","id":"3da8b19e-54f1-48d4-bf88-de89b1fe3e36","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/usernewcert?user=bal01&passphrase=ExamplePassphrase","description":"To generate a new certificate for a user, run the usernewcert command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","usernewcert"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"user","value":"bal01"},{"key":"passphrase","value":"ExamplePassphrase"}],"variable":[]}},"response":[{"id":"638fe069-9fdd-4914-868d-c26adefa4513","name":"Generate a New Certificate for a User","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/usernewcert?user=bal01&passphrase=ExamplePassphrase","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","usernewcert"],"query":[{"key":"user","value":"bal01"},{"key":"passphrase","value":"ExamplePassphrase"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 08:43:01 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe passphrase is optional. If entered, it will be used to encrypt the private key.
\n
To delete an existing user certificate, run the userdelcert command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","userdelcert"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"user","value":"bal01"}],"variable":[]}},"response":[{"id":"cd9708ad-712b-4bcd-9667-23c070a45669","name":"Delete an Existing User Certificate","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/userdelcert?user=bal01","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","userdelcert"],"query":[{"key":"user","value":"bal01"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 09:09:36 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete a local user, run the userdellocal command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","userdellocal"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"user","value":"bal01"}],"variable":[]}},"response":[{"id":"36d02b8e-37ac-4ed0-a5a6-c7763117ddda","name":"Delete a Local User","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/userdellocal?user=bal01","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","userdellocal"],"query":[{"key":"user","value":"bal01"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 09:15:03 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo return a list of existing groups and their associated permissions, run the grouplist command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","grouplist"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"f379a2f9-5a0d-48da-bca4-7103ea9d7209","name":"Return a List of Existing Groups","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/grouplist"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 09:32:06 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo display permissions for a specific user group, run the groupshow command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","groupshow"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"group","value":"Test01"}],"variable":[]}},"response":[{"id":"c9ef411a-0460-46c6-b9b6-209f9ecc90d0","name":"Show Permissions for a Specific User Group","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/groupshow?group=Test01","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","groupshow"],"query":[{"key":"group","value":"Test01"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 09:30:57 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo add a new group, run the groupaddremote command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","groupaddremote"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"group","value":"Test01"}],"variable":[]}},"response":[{"id":"3f5a1982-48e7-45a9-8b62-575bf1dd9081","name":"Add a New Group","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/groupaddremote?group=Test01","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","groupaddremote"],"query":[{"key":"group","value":"Test01"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 09:17:26 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe following characters are permitted in the group name: alphanumeric characters, spaces, or the following special symbols: =~^._+#,@/-.
\n
To configure permissions for a group, run the groupsetperms command.
\nEnter a comma-separated list of permissions in the perms parameter. The valid values for the perms parameter are the same as the ones for the usersetperms command, as outlined in the Set Permissions for a Local User section.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","groupsetperms"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"group","value":"Test01"},{"key":"perms","value":"real,vs"}],"variable":[]}},"response":[{"id":"2f1f2ed4-4fef-4cc1-9c10-f80872e6699b","name":"Configure Permissions for a Group","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/groupsetperms?group=Test01&perms=real,vs","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","groupsetperms"],"query":[{"key":"group","value":"Test01"},{"key":"perms","value":"real,vs"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 09:29:02 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo delete an existing group, run the groupdelremote command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","groupdelremote"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"group","value":"Test01"}],"variable":[]}},"response":[{"id":"737d52e3-de46-4455-aadc-5cce6405bd44","name":"Delete an Existing Group","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/groupdelremote?group=Test01","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","groupdelremote"],"query":[{"key":"group","value":"Test01"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 09:39:32 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe Virtual Service operations permitted to vary depending on whether or not the extendedperms parameter is enabled. For further information, refer to the User Management Feature Description document on the Documentation Page.
\nThe extendedperms parameter can be managed using the get and set commands. Refer to the Using get and set commands section for further information on how to use these commands.
\nThe extendedperms parameter is Boolean - set it to 1 to enable extended permissions, or 0 to disable extended permissions.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","get"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"param","value":"extendedperms"}],"variable":[]}},"response":[{"id":"e9c158b4-22fc-4718-8e3f-bed0718f4906","name":"Enable or Disable the Extended Permissions Parameter","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/get?param=extendedperms","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","get"],"query":[{"key":"param","value":"extendedperms"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 09:36:13 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRefer to the following sections for details on the RESTful API commands and parameters relating to LoadMaster user management.
\n","_postman_id":"89635da7-73ac-4538-822a-6cc5ee1eb84c"},{"name":"Licensing","item":[{"name":"License the LoadMaster using Online Licensing","id":"d5478b06-9908-4c64-9aa2-531cdf6da588","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/alsilicense?kempid=InsertProgressID&password=InsertProgressIDPassword","description":"The AlsiLicense command updates the LoadMaster’s license online. To cause the LoadMaster to query the Progress Kemp licensing system for an updated license, and update the license if one is available, run the AlsiLicense command:
\nName | Type | Description | Mandatory |
kempid | String | The email address used when registering for a Progress ID. | Yes |
password | String | The Progress ID account password. | Yes |
http_proxy | String | Specify the HTTP(S) proxy server and port, in the format ProxyAddress:Port. | No |
lic_type_id | String | The license type ID. If you specify an order ID, the license type ID is not required. To retrieve the license ID, run the alsilicensetypes command. Refer to theRetrieve the Available License Typessection for further details. | No |
orderid | String | Specify the order ID received from Progress Kemp. The order ID is usually provided by Progress Kemp after purchasing the license in the Kemp VLM Activation Instructions document. | Yes |
The LoadMaster’s license can be updated offline by using the license command.
The License BLOB is emailed to the customer when requested. Each time a license is updated a new BLOB is needed.
The BLOB is the body of text from the word begin to the word end. The BLOB must be copied and pasted into a text file (in the following example the file is called license.txt). For more information on licensing (including details on how to retrieve a BLOB), please refer to the Licensing, Feature Description.
\nThis command uploads the BLOB file to the LoadMaster. The command assumes that the license.txt file is in the current directory. If the license.txt file is stored elsewhere, specify the path to the file after the @ symbol.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","license"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"63bc6a51-e404-4be3-9a4b-9e249e187fe6","name":"License","originalRequest":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/ExampleFiles/LicenseBlob5.txt"},"options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/license"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 26 Jul 2022 14:28:35 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"application/xml","description":"","type":"text"}],"cookie":[],"responseTime":null,"body":"\nThe licensing access key can be obtained by the accesskey command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","accesskey"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"","value":""}],"variable":[]}},"response":[{"id":"44b581b6-b06e-4f25-bc41-6ecbf4614dd6","name":"Get the Licensing Access Key","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/accesskey?","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","accesskey"],"query":[{"key":"","value":null}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 09:57:00 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nIf the Activation Server Lite (ASL) functionality was used to license a LoadMaster, the KillASLInstance command can be run to deactivate the client LoadMaster license.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","killaslinstance"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"345348ec-2a96-4cf2-bbdb-d384dc7e3e24","name":"Kill ASL Instance","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/killaslinstance"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 15:35:38 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nWe strongly recommend deregistering a LoadMaster using the Kemp 360 Central UI/API, rather than the LoadMaster UI/API. Deregistering a LoadMaster from the LoadMaster UI/API can lead to the LoadMaster having an unknown state in Kemp 360 Central. In these cases, it is not easy to remove the LoadMaster from Kemp 360 Central and the unknown LoadMaster is still taking up an available license.
\n
To deactivate a non-SPLA (Service Provider License Agreement) client LoadMaster license, run the kill_instance command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","kill_instance"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"InsertProgressID"},{"key":"passwd","value":"InsertProgressIDPassword"},{"key":"kill","value":"1"}],"variable":[]}},"response":[{"id":"b18969e1-145b-4e16-8f80-a4ef8082fbca","name":"Deactivate a non-SPLA License","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:{{vault:authorization-password}}@InsertLoadMasterIPAddress/access/kill_instance?name=InsertProgressID&passwd=InsertProgressIDPassword&kill=1","protocol":"https","auth":{"user":"bal","password":"{{vault:authorization-password}}"},"host":["InsertLoadMasterIPAddress"],"path":["access","kill_instance"],"query":[{"key":"name","value":"InsertProgressID"},{"key":"passwd","value":"InsertProgressIDPassword"},{"key":"kill","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Fri, 16 Aug 2024 11:10:09 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nDo not run this command unless instructed to by Kemp Support.
\n
Similar to when initially licensing a LoadMaster, a license may be updated using the online or offline method.
Offline licensing requires a Binary Large OBject (BLOB) file which is provided by Progress Kemp.
When updating online, only a Progress ID and password are needed.
For further information on licensing, refer to the Licensing, Feature Description.
The LoadMaster can be shut down using the shutdown command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","shutdown"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"e2820abc-521a-465f-90a2-4f76417e0de3","name":"Shut Down the LoadMaster","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/shutdown"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 13:04:09 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe LoadMaster can be rebooted using the reboot command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","reboot"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"f8d2ad71-63ae-4c3b-b2fe-0e496f306f1c","name":"Reboot the LoadMaster","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/reboot"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 10:22:46 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRefer to the following sections for details on commands to shut down and reboot the LoadMaster.
