A server object can be used to configure the networking information of the backend server to be hosted on the Barracuda Web Application Firewall. Multiple real servers can be added and configured to load balance the incoming traffic for a service.
Adding a Server
URL: /v1/virtual_services/{virtual_service_id}/servers | |||
Method: POST | |||
Description: Adds a server with the given values. | |||
Parameter Name | Data Type | Mandatory | Description |
---|---|---|---|
Input Parameters: | |||
name | Alphanumeric | Yes | A name to identify this server. |
identifier | Enumeration | Yes | The way to be used by the Barracuda Web Application Firewall to identify the server. The enumerated values include:
|
address_version | Enumeration | Yes | The internet protocol version to be used. The enumerated values include:
|
ip_address | Alphanumeric | Conditional | The IP address of the server. This is required when identifier is set to ip_address. |
hostname | Alphanumeric | Conditional | The hostname of the server. This is required when identifier is set to hostname. |
port | Numeric | Yes | The port number of the server. |
status | Enumeration | Optional | The status for the server to handle the requests. The enumerated values include:
|
backup_server | String | Optional | Determines whether to designate this server as a last resort server to be used when all other servers configured under the service fail. The values include:
Note: If backup_server is set to yes, the weight value automatically resets to zero (0) and modifying this value will not take effect on the server. |
weight | Numeric | Optional | The weight for the server. This is applicable only when the Load Balancing Algorithm is set to weighted_round_robin. |
Example:
Request:
curl http://192.168.0.1:8000/restapi/v1/virtual_services/demo_service/servers -u 'eyJldCI6IjEzODAwNz6ImFkbWluIn0=\n:' -X POST -H Content-Type:application/json -d '{"address_version":"ipv4","name":"demo_server","ip_address":"10.11.11.11","port":80}'
Response:
{"id":"demo_server","token":"eyJldCI6IjEzODAwdXNlciI6ImFkbWluIn0=\n"}
Retrieving Servers
URL: /v1/virtual_services/{virtual_service_id}/servers /v1/virtual_services/{virtual_service_id}/servers/{server_id} | |||
Method: GET | |||
Description: Lists all servers if “server_id” is not specified. | |||
Parameter Name | Data Type | Mandatory | Description |
---|---|---|---|
Input Parameters: | |||
parameters | Alphanumeric | Optional | Any specific parameter name that needs to be retrieved. See Example 2. |
Example 1:
Request:
curl http://192.168.0.1:8000/restapi/v1/virtual_services/demo_service/servers/demo_server -u 'eyJldCI6IjEzNlciI6ImFkbWluIn0=\n:' -X GET
Response:
{
"in_band_health_checks": {
"max_http_errors": "0",
"max_refused": "10",
"max_timeout_failure": "10",
"max_other_failure": "10"
},
"out_of_band_health_checks": {
"enable_OOB_health_checks": "1",
"interval": "10"
},
"status": "in-service",
"client_impersonation": "0",
"application_layer_health_check": {
"additional_headers": [
],
"status_code": "200",
"url": null,
"method": "GET",
"match_content_string": null
},
"max_request": "1000",
"max_establishing_connections": "100",
"comments": "",
"backup_server": "0",
"max_connections": "10000",
"timeout": "300000",
"weight": "1",
"ip_address": "10.11.11.11",
"id": "demo_server",
"token": "eyJldCI6IjM0IiwidXNlciI6ImFkbWluIn0=\n",
"source_ip_to_connect": null,
"ssl": {
"enable_https": "0",
"client_certificate": null,
"enable_ssl_3": "1",
"validate_certificate": "0",
"enable_tls_1": "1"
},
"name": "demo_server",
"port": "80",
"connection_pooling": {
"enable_connection_pooling": "1",
"keepalive_timeout": "900000"
},
"max_keepalive_requests": "0",
"max_spare_connections": "0"
}
Example 2:
Request:
curl http://192.168.0.1:8000/restapi/v1/virtual_services/demo_service/servers/demo_server -u 'eyJldCI6IjE1XNlciI6ImFkbWluIn0=\n:' -X GET -G -d parameters=connection_pooling,ssl
Response:
{
"connection_pooling": {
"enable_connection_pooling": "yes",
"keepalive_timeout": "900000"
},
"ssl": {
"enable_https": "no",
"enable_tls_1_1": "yes",
"client_certificate": null,
"enable_ssl_3": "yes",
"validate_certificate": "yes",
"enable_tls_1_2": "yes",
"enable_tls_1": "yes"
},
"id": "demo_server",
"token": "eyJldCI6IjE1MkNlciI6ImFkbWluIn0=\n"
}
Updating a Server
In this REST API call, the parameters can be passed in a simple JSON request or a nested JSON request based on the parameters that need to be modified. For information on JSON requests, see Request Syntax.
URL: /v1/virtual_services/{virtual_service_id}/servers/{server_id} | |||
Method: PUT | |||
Description: Updates the values of given parameters in the given server. | |||
Parameter Name | Data Type | Mandatory | Description |
---|---|---|---|
Input Parameters: | |||
name | Alphanumeric | Optional | The name of the server. |
identifier | Enumeration | Optional | The way to be used by the Barracuda Web Application Firewall to identify the server. The enumerated values include:
|
address_version | Enumeration | Optional | The internet protocol version to be used. The enumerated values include:
|
ip_address | Alphanumeric | Optional | The IP address of the server. This is required when identifier is set to ip_address. |
Hostname | Alphanumeric | Optional | The hostname of the server. This is required when identifier is set to hostname. |
Port | Numeric | Optional | The port number of the server. |
Status | Enumeration | Optional | The status for the server to handle the requests. The enumerated values include:
|
backup_server | String | Optional | Determines whether to designate this server as a last resort server to be used when all other servers configured under the service fail. The values include:
Note: If backup_server is set to yes, the weight value automatically resets to zero (0) and modifying this value will not take effect on the server. |
Weight | Numeric | Optional | The weight for the server. This is applicable only when the Load Balancing Algorithm is set to weighted_round_robin. |
ssl.enable_https | Enumeration | Optional | The SSL status for backend connections. The values include:
|
ssl.enable_ssl_3 | String | Optional | SSL 3.0 protocol to be used by the clients to establish the connection to the server. The values include:
|
ssl.enable_tls_1 | String | Optional | TLS 1.0 protocol to be used by the clients to establish the connection to the server. The values include:
|
ssl.enable_tls_1_1 | String | Optional | TLS 1.1 protocol to be used by the clients to establish the connection to the server. The values include:
|
ssl.enable_tls_1_2 | String | Optional | TLS 1.2 protocol to be used by the clients to establish the connection to the server. The values include:
|
ssl.enable_sni | Enumeration | Optional | When set to Yes, the Barracuda Web Application Firewall allows a client to request a certificate for a specific domain from a web server. It can be used if multiple virtual HTTP domains with different certificates are hosted on one server. The values include:
|
ssl.client_certificate | String | Optional | The certificate to be used when the server requires client authentication. |
ssl.validate_certificate | String | Optional | Determines whether to validate the server certificate. The values include:
|
ssl.enable_ssl_compatibility_mode | String | Optional | Determines whether to