\n","_postman_id":"1c69f97a-0463-4c0e-ac41-231b8001ca54"},{"name":"Update Software","item":[{"name":"Upgrade to a Newer Version of Software","id":"48e12399-d99a-4b0b-80ac-28de4161f137","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/ExampleFiles/7.2.60.0.22525.DEV.PATCH-64-MULTICORE"}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/installpatch","description":"The LoadMaster can be upgraded to a new version of software by using the installpatch command.
\n\n\nWhen upgrading to LoadMaster version 7.2.61 or above, you must set the confirm parameter to yes to successfully install the patch.
\n
\n\nThe file being uploaded must be a valid patch file. If the file does not work in the UI it will not work using a RESTful API command.
\n
\n\nWhen updating LoadMaster hardware, starting with 7.2.54.5, you can only update a hardware LoadMaster with an image that supports the boot method used by the hardware. The newer NG models (introduced in 2023) use the UEFI boot method, while earlier models use the BIOS boot method. If you attempt to update a hardware appliance with an updated image that doesn’t support the boot method used by the appliance, the update process stops and the following message is displayed:
\n
The system cannot be updated with the provided image, which is not supported on the hardware platform on which you are attempting to install it.
\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","installpatch"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"512ef9b2-debb-4a68-9acd-38521f022f9a","name":"Upgrade to a Newer Version of Software","originalRequest":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/ExampleFiles/7.2.60.0.22525.DEV.PATCH-64-MULTICORE"}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/installpatch"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 13:19:54 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nAll LoadMaster -NG hardware models (introduced in 2023) require UEFI-capable patches, and so cannot be updated with any patch earlier than 7.2.54.6, or between 7.2.55.0 and 7.2.59.1 (inclusive).
\n
You may want to check the previously installed LoadMaster firmware version in certain situations, for example, before you roll back to a previous firmware version. To check the previously installed firmware version, run the getpreviousversion command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","getpreviousversion"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"f0fa7e35-5696-457a-b1e2-1f72db0ae9b9","name":"Check the Previously Installed Firmware Version","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/getpreviousversion"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 13:26:04 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe previous version of firmware on the LoadMaster can be restored by using the restorepatch command.
\nThe machine needs to be rebooted for the change to take place.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","restorepatch"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"c2f971be-2f51-42e2-acf4-ea2a05b718bc","name":"Restore to a Previously Installed Version of Software","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/restorepatch"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 13:27:09 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nA list of any add-on packages that are installed on the LoadMaster can be displayed by running the listaddon command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","listaddon"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"9cf12d62-5a6f-4597-856f-bd21f68599eb","name":"List the Installed Add-On Packs","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/listaddon"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 10:36:05 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nAdd-on packs can be uploaded by running the addaddon POST command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","addaddon"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"5c666205-fcf5-464a-b745-2371a53199ea","name":"Upload or Update an Add-On Pack","originalRequest":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/ExampleFiles/lmingress-7.2.60.0.22520.RELEASE"}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/addaddon"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 13:33:47 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nIf the add-on pack already exists, the add-on pack will be updated to the version being uploaded.
\n
Add-on packs can be deleted by running the deladdon command.
\nThe name of the existing add-on packs can be displayed by running the listaddon command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","deladdon"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"name","value":"Flowmon"}],"variable":[]}},"response":[{"id":"eec5519f-ea7b-4c2d-87e3-6ddcbafc1bbd","name":"Delete Add-On Pack","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/deladdon?name=Flowmon","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","deladdon"],"query":[{"key":"name","value":"Flowmon"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 10:43:13 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRefer to the following sections for RESTful API commands relating to LoadMaster firmware and add-ons.
\n","_postman_id":"a5c7a786-b1c2-4375-af20-1d9617df1c71"},{"name":"Backup/Restore","item":[{"name":"Backup/Restore Commands","item":[{"name":"Backup LoadMaster Configuration","id":"3f6f43f2-0c4e-404a-8ae5-450ea3844f00","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/backup","description":"LoadMaster configurations can be backed up using the backup command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","backup"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"1cb2e209-96a5-4827-ad29-5391004de001","name":"Backup LoadMaster Configuration","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/backup"},"status":"OK","code":200,"_postman_previewlanguage":"raw","header":[{"key":"Date","value":"Wed, 14 Aug 2024 13:36:03 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"application/octet-stream"},{"key":"Content-Disposition","value":"inline; filename=LMBackups_lb100_2024_08_14.13_36"}],"cookie":[],"responseTime":null,"body":"To save the file, in Postman - go to the Body of the response, click the three dots on the right, and click Save response to file."}],"_postman_id":"3f6f43f2-0c4e-404a-8ae5-450ea3844f00"},{"name":"Restore LoadMaster Configuration","id":"d0b33f07-c8bc-4959-b456-2de2f23aa96d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"file","file":{"src":"/C:/ExampleFiles/LMBackups_lb100_2024_08_14.13_37"}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/restore?type=2","description":"You can resore a LoadMaster configurations by using the restore command.
\ntype takes the integer range from 1 to 15:
\nName | Type | Range | Additional Information |
type | Integer | 1-15 | 1 = LoadMaster Base configuration 2 = Virtual Service configuration 3 = Base and Virtual Service configuration 4 = GEO configuration 5 = Base and GEO configuration 6 = Virtual Service and GEO configuration 7 = Base, Virtual Service and GEO configuration 8 = ESP SSO configuration 9 = ESP SSO and base configuration 10 = ESP SSO and Virtual Service configuration 11 = ESP SSO, Virtual Service and base configuration 12 = ESP SSO and GEO configuration 13 = ESP SSO, GEO and base configuration 14 = ESP SSO, GEO and Virtual Service configuration 15 = ESP SSO, GEO, Virtual Service and Base configuration |
Refer to the following sections for the backup and restore LoadMaster commands.
\n","_postman_id":"68667c3e-6da5-4f1a-a053-3c8b4fa187aa"},{"name":"Automated Backups","item":[],"id":"aa8b3a52-82d7-4e52-b2b9-ca4faf496a52","description":"Parameters relating to automated backups that can be managed using get and set commands are detailed in the following table. Refer to the Using get and set commands section for details about the get and set commands.
\nName | Type | Default | Range | Additional Information |
backupday | Integer | Daily | 0-7 | Specify which day to perform the automated backup (or daily): 0 = Daily 1 = Monday 2 = Tuesday 3 = Wednesday 4 = Thursday 5 = Friday 6 = Saturday 7 = Sunday |
backupenable | Boolean | N |
| Enable automated timed backups (using FTP, SCP, or SFTP). |
backuphost | String |
|
| Set the IP address or hostname of the remote host to which you want the backup archives sent, optionally followed by a colon and the port number. If no port is specified, the default port for the selected protocol is used. |
backuphour | Integer | 0 | 0-23 | The hour to perform the automated backup. 0 = Midnight 23 = 11pm |
backupminute | Integer | 0 | 0-59 | The minute to perform the automated backup. Note the range values are full minutes |
backupsecure | Boolean | 0 - ftp | 0 – ftp (insecure) 1 – scp (secure) | Specify the file transfer method for automated backups. This is a legacy parameter. You cannot specify sftp (secure) if using this parameter. To set the Backup Method to sftp (secure) use the backupmethod parameter. |
| backupmethod | String | wput | Specify the file transfer method for automated backups. Takes a string that can be either wput, scp, or sftp. Setting the backupmethod to wput sets the Backup Method field to Ftp (insecure). | |
backuppassword | String |
|
| The password of the remote user. This parameter is used when the backupsecure method is set to 0 (Ftp (insecure)). |
backupident | File |
|
| If using scp or sftp as the backupmethod, the remote identity value must be provided. This is the SSH private key generated using ssh-keygen on the remote scp server. The key file must be encoded in base64 before uploading. This parameter can only be set – running a get on this parameter returns some asterisks. |
backuppath | String |
|
| Specify the remote path name. |
backupuser | String |
|
| Specify the remote username. |
\n\n","_postman_id":"aa8b3a52-82d7-4e52-b2b9-ca4faf496a52"}],"id":"a441bb8e-b75b-44d1-9309-7f5e7cf1e7c5","description":"You cannot use the Test Automated Backups functionality using the API. You can do this using the UI if needed.
\n
Refer to the following sections for RESTful API commands relating to backing up and restoring the LoadMaster configuration.
\n","_postman_id":"a441bb8e-b75b-44d1-9309-7f5e7cf1e7c5"},{"name":"Date/Time Settings","item":[],"id":"696bc9cb-e2a8-4600-ac40-31342f299ec4","description":"Parameters relating to the date and time that can be managed using get and set commands are detailed in the following table. Refer to the Using get and set commands section for details about the get and set commands.
\nName | Type | Additional Information |
ntphost | S | Specify the host from which the LoadMaster will set the time. Multiple hosts can be specified in a space-separated list. Please escape the spaces using 20 percent. The time will be set from the first host to return a valid answer. |
time | I | The time in hours, minutes and seconds. |
timezone | S | The timezone where the LoadMaster is located |
ntpkeyid | I | The NTP key ID. Valid values range from 1 to 99. |
ntpkeysecret | S | The NTP shared secret string. The NTP secret can be a maximum of 40 characters long. If the secret is more than 20 characters long, it is treated as a hex string. Setting this value to an empty string will disable the NTPv4 feature. |
ntpkeytype | S | Specify the NTP Key Type. The valid values are SHA-1 (SHA1), legacy SHA (SHA), and MD5 (M). Note that the values are case sensitive and must be in uppercase. |
\n\n","_postman_id":"696bc9cb-e2a8-4600-ac40-31342f299ec4"}],"id":"5f81f3cc-841c-4145-8b12-c614b160fc4b","description":"It is not possible to set the time using a RESTful API command.
\n
Various system administration tasks can be completed using the RESTful API.
\n","_postman_id":"5f81f3cc-841c-4145-8b12-c614b160fc4b"},{"name":"Logging Options","item":[{"name":"Manage System Logs","item":[{"name":"List System Log Files","id":"f4cd7f91-dbb1-4454-83d7-3efb587f8bd5","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/listsyslogfiles","description":"To list the existing system log files, run the logging/listsyslogfiles command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","logging","listsyslogfiles"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"29832ff1-b86d-4937-b702-4abce5d4bb63","name":"List System Log Files","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/listsyslogfiles"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 12 Aug 2024 11:12:00 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo clear all the system log files, run the clearlogs command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","logging","clearlogs"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"1062b4a2-87bc-4182-a20e-7f2e2d77fab9","name":"Clear the System Log Files","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/clearlogs"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 12 Aug 2024 11:19:14 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe legacy command before clearlogs was resetlogs.
\n
To clear a specific log file, run the clearlogs command with the fsel parameter.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","logging","clearlogs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fsel","value":"check_addons_nodel"}],"variable":[]}},"response":[{"id":"e570857a-ebcd-485d-b492-882517bf47b6","name":"Clear a Specific Log File","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/clearlogs?fsel=check_addons_nodel","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","logging","clearlogs"],"query":[{"key":"fsel","value":"check_addons_nodel"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 12 Aug 2024 11:14:20 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo save all the system log files, run the savelogs command.
\nIf you run this command in the command line, ensure to add the output parameter, for example, --output or -o when using cURL.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","logging","savelogs"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"bdab33d6-2b9e-4c23-8188-265685e42bfd","name":"Save the System Log Files","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/savelogs"},"status":"OK","code":200,"_postman_previewlanguage":"raw","header":[{"key":"Date","value":"Mon, 12 Aug 2024 11:16:08 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"application/octet-stream"},{"key":"Content-Disposition","value":"inline; filename=LM_lb100_2024_08_12.11.16.tar.gz"}],"cookie":[],"responseTime":null,"body":"To save the file, in Postman - go to the Body of the response, click the three dots on the right, and click Save response to file."}],"_postman_id":"0d4a0fec-86d5-40e5-8e70-ad2f01b08e25"},{"name":"Save a Specific Log File","id":"8ec5da7c-a7a5-41bf-9cf4-bd944e98a324","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/savelogs?fsel=boot.msg","description":"The legacy command before savelogs was downloadlogs.
\n
To save a specific log file, run the savelogs command with the fsel parameter.
\nIf you run this command in the command line, ensure to add the output parameter, for example, --output or -o when using cURL.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","logging","savelogs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fsel","value":"boot.msg"}],"variable":[]}},"response":[{"id":"5f46782b-98df-43f5-a0c6-b77440c11529","name":"Save a Specific Log File","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/savelogs?fsel=boot.msg","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","logging","savelogs"],"query":[{"key":"fsel","value":"boot.msg"}]}},"status":"OK","code":200,"_postman_previewlanguage":"raw","header":[{"key":"Date","value":"Tue, 13 Aug 2024 15:29:08 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"application/octet-stream"},{"key":"Content-Disposition","value":"inline; filename=LM_lb100_2024_08_13.15.29.tar.gz"}],"cookie":[],"responseTime":null,"body":"To save the file, in Postman - go to the Body of the response, click the three dots on the right, and click Save response to file."}],"_postman_id":"8ec5da7c-a7a5-41bf-9cf4-bd944e98a324"}],"id":"17a6492d-6def-4077-a7af-45e163c7956c","description":"Refer to the following sections for details on RESTful API commands relating to managing system logs.
\n","_postman_id":"17a6492d-6def-4077-a7af-45e163c7956c"},{"name":"Ping Host","item":[{"name":"Perform a Ping","id":"3824568f-868f-4779-b240-ca593ace0da5","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/ping?addr=progress.com","description":"To perform a ping, run the ping command.
\nParameter | Parameter Type | Parameter Description | Mandatory |
addr | Address | Specify the host to perform the ping on. This parameter accepts an IPv4 address, IPv6 address, FQDN, or hostname. | Yes |
intf | Integer | Specify the ID of the interface from which the ping should be sent from. If the interface is not specified here, the correct interface to ping an address on a particular network will be automatically selected. | No |
The LoadMaster tries to auto-detect what type of ping to use (ping for IPv4 and ping6 for IPv6).
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","logging","ping"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"addr","value":"progress.com"}],"variable":[]}},"response":[{"id":"e4f9abe4-518a-48ae-a884-87057526c9d5","name":"Perform a Ping","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/ping?addr=progress.com","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","logging","ping"],"query":[{"key":"addr","value":"progress.com"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 12 Aug 2024 11:27:22 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe ping command returns a 200 OK success message even if an incorrect or non-existing interface is provided.
\n
To force a ping6 on an IPv6 address, run the ping6 command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","logging","ping6"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"addr","value":"InsertIPv6Address"}],"variable":[]}},"response":[{"id":"06ed3977-4244-452b-8e3d-a0119c486b3b","name":"Perform a Ping (IPv6)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:{{vault:authorization-password}}@InsertLoadMasterIPAddress/access/logging/ping6?addr=InsertIPv6Address","protocol":"https","auth":{"user":"bal","password":"{{vault:authorization-password}}"},"host":["InsertLoadMasterIPAddress"],"path":["access","logging","ping6"],"query":[{"key":"addr","value":"InsertIPv6Address"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Mon, 12 Aug 2024 11:30:54 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe ping command returns a 200 OK success message even if an incorrect or non-existing interface is provided.
\n
The following sections provide details on the ping RESTful API commands.
\n","_postman_id":"ecf72e99-150c-4cf6-b19f-577a1a7bbbfe"},{"name":"Run a Traceroute","item":[{"name":"Perform a Traceroute","id":"a3d71b6b-9cca-474d-83b6-25b29cfb513e","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/traceroute?addr=progress.com","description":"To perform a traceroute, run the logging/traceroute command.
\nThe addr parameter accepts an IPv4 address, IPv6 address, FQDN, or hostname.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","logging","traceroute"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"addr","value":"progress.com"}],"variable":[]}},"response":[{"id":"56b9f220-b11d-4a91-80cf-aa88fc730f01","name":"Perform a Traceroute","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/traceroute?addr=progress.com","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","logging","traceroute"],"query":[{"key":"addr","value":"progress.com"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 05:18:36 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRefer to the following section for details on the traceroute command.
\n","_postman_id":"bb4f9e5d-0bcf-459d-bc2a-169357386f3b"},{"name":"Debug Options","item":[{"name":"Get/Set Debug Options","item":[],"id":"bbf7bcd9-0812-419f-82a9-0bd8f5685abf","description":"Parameters relating to Debug Options that can be managed using get and set commands are detailed in the table below. Refer to the Using get and set commands section for details on the get and set commands.
\nName | Type | Parameter Description |
| irqpinning | B | You can use this parameter to enable or disable Interrupt Request Line (IRQ) pinning. This is disabled by default. Warning: Only enable this option in consultation with Progress Kemp Support. Note: When you change the IRQ pinning option from off to on, IRQ pinning is enabled on all network interfaces that are assigned an IP address. When IRQ pinning is enabled and you add an IP address to an unconfigured interface, that interface will not have IRQ pinning enabled until you either toggle the IRQ pinning off and back on again, or the system is rebooted. |
irqbalance | B | The purpose of IRQBalance is distribute hardware interrupts across processors on a multiprocessor system. This should only be enabled after consultation with Progress Kemp technical support. |
| tcpsack | B | Use this parameter to enable or disable TCP SACK (Selective ACKnowledgement) processing. This is a global setting that affects all Layer 7 Virtual Services. It only works if TCP SACK is enabled on a Virtual Service client and the LoadMaster. |
| IPV6forwarding | B | Enable this parameter to enable Layer 4 IPv6 forwarding. Disable this option for full IPv6 conformance. |
| EnableISetupCli | B | Enable or disable the Command Line Interface (CLI) Service Management function. |
linearesplogs | B | By default, the LoadMaster deletes older log files. If this parameter is enabled, older log files will no longer be deleted. If the filesystem fills up, further access using the LoadMaster is blocked. |
| dhcpv6 | B | When this parameter is enabled, the DHCPv6 client will run on the primary interface. This provides the capability to obtain an IPv6 address on boot. If you want DHCPv6 to be run on every boot, keep this option enabled. However, this is a long running process and it keeps running in the background when it is enabled so if you only need an IPv6 address to be assigned and you do not need to renew and release the IPv6 address you should disable this option after the IPv6 address is assigned. |
Display the RAID controller details, including the model name, serial number, capacity, state, status, level, and total members in the RAID, by running the getraidinfo command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","getraidinfo"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"daab98a0-5723-4414-bff5-57622aa29510","name":"Retrieve RAID Information","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/getraidinfo"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 14:13:49 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nDisplay details about the RAID disks, including the model name, serial number, firmware version, capacity, type, and speed, by running the getraiddisksinfo command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","getraiddisksinfo"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"40c5b9c6-50af-43da-934e-788d684c6950","name":"Retrieve RAID Disk Information","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/getraiddisksinfo"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 15 Aug 2024 14:16:13 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRefer to the following sections for details on how to retrieve Redundant Array of Independent Disks (RAID) controller details.
\n","_postman_id":"3089a229-62c0-4fdb-a40c-068a1ca9a71d"},{"name":"Other Debug Commands","item":[{"name":"Reset Statistics","id":"4e60863c-3e10-4265-bc3e-082316621aaf","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/resetstats","description":"Reset the statistics by running the resetstats command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","logging","resetstats"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"b86a372e-6939-41a6-8a23-0595ea810729","name":"Reset Statistics","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/resetstats"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 04:45:48 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nYou can flush the SSO authentication cache by running the logging/ssoflush command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","logging","ssoflush"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"4b274e60-8c0c-494c-acb4-4e9d88add805","name":"Flush the SSO Authentication Cache","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/ssoflush"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 04:46:47 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRefer to the following sections for details on some other debugging options.
\n","_postman_id":"23f5d714-edcc-4587-8ceb-a4dc71cc73d9"}],"id":"ce79c936-a61a-4049-b57d-8e82b42a6c03","description":"Refer to the following sections for details on the debug option RESTful API parameters.
\n","_postman_id":"ce79c936-a61a-4049-b57d-8e82b42a6c03"},{"name":"Extended Log Files","item":[{"name":"List the Extended Log Files","id":"883c8f40-95c4-4f6d-a555-5481f27b5c7e","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/listextlogfiles","description":"To list the existing extended log files, run the logging/listextlogfiles command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","logging","listextlogfiles"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"35667e3b-2f49-4b80-9101-d89d9221d8e6","name":"List the Extended Log Files","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/listextlogfiles"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 04:51:13 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo clear the extended log files, run the clearextlogs command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","logging","clearextlogs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fsel","value":"lmingress.log"}],"variable":[]}},"response":[{"id":"feefe5ae-bb1d-427d-a22c-59dfebef7476","name":"Clear Extended Log Files","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/clearextlogs?fsel=lmingress.log","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","logging","clearextlogs"],"query":[{"key":"fsel","value":"lmingress.log"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 15:41:38 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo save the extended log files, run the saveextlogs command.
\nTo save all non-rotated log files, omit the fsel parameter.
\nIf you run this command in the command line, ensure to add the output paramter, for example, \\--output or \\-o when using cURL.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","logging","saveextlogs"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"fsel","value":"lmingress.log"}],"variable":[]}},"response":[{"id":"01301a9a-3c01-45eb-8feb-25baece0ea54","name":"Save Extended Log Files","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/saveextlogs?fsel=lmingress.log","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","logging","saveextlogs"],"query":[{"key":"fsel","value":"lmingress.log"}]}},"status":"OK","code":200,"_postman_previewlanguage":"raw","header":[{"key":"Date","value":"Tue, 13 Aug 2024 15:44:18 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"application/octet-stream"},{"key":"Content-Disposition","value":"inline; filename=LM_lb100_EXTLOG_2024_08_13.15.44.tar.gz"}],"cookie":[],"responseTime":null,"body":"To save the file, in Postman - go to the Body of the response, click the three dots on the right, and click Save response to file."}],"_postman_id":"babf34b2-bbb7-4b94-96cb-07cf841bb064"},{"name":"Check if Extended ESP Logging is Enabled","id":"3905852a-0f10-453a-b977-616083682830","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/isextesplogenabled","description":"To check if the Local Extended ESP Logs option is currently enabled, run the isextesplogenabled command.
\nIf Disable Local Extended ESP Logs is disabled (the default option), messages are written to the extended ESP logs expediently and are not sent to any remote syslog servers that are defined.
If Disable Local Extended ESP Logs is enabled, no messages are written to the extended ESP logs and messages are only sent to the remote logger (if one is defined). If a remote logger is not defined, no logs are recorded.
You can no longer configure the system to both populate the local extended ESP logs and send the same messages to remote syslog servers, as it was in previous releases.
To disable extended ESP logging, run the disableextesplog command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","logging","disableextesplog"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"4e20097a-4cde-4a45-8f96-c9e6dca2e9d5","name":"Disable Extended ESP Logging","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/disableextesplog"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 05:04:28 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo enable extended ESP logging, run the enableextesplog command.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","logging","enableextesplog"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"8d953f53-83f7-4ea4-88e4-0897de0c2e85","name":"Enable Extended ESP Logging","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/enableextesplog"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 05:07:35 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRefer to the following sections for details about the RESTful API commands relating to extended log files.
\n","_postman_id":"52ebcd9a-18b7-4987-beb1-79099b372b5b"},{"name":"Syslog Options","item":[{"name":"Delete All Hosts for a Syslog Level","id":"719dc6e8-7e97-405f-a9e8-b068c2cfd2a9","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/set?param=syslognotice&value=","description":"To delete all hosts for a syslog level, set the value of the syslog level to an empty string.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","set"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"param","value":"syslognotice"},{"key":"value","value":""}],"variable":[]}},"response":[{"id":"06ab7971-fc9f-4932-b64d-86d1e5656001","name":"Delete All Hosts for a Syslog Level","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/set?param=syslognotice&value=","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","set"],"query":[{"key":"param","value":"syslognotice"},{"key":"value","value":""}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 05:14:19 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nUse this option to get details of prefix added to the beginning of all syslog messages.
\nThis prefix is used to include identifiers such as a license key, which may be required by remote syslog consumers for authentication or tracking purposes.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","get"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"param","value":"syslogprefix"}],"variable":[]}},"response":[{"id":"819cad8c-2f18-4eca-971d-b180c9cc8498","name":"Get the Syslog Message Prefix","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/get?param=syslogprefix","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","get"],"query":[{"key":"param","value":"syslogprefix"}]}},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Date","value":"Wed, 20 Aug 2025 02:08:21 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nUse this option to add prefix to the beginning of all syslog messages. You can use this prefix to include identifiers such as a license key, which may be required by remote syslog consumers for authentication or tracking purposes. There is a limit of 80 characters for the prefix. Most characters are supported.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","set"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"param","value":"syslogprefix"},{"key":"value","value":"PrefixExample"}],"variable":[]}},"response":[{"id":"858a0436-bb6f-4f78-b7fc-a1a8b52f6306","name":"Set the Syslog Message Prefix","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/set?param=syslogprefix&value=PrefixExample","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","set"],"query":[{"key":"param","value":"syslogprefix"},{"key":"value","value":"PrefixExample"}]}},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Date","value":"Wed, 20 Aug 2025 02:07:10 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nParameters relating to Syslog Options that can be managed using get and set commands are detailed in the table below. Refer to the Using get and set commands section for details about the get and set commands.
\nName (SyslogLevelParam) | Type | Parameter Description |
syslogemergency | A | Use this option to set the host(s) which will receive Emergency events only. Entries must be comma-separated. Up to 10 entries are supported in total for all levels. |
syslogcritical | A | Use this option to set the host(s) which will receive Emergency and Critical events. Entries must be comma-separated. Up to 10 entries are supported in total for all levels. |
syslogerror | A | Use this option to set the host(s) which will receive Emergency, Critical, and Error events. Entries must be comma-separated. Up to 10 entries are supported in total for all levels. |
syslogwarn | A | Use this option to set the host(s) which will receive Emergency, Critical, Error, and Warning events. Entries must be comma-separated. Up to 10 entries are supported in total for all levels. |
syslognotice | A | Use this option to set the host(s) which will receive Emergency, Critical, Error, Warning, and Notice events. Entries must be comma-separated. Up to 10 entries are supported in total for all levels. |
sysloginfo | A | Use this option to set the host(s) which will receive All events. Entries must be comma-separated. Up to 10 entries are supported in total for all levels. |
syslognone | A | Use this option to delete a host, or hosts, from any syslog level. Because you can only assign a specific host to one level, you do not need to specify the syslog level to remove the host from. Entries must be comma-separated. Up to 10 entries can be deleted at once. The get command does not retrieve anything for this parameter. |
syslogport | I | Specify the port that syslog messages are sent to on the receiving hosts. |
syslogprefix | S | You can use this prefix to include identifiers such as a license key, which may be required by remote syslog consumers for authentication or tracking purposes. There is a limit of 80 characters for the Prefix field. Most characters are supported. |
syslogprot | S | Specify what protocol to use for the connection to a remote syslog server. Valid values are tcp, udp, and tls. |
syslogcert | B | This parameter is only relevant when tls is specified as the syslogprot. When syslogcert is enabled, it ensures that the host name or IP address that was used to initiate the secure connection resides in the Certificate Subject or Subject Alternative Names (SAN) of the certificate. |
Up to 10 individual IP addresses and/or hostnames can be specified for each of the Syslog fields. Multiple IP addresses/hostnames must be differentiated using a comma-separated list.
\n\n\n","_postman_id":"f38b726c-e4c4-44b8-ad5a-d9b37a1d1ad9"},{"name":"SNMP Options","item":[],"id":"f4648ea6-051d-414b-b6eb-e182c60b29ca","description":"You cannot configure the same host for multiple levels.
\n
Parameters relating to SNMP Logging Options that can be managed using get and set commands are detailed in the following table. Refer to the Using get and set commands section for details about the get and set commands.
\nName | Type | Additional Information |
snmpcommunity | S | Specify the SNMP community string. |
snmpcontact | S | Specify the contact address that is sent in SNMP responses. |
snmpenable | B | 0 - Disabled 1 - Enabled
|
snmptrapenable | B | Enable the generation of SNMP events whenever a significant event occurs. |
snmpv1sink | A | Specify the sink address for SNMP type 1 traps. |
snmpv2sink | A | Specify the sink address for SNMP type 2 traps. |
snmpV3enable | B | Enable/disable SNMP V3. 0 - Disabled 1 - Enabled |
snmpv3user | A | Specify the username. |
snmpv3userpasswd | A | Specify the user password. |
snmplocation | S | Specify the location that is sent in SNMP responses. |
snmpclient | S | Specify the list of machines that can access the SNMP subsystem. If no clients are specified, anyone can access SNMP. |
snmpHATrap | B | Send SNMP traps from the shared IP address. This option is only available when the LoadMaster is in HA mode. |
snmpAuthProt | S | Specify the relevant authentication protocol: MD5 SHA SHA is a more secure protocol. Note: These values are case sensitive - please enter them in uppercase. |
snmpV3Privenable | B | Enable the SNMP V3 private password. 0 - Disabled 1 - Enabled Note: This parameter is not supported in the LTSF LoadMaster version yet. |
snmpv3privpasswd | A | Specify the private password. Note: This parameter is not supported in the LTSF LoadMaster version yet. |
snmpPrivProt | S | Specify the relevant privacy protocol: - DES - AES AES is a more secure protocol. Note: These values are case sensitive - enter them in uppercase. |
Parameters relating to Email Logging Options that can be managed using get and set commands are detailed in the following table. Refer to the Using get and set commands section for details about the get and set commands.
\nName | Type | Range | Additional Information |
emailcritical | S |
| The email address to receive critical messages. |
emaildomain | S |
| The domain, if required, for the user account authentication. |
emailemergency | S |
| The email address to receive emergency messages. |
emailenable | B |
| Enables or disables the email logging options. |
emailerror | S |
| The email address to receive error messages. |
emailinfo | S |
| The email address to receive informational messages. |
emailnotice | S |
| The email address to receive notices. |
emailpassword | S |
| The email user's password. |
emailport | I | 0-65535 | The TCP port on which your mail server accepts connections (usually 25). |
emailserver | S |
| The host name or address of the SMTP server to send mail messages through. |
emailsslmode | I | 0-3 | Specify the type of security protocol that should be used on the connection: 0 = None 1 = STARTTLS, if available 2 = STARTTLS 3 = SSL/TLS |
emailuser | S |
| The user account with access to send email messages. |
emailwarn | S |
| The email address to receive warnings. |
Refer to the following sections for details on RESTful API commands relating to logging options.
\n","_postman_id":"257061dc-a7cc-42ba-ba1b-1f7e96b75836"},{"name":"Troubleshooting","item":[{"name":"Get/Set Debug Options","item":[],"id":"07bd5cba-f61d-4ede-a5ef-c0a512a18af0","description":"Parameters relating to Troubleshooting that can be managed using get and set commands are detailed in the table below. Refer to the Using get and set commands section for details about the get and set commands.
\nName | Type | Parameter Description |
backupnetstat | B | By default, the LoadMaster includes a Netstat output in backups taken. When this is included, backups take longer to complete. You can stop the Netstat output from being included by disabling this parameter. |
netconsole | A | Netconsole is a kernel module which logs kernel printk messages over UDP allowing debugging of problems where disk logging fails. If this parameter is populated, the syslog daemon on a specific host will receive all critical kernel messages. This can help in understanding why a LoadMaster is rebooting. Netconsole is mainly used for capturing kernel panic output. To unset this, set the value to an empty string. |
netconsoleinterface | I | The interface which hosts the Netconsole. |
Perform a top by running the logging/top command.
\nName | Type | Parameter Description |
iterations | I | Specify the number of samples (the default is 10 samples). Range: 1-30 |
interval | I | Specify the interval between them (the default is a 1 second interval). Range: 1-30 |
threads | B | Enable this option to show process threads (disabled by default). 0 - Disabled 1 - Enabled |
mem | B | By default, the results are sorted by CPU usage (so the mem parameter is defaulted at 0 - Disabled). Enable the mem parameter to sort by memory usage instead. 0 - Disabled 1 - Enabled |
Perform a top by running the logging/top command.
\nName | Type | Parameter Description |
iterations | I | Specify the number of samples (the default is 10 samples). Range: 1-30 |
interval | I | Specify the interval between them (the default is a 1 second interval). Range: 1-30 |
threads | B | Enable this option to show process threads (disabled by default). 0 - Disabled 1 - Enabled |
mem | B | By default, the results are sorted by CPU usage (so the mem parameter is defaulted at 0 - Disabled). Enable the mem parameter to sort by memory usage instead. 0 - Disabled 1 - Enabled |
By default, the LoadMaster does not include top command output in LoadMaster system backups. To include it, enable the backuptop parameter using the set command.
\nWhen included in LoadMaster system backups, top is run using the default parameters (regardless of what is configured in the UI) and is sorted by memory usage.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","set"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"param","value":"backuptop"},{"key":"value","value":"1"}],"variable":[]}},"response":[{"id":"176ba19c-2f2a-4292-b663-573dce14dce7","name":"Enable the BackupTop Parameter","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/set?param=backuptop&value=1","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","set"],"query":[{"key":"param","value":"backuptop"},{"key":"value","value":"1"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 08 Aug 2024 05:24:14 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nPerforming a top displays memory, CPU, and I/O usage for the LoadMaster. You can specify the number of samples and an interval between them (the default is 10 samples and a 1 second interval). You can also show threads and/or sort by memory usage by selecting the appropriate check boxes.
\n","_postman_id":"672db560-1d3f-4d3b-926b-52da1d425b00"},{"name":"Run the Other Debug Options","item":[{"name":"Run the Other Debug Options","id":"7006b093-8528-4332-b7f6-db5d3891b462","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/logging/meminfo","description":"These other debug options commands can be run using the API:
\n- \n
logging/ps
\n \nlogging/meminfo
\n \nlogging/ifconfig
\n \nlistifconfig
\n \nlogging/netstat
\n \nlogging/interrupts
\n \nlogging/partitions
\n \nlogging/cpuinfo
\n \nlogging/df
\n \nlogging/lspci
\n \nlogging/lsmod
\n \nlogging/slabinfo
\n \n
This section provides commands relating to other debug options.
\n","_postman_id":"41e1bb29-5e5d-4346-87f9-e4beac44331d"},{"name":"Run a TCP Dump","item":[{"name":"Run a TCP Dump","id":"b75f8df7-fb06-44f2-b93f-a2a58945576f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/tcpdump","description":"Run a TCP dump using the tcpdump command.
\nAll parameters are optional.
\nName | Type | Parameter Description | Mandatory |
maxpackets | I | The maximum number of packets to capture. The default value for this parameter is 10000. Valid values range from 1 to 200000. | N |
maxtime | I | The maximum number of seconds to capture. The default value for this parameter is 10. Valid values range from 1 to 600. | N |
interface | I | The interface(s) to monitor. The default interface is eth0. A TCP dump can be captured either by one or all Ethernet ports. | N |
port | I | The port to be monitored. | N |
address | I | The (optional) address to be monitored. | N |
tcpoptions | S | Any optional parameters needed. The maximum number of characters permitted is 255. You can use any options that you can have in a tcp dump command. For example, if you do not set the port parameter, you could set the port in the tcpoptions parameter. You could also set the protocol to udp. You can enter multiple options. | N |
The output of a TCP dump is a .pcap file, which is downloaded. You can use an application such as Wireshark to view the output.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","tcpdump"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"f09d4302-c675-443f-aefc-e98c17bd8ffb","name":"Run a TCP Dump","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/tcpdump"},"status":"OK","code":200,"_postman_previewlanguage":"raw","header":[{"key":"Date","value":"Thu, 08 Aug 2024 05:27:38 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"application/vnd.tcpdump.pcap"},{"key":"Content-Disposition","value":"inline; filename=\"tcpdump.pcap\""}],"cookie":[],"responseTime":null,"body":"To save the file, in Postman - go to the Body of the response, click the three dots on the right, and click Save response to file."}],"_postman_id":"b75f8df7-fb06-44f2-b93f-a2a58945576f"}],"id":"2af9a579-b7b5-4484-8014-51c53e3c20e1","description":"Refer to the section below for details on how to run a TCP dump using the RESTful API.
\n","_postman_id":"2af9a579-b7b5-4484-8014-51c53e3c20e1"}],"id":"5fe9dc4a-a8d6-4bf0-8e46-3f7419506cd4","description":"This section provides commands relating to troubleshooting.
\n","_postman_id":"5fe9dc4a-a8d6-4bf0-8e46-3f7419506cd4"},{"name":"Miscellaneous Options","item":[{"name":"WUI Settings","item":[{"name":"View the Third Party Acknowledgements File","id":"f59cf7c0-fb11-417e-a4ef-dfee7b97be69","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/notice","description":"You can view the third-party acknowledgments file applicable to the LoadMaster release you are running by using the notice command.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","notice"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"ba2dc4c9-a28e-4649-aa9e-0c484c274571","name":"View the Third Party Acknowledgements File","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/notice"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Thu, 08 Aug 2024 11:06:10 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\r\nWhen viewing the response in Postman, some special characters may not display correctly. If you download the file, the special characters are rendered correctly.
\n
Parameters relating to WUI Settings that can be managed using get and set commands are detailed in the following table. Refer to the Using get and set commands section for the get and set commands.
\nName | Type | Range | Description |
hoverhelp | B | 0 – Disable 1 - Enable
| This option allows the display of descriptive text when a cursor rests on a clickable option in the UI screen. |
autosave | B | 0 – Disable 1 - Enable | Disabling auto-save is currently a beta feature. Auto-save is enabled by default. If it is disabled, this option modifies the several default |
motd | S |
| This is the Message of the Day (MOTD). Either plain text or a text file can be used. The maximum number of characters is 5,000. An error will be displayed if the MOTD is greater than 5,000 characters. |
wuidisplaylines | I | 10-100 | Set the maximum number of lines which can be displayed on a single statistics page. |
\n\nIf the Message Of The Day (MOTD) is specified using the set command as above, the maximum number of characters that can be entered is 5,000.
\n
Note: To add line breaks to the motd message, use HTML code, such as the following tags:
\ncURL responses do not show HTML code as it would be shown in the WUI, for example,
appears as:
Parameters relating to L7 Configuration that can be managed using get and set commands are detailed in the following table. StartFragment
\nRefer to the Using get and set commands section for the get and set commands.
\nName | Related UI Option | Type | Range | Description |
addcookieport | Add Port to Active Cookie | B | 0 - Disabled 1 - Enabled | When using the LoadMaster behind a NATing gateway, all client addresses are the same. To create individual cookies the remote port can also be added to the cookie. Enabling this option when not needed wastes resources. |
addvia | Add Via Header In Cache Responses | B | 0 - Disabled 1 - Enabled | When enabled, a VIA header field will be added to all cache responses. The Virtual Service address will be the address used. |
allowemptyposts | Allow Empty POSTs | B | 0 - Disabled 1 - Enabled | By default the LoadMaster blocks POSTs that do not contain a Content-Length or Transfer-Encoding header to indicate the length of the requests payload. When this parameter is set to true, such requests are assumed to have no payload data and are therefore not rejected. |
forcefullrsmatch | Force Complete RS Match | B | 0 – Disabled 1 – Enabled | By default, when the LoadMaster is trying to locate a Real Server for use with content switching, it tries to use the same Real Server as currently selected, even if the port is not the same. Enabling this parameter forces the port to also be compared. |
alwayspersist | Always Check Persist | S | 0 = Only check persist on the first request of a HTTP/1.1 connection 1 = Check the persist on every request 2 = All persistent changes will be saved, even in the middle of a connection | This parameter also accepts no and yes as valid values. No and yes correspond to 0 and 1 respectively. |
closeonerror | Close on Error | B | 0 - Disabled 1 - Enabled | When enabled, the LoadMaster will always close the client connection when it sends back an error response. For Example, this changes the behaviour of the LoadMaster when sending back a 304 File not changed message after receiving an If-Modified-Since HTTP header. |
dropatdrainend | Drop at Drain Time End | B | 0 - Disabled 1 - Enabled | If enabled, all open connections to disabled Real Servers will be dropped at the end of the Real Servers Drain Stop Time OR immediately if there are no Persist entries associated with the Real Server. |
droponfail | Drop Connections on RS failure | B | 0 - Disabled 1 - Enabled | By default, existing connections are not closed if a Real Server fails. Enabling this feature causes all connections to be immediately dropped on Real Server failure |
expect100 | 100-Continue Handling | I | 0 - RFC-2616 Compliant 1 - Require 100-Continue 2 - RFC-7231 Compliant | Determines how 100-Continue Handling messages are handled. The available options are: - RFC-2616 Compliant (0): conforms with the behavior as outlined in RFC-2616 - Require 100-Continue (1): forces the LoadMaster to wait for the 100-Continue message - RFC-7231 Compliant (2): ensures the LoadMaster does not wait for 100-Continue messages. This is the default value. Modifying how 100 Continue messages are handled by the system requires an understanding of the relevant technologies as described in the RFCs listed above. It is recommended that you speak with a Kemp Technical Support engineer before making changes to these settings.
|
rfcconform | Conform to RFC | B | 0 - Disabled 1 - Enabled | By default, the LoadMaster conforms to the RFC when parsing HTTP headers. Disabling this will allow interworking with some broken browsers. |
rsarelocal | Real Servers are Local | B | 0 - Disabled 1 - Enabled | When checking to see if a client is on the local subnet, also check to see if the client is actually a Real Server. |
localbind | Allow connection scaling over 64K Connections | B | 0 - Disabled 1 - Enabled | In very high load situations, local port exhaustion can occur. Enabling this option allows the setting of alternate source addresses. This can be used to expand the number of available local ports. |
transparent | L7 Transparency | B | 0 - Disabled 1 - Enabled | Globally enable or disable the transparent handling of connections using the L7 subsystem. L4 connections are ALWAYS handled transparently. |
slowstart | Least Connection Slow Start | I | 0-600 | When using the Least Connection (or Weighted Least Connection) scheduling method, specify the time (in seconds) over which the load to a Real Server which has just come online will be throttled. |
addforwardheader | Additional L7 Header | I | 0 - X-ClientSide 1 - X-Forwarded-For 2 - None | This option (which is only available when L7 Transparency is disabled) allows the addition of either X-ClientSide or X-Forwarded For to the HTTP header. The default value is X-Forwarded-For. |
logsplitinterval | Log Insight Message Split Interval | I | 1-100 | When using Log Insight Scheduling this is the number of messages which are received on a connection before the stream is rescheduled. The default value is 10. |
authtimeout | L7 Authentication Timeout (secs) | I | 30 – 300 | The duration (in seconds) that a connection remains open for while authentication is ongoing. This value can be between 30 and 300. |
authpostwait | L7 Wait after POST(ms) | I | 1-2000 | When using KCD backend authentication, the length of time to wait for a 401 response from a POST before sending the remainder of the POST body. |
clienttokentimeout | L7 Client Token Timeout (secs) | I | 60-300 | The duration (in seconds) to wait for the client token while the process of authentication is ongoing (used for RSA SecurID and RADIUS authentication). The default value for this parameter is 120. |
ShareSubVSPersist | Share SubVS Persistence | I | 0 – Disabled 1 – Enabled | By default, each SubVS has an independent persistence table. Enabling this parameter will allow the SubVS to share this information. |
loguseragent | Include User Agent Header in User Logs | B | 0 - Disabled 1 - Enabled | When enabled, the User Agent header field is added to the User Logs. |
CEFmsgFormat | Use CEF Log Format | B | 0 - Disabled 1 - Enabled | When enabled, the ESP logs are generated in Common Event Format (CEF). CEF log format is easily consumable for Security Information and Event Management (SIEM) tools, such as; Splunk, SolarWinds, LogRhythm, AlienVault, and so on. This option is disabled by default. |
L7SameSite | Default ESP Cookie SameSite Processing | I | 0 – SameSite Option Not Added 1 – SameSite=None 2 - SameSite=LAX 3 - SameSite=Strict | Set the default value for SameSite option for cookies sent by the LoadMaster during ESP processing. The default value is 0 (SameSite option Not Added). |
L7NTLMProxy | NTLM Proxy Mode | B | 0 - Disabled 1 - Enabled | When L7NTLMProxy is enabled, NTLM authorization works against the Real Servers. If L7NTLMProxy is disabled, the old insecure NTLM processing is performed. Note: Kemp highly recommends ensuring that L7NTLMProxy is enabled. |
Show the Local Reserved Ports.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","showlocalreservedports"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"8829a34f-4e58-45d8-8602-20ab95e3f9b1","name":"Show the Local Reserved Ports","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"{\r\n \"cmd\": \"showlocalreservedports\",\r\n \"apikey\": \"InsertAPIKey\"\r\n}","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showlocalreservedports"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 20 Aug 2024 09:37:07 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"application/xml","description":"","type":"text"}],"cookie":[],"responseTime":null,"body":"Note: This command is not supported in the LTSF LoadMaster version yet.
\n
Specify a single port, or list of comma-separated ports, that will not be used when initiating connections to Real Servers. Some things to note about this field are as follows:
\n- \n
Ports specified in the list must be between 1024 and 63999 (inclusive).
\n \nA port cannot appear more than once in the list.
\n \nThe total length of the list cannot exceed 128 characters.
\n \nIf you are making changes to an existing list, the entire list of ports must be specified.
\n \n
\n\nWarning: To protect against port exhaustion during periods of heavy traffic, LoadMaster uses a wide set of ports (1024 to 63999). Significantly reducing the number of these ports available for connections to Real Servers could lead to port exhaustion (that is, dropped server-side connections), so best practice is to keep the number of ports removed low – a single-digit percentage of all ports.
\n
For more information, refer to the Network Options section of the Web User Interface (WUI) Configuration Guide.
\n\n\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","setlocalreservedports"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"ports","value":"2034,2035"}],"variable":[]}},"response":[{"id":"bd0f501b-20cc-4e36-be6a-f954527e6513","name":"Set the Local Reserved Ports","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setlocalreservedports?ports=2034,2035","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","setlocalreservedports"],"query":[{"key":"ports","value":"2034,2035"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 20 Aug 2024 09:39:04 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"application/xml","description":"","type":"text"}],"cookie":[],"responseTime":null,"body":"Note: This command is not supported in the LTSF LoadMaster version yet.
\n
Parameters relating to Network Options that can be managed using get and set commands are detailed in the following table.
\nRefer to the Using get and set commands section for the get and set commands.
\nName | Type | Range | Additional Information |
snat | B | 0 - Disabled 1 - Enabled | Enabling this option allows the LoadMaster to NAT connections from the Real Servers to the internet. |
allowupload | B | 0 - Disabled 1 - Enabled | The LoadMaster has been optimized with HTTP workloads in mind. Enabling this option allows non HTTP uploads to work correctly. |
conntimeout | I | 0-86400 | Specify (in seconds) the time a connection can be idle before it is closed. This is independent of Persistency Timeout. Setting a value of 0 resets to the default value of 660 seconds. |
keepalive | B | 0 - Disabled 1 - Enabled | By default, the system uses TCP keepalives to check for failed clients. Enabling this option improves the reliability of older TCP connections (SSH sessions). This is not normally required for normal HTTP/HTTPS services. |
multigw | B | 0 - Disabled 1 - Enabled | Use this option to enable the ability to move the default gateway to a different interface. Note: Alternate default gateway support is not permitted in a cloud environment. |
nonlocalrs | B | 0 - Disabled 1 - Enabled | Enable this option to permit non-local Real Servers to be assigned to Virtual Services. This option is enabled by default. |
onlydefaultroutes | B | 0 - Disabled 1 - Enabled | Enable this option to force traffic from Virtual Services, which have default route entries set, to be routed to the interface where the Virtual Service’s default route is located. |
resetclose | B | 0 - Disabled 1 - Enabled | When enabled, the LoadMaster will close its connection to the Real Servers by using TCP RESET instead of the normal close handshake. |
subnetorigin | B | 0 - Disabled 1 - Enabled | When transparency is disabled for a Virtual Service, the source IP address of connections to Real Servers is the Virtual Service. When enabled, the source IP address is the local address of the LoadMaster. If the Real Server is on a subnet, the subnet address of the LoadMaster will be used. |
subnetoriginating | B | 0 - Disabled 1 - Enabled | When transparency is disabled for a Virtual Service, the source IP address of connections to Real Servers is the Virtual Service. When enabled, the source IP address is the local address of the LoadMaster. If the Real Server is on a subnet, the subnet address of the LoadMaster will be used. |
tcptimestamp | B | 0 - Disabled 1 - Enabled | The LoadMaster can include a timestamp in the SYN when connecting to Real Servers. Only enable this only on request from Kemp Support. |
routefilter | B | 0 - Disabled 1 - Enabled | When enabled, this option only accepts IP frames from a host over the interface where the routing algorithm would route frames to the host. This is known as strict source route validation. |
sslforceserververify | B | 0 – Disabled 1 – Enabled | By default, when re-encrypting traffic the LoadMaster does not check the certificate provided by the Real Server. Enabling this option forces the LoadMaster to verify that the certificate on the Real Server is valid, that is, the certificate authority and expiration are OK. This includes all intermediate certificates. |
http_proxy | S |
| This option allows clients to specify the HTTP(S) proxy server and port the LoadMaster will use to access the internet.
|
tcpnorecycle | B | 0 - Disabled 1 - Enabled | This option is disabled by default. Enable this option to revert to the legacy mode of reusing TCP timewait connections. Note: Only enable this after consulting with Kemp Support. |
Refer to the sections below for details on the RESTful API commands and parameters relating to the sections within System Configuration > Miscellaneous Options in the LoadMaster User Interface (UI).
\n","_postman_id":"f0c93406-1d1f-49af-ab94-970b9e901472"},{"name":"Network Telemetry","item":[{"name":"Check if Network Telemetry Monitoring is Enabled on All Interfaces","id":"0ccdd7b9-d8f6-44b8-a944-c1c92da4b010","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showtelemetry?interface=0","description":"To check if network telemetry monitoring is enabled or disabled on all interfaces, run the showtelemetry command with no parameters.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","showtelemetry"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"interface","value":"0"}],"variable":[]}},"response":[{"id":"3baa468d-bc15-4ec2-9958-1e4660ec578c","name":"Check if Network Telemetry Monitoring is Enabled on All Interfaces","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/showtelemetry?interface=0","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","showtelemetry"],"query":[{"key":"interface","value":"0"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 06 Aug 2024 11:19:31 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo check if network telemetry monitoring is enabled or disabled on a specific interface, run the
showtelemetry command with the interface parameter.
To enable or disable network telemetry monitoring on a particular interface, run the
enabletelemetry command.
\n\nThe Collector Endpoint (TelemetryServer parameter) must be set before you enable network telemetry monitoring on an interface.
\n
Valid values for enable are:
\n- \n
- 0 - Disabled \n
- 1 - Enabled \n
A number of parameters relating to network telemetry can be retrieved and configured using the get and set commands. Refer to the Using get and set commands section for details on the get and set commands. The details of parameters are available in below table:
\nName | Type | Default | Range | Additional Information |
TelemetryServer | S | unset |
| Define the destination IP address or Fully Qualified Domain Name (FQDN) and port number of your IPFIX collector (for example, 1.1.1.1:2055 or collector.local:3000). The IPFIX export runs over the UDP protocol and you must ensure that the collector is reachable over the network from the LoadMaster. |
| TelemetryActiveTimeout | I | 300 | 10 - 6000 | The global active timeout value. |
| TelemetryInactiveTimeout | I | 30 | 1 - 59 | The global inactive timeout value. |
| TelemetryOptArp | B | 1 - Enabled | 0 - Disabled 1 - Enabled | Specify whether or not to collect ARP values. |
| TelemetryOptDhcp | B | 1 - Enabled | 0 - Disabled 1 - Enabled | Specify whether or not to collect DHCP values. |
| TelemetryOptDns | B | 1 - Enabled | 0 - Disabled 1 - Enabled | Specify whether or not to collect DNS values. |
| TelemetryOptHttp | B | 1 - Enabled | 0 - Disabled 1 - Enabled | Specify whether or not to collect HTTP values. |
| TelemetryOptMail | B | 1 - Enabled | 0 - Disabled 1 - Enabled | Specify whether or not to collect email values. |
| TelemetryOptNbar2 | B | 1 - Enabled | 0 - Disabled 1 - Enabled | Specify whether or not to collect NBAR2 values. |
| TelemetryOptSamba | B | 1 - Enabled | 0 - Disabled 1 - Enabled | Specify whether or not to collect Samba values. |
| TelemetryOptExtendedVoip | B | 1 - Enabled | 0 - Disabled 1 - Enabled | Specify whether or not to collect VoIP values. |
| TelemetryOptMsSql | B | 1 - Enabled | 0 - Disabled 1 - Enabled | Specify whether or not to collect MSSQL values. |
| TelemetryOptPostgres | B | 1 - Enabled | 0 - Disabled 1 - Enabled | Specify whether or not to collect PostgresSQL values. |
| TelemetryOptMySql | B | 1 - Enabled | 0 - Disabled 1 - Enabled | Specify whether or not to collect MySQL values. |
| TelemetryOptNpm | B | 1 - Enabled | 0 - Disabled 1 - Enabled | Specify whether or not to collect NPM values. |
| TelemetryOptExtendedNpm | B | 1 - Enabled | 0 - Disabled 1 - Enabled | Specify whether or not to collect Extended NPM values. |
| TelemetryOptVxlan | B | 1 - Enabled | 0 - Disabled 1 - Enabled | Specify whether or not to collect VXLAN values. |
This secret must have a minimum of 8 and a maximum of 127 characters. The following characters are supported:
\n- \n
- Numeric: 0-9 \n
- Uppercase alphabetic: A-Z \n
- Lowercase alphabetic: a-z \n
- Special characters: !\"#$%&()*+,-./:;<=>?[\\~]^_@`{|} \n
- \n
- Set device 1 to HA1. \n
2. Reboot HA1.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","reboot"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"4fa12709-3ca7-430d-b7b5-42da279e530d","name":"Reboot HA1","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/reboot"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 04:18:27 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\n3. Set HA1’s partner’s address (HA2 address).
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modiface"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"interface","value":"0"},{"key":"PartnerIPAddress","value":"InsertPartnerIPAddress"}],"variable":[]}},"response":[{"id":"93a9475e-9795-4222-951d-1ec5df75e7bb","name":"Set HA1's Partner's Address (HA2 Address)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modiface?interface=0&PartnerIPAddress=InsertPartnerIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modiface"],"query":[{"key":"interface","value":"0"},{"key":"PartnerIPAddress","value":"InsertPartnerIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 11:54:12 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\n4. Set the shared IP address for the HA pair.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modiface"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"interface","value":"0"},{"key":"SharedIPAddress","value":"InsertSharedIPAddress"}],"variable":[]}},"response":[{"id":"3602ad51-f259-4330-9725-6031feec5daa","name":"Set the Shared IP Address for the HA Pair","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modiface?interface=0&SharedIPAddress=InsertSharedIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modiface"],"query":[{"key":"interface","value":"0"},{"key":"SharedIPAddress","value":"InsertSharedIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 12:03:16 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\n5. Set HA2 to secondary.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","set"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"param","value":"hamode"},{"key":"value","value":"2"}],"variable":[]}},"response":[{"id":"0a58547e-dd7c-4a90-8a18-2769a50cc8b3","name":"Set HA2 to Secondary","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/set?param=hamode&value=2","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","set"],"query":[{"key":"param","value":"hamode"},{"key":"value","value":"2"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Tue, 13 Aug 2024 12:06:51 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\n6. Reboot HA2.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","reboot"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"b806af42-b42f-4aa3-82fb-691e88db0097","name":"Reboot HA2","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/reboot"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 04:31:02 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\n7. Set HA2’s partner’s address (HA1’s address).
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modiface"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"interface","value":"0"},{"key":"partner","value":"InsertLoadMasterIPAddress"}],"variable":[]}},"response":[{"id":"27dfc434-c404-4915-855b-8c5ed026431e","name":"Set HA2's Partner's Address (HA1's Address)","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modiface?interface=0&partner=InsertLoadMasterIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modiface"],"query":[{"key":"interface","value":"0"},{"key":"partner","value":"InsertLoadMasterIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 04:50:17 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\n8. Set the Shared IP Address for the HA Pair.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","path":["access","modiface"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"interface","value":"0"},{"key":"SharedIPAddress","value":"InsertSharedIPAddress"}],"variable":[]}},"response":[{"id":"32e090dd-dc41-41c3-8647-8099aa5b3e71","name":"Set the Shared IP Address for the HA Pair","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/modiface?interface=0&SharedIPAddress=InsertSharedIPAddress","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"path":["access","modiface"],"query":[{"key":"interface","value":"0"},{"key":"SharedIPAddress","value":"InsertSharedIPAddress"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 05:27:34 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nThe example commands that are needed to set up HA using the RESTful API on a regular LoadMaster are in order below.
\n\n\n","_postman_id":"860fd627-5d53-4b44-9dc2-31158663aa11"},{"name":"Remove HA from Regular LoadMasters","item":[{"name":"Set to non-HA","id":"54f480e2-06b0-458f-9156-b73c8e5a129c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress:8443/access/set?param=hamode&value=0","description":"Commands such as reboot take several seconds for the LoadMaster to complete. If scripting, allow for a proper delay after the reboot command.
\n
- \n
- Set to non-HA. \n
2. Reboot.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPasswordl"},"protocol":"https","path":["access","reboot"],"host":["InsertLoadMasterIPAddress"],"query":[],"variable":[]}},"response":[{"id":"befa59b0-53df-4cf8-b891-fc1b16579a9c","name":"Reboot","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPasswordl@InsertLoadMasterIPAddress/access/reboot"},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 04:21:29 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo remove HA, run the commands below.
\n","_postman_id":"bfd6ad43-a537-44b6-8519-d13d549f0f2c"},{"name":"Set up HA on an Azure LoadMaster","item":[{"name":"Set the Partner Shared Secret","id":"19af5ad8-2537-4c4b-a32d-7108ec840979","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress/access/setlmcommsecret?secret=ExampleSecret","description":"This secret must have a minimum of 8 and a maximum of 127 characters. The following characters are supported:
\n- \n
- Numeric: 0-9 \n
- Uppercase alphabetic: A-Z \n
- Lowercase alphabetic: a-z \n
- Special characters: !\"#$%&()*+,-./:;<=>?[\\~]^_@`{|} \n
Set the active unit to first HA mode.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","port":"8443","path":["access","azurehamode"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"hamode","value":"first"}],"variable":[]}},"response":[{"id":"1473dd01-8343-45db-8037-4943c681f0a0","name":"Set the Active Unit to First HA Mode","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress:8443/access/azurehamode?hamode=first","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"port":"8443","path":["access","azurehamode"],"query":[{"key":"hamode","value":"first"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:41:16 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nSet the HA parameters (partner address and health check port) for the active unit.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","port":"8443","path":["access","azurehaparam"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"partner","value":"InsertLoadMasterIPAddress"},{"key":"hcp","value":"443"}],"variable":[]}},"response":[{"id":"d28e1dc9-564e-44c2-abfd-f6467d2ba9ac","name":"Set the HA Parameters (Partner Address and Health Check Port) for the Active Unit","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress:8443/access/azurehaparam?partner=InsertLoadMasterIPAddress&hcp=443","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"port":"8443","path":["access","azurehaparam"],"query":[{"key":"partner","value":"InsertLoadMasterIPAddress"},{"key":"hcp","value":"443"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:42:59 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nSet the standby unit to second HA mode.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","port":"8443","path":["access","azurehamode"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"hamode","value":"second"}],"variable":[]}},"response":[{"id":"e7ee9e3a-22b7-43f5-b5c7-f5e26dee44cd","name":"Set the Standby Unit to Second HA Mode","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress:8443/access/azurehamode?hamode=second","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"port":"8443","path":["access","azurehamode"],"query":[{"key":"hamode","value":"second"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:44:46 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nSet the HA parameters (partner address and health check port) for the standby.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","port":"8443","path":["access","azurehaparam"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"partner","value":"InsertLoadMasterIPAddress"},{"key":"hcp","value":"443"}],"variable":[]}},"response":[{"id":"0f665bf1-b9cd-4882-96b5-2faf2ff7e8f7","name":"Set the HA Parameters (Partner Address and Health Check Port) for the Standby Unit","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress:8443/access/azurehaparam?partner=InsertLoadMasterIPAddress&hcp=443","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"port":"8443","path":["access","azurehaparam"],"query":[{"key":"partner","value":"InsertLoadMasterIPAddress"},{"key":"hcp","value":"443"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:45:58 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nRefer to the following sections for example commands that you can use to set up HA on a LoadMaster for Azure using the RESTful API.
\n","_postman_id":"55963a78-3c7f-440d-a06f-c3b77f2ab845"},{"name":"Remove HA from Azure LoadMasters","item":[{"name":"Set the Active Unit to Single Mode","id":"39944278-6a74-41b6-baaf-fe85a4eefe82","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://bal:InsertPassword@InsertLoadMasterIPAddress:8443/access/azurehamode?hamode=single","description":"Set the active unit to single mode.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","port":"8443","path":["access","azurehamode"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"hamode","value":"single"}],"variable":[]}},"response":[{"id":"14e26acb-85ac-4985-a0ab-e17cb2556ce6","name":"Set the Active Unit to Single Mode","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress:8443/access/azurehamode?hamode=single","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"port":"8443","path":["access","azurehamode"],"query":[{"key":"hamode","value":"single"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:47:19 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nSet the standby unit to single mode.
\n","urlObject":{"auth":{"user":"bal","password":"InsertPassword"},"protocol":"https","port":"8443","path":["access","azurehamode"],"host":["InsertLoadMasterIPAddress"],"query":[{"key":"hamode","value":"single"}],"variable":[]}},"response":[{"id":"11ee6746-e9aa-4425-a743-89958fd058e7","name":"Set the Standby Unit to Single Mode","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://bal:InsertPassword@InsertLoadMasterIPAddress:8443/access/azurehamode?hamode=single","protocol":"https","auth":{"user":"bal","password":"InsertPassword"},"host":["InsertLoadMasterIPAddress"],"port":"8443","path":["access","azurehamode"],"query":[{"key":"hamode","value":"single"}]}},"status":"OK","code":200,"_postman_previewlanguage":"xml","header":[{"key":"Date","value":"Wed, 14 Aug 2024 10:48:24 GMT"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"text/xml"}],"cookie":[],"responseTime":null,"body":"\nTo remove HA, use the following commands.
\n","_postman_id":"40f654e9-a75c-41de-895f-6fc9f5c1e80e"}],"id":"649636ff-2d17-4a7d-9b69-1765d92ca890","description":"The two sections below provide step-by-step instructions on how to set up HA using the RESTful API on a regular LoadMaster and a LoadMaster for Azure.
\n","_postman_id":"649636ff-2d17-4a7d-9b69-1765d92ca890"},{"name":"Scripting Examples with the LoadMaster RESTful API","item":[],"id":"e67368eb-ff93-40b9-a89d-24eaa823f31d","description":"The LoadMaster RESTful API can be used in conjunction with many scripting methods and applications to allow users and applications to directly access the LoadMaster.
Refer to the RESTful API Programmers Guide, Technical Note for some detailed examples of how the RESTful API can be used.
This document provides details on the RESTful API commands and parameters but it does not go into detail about the various LoadMaster features available. Refer to the Kemp Documentation page for further details on each of the LoadMaster features.
\nHere is a list of useful links to some LoadMaster documents:
\n- \n
- WUI, Configuration Guide \n
- Kemp LoadMaster, Product Overview \n
- SSL Accelerated Services, Feature Description \n
- GEO, Feature Description \n
- RESTful API Programmers Guide, Technical Note \n
- Licensing, Feature Description \n
- CLI, Interface Description \n
- LoadMaster Clustering, Feature Description \n
- Custom Authentication Form, Technical Note \n
- User Management, Feature Description \n
- Content Rules, Feature Description \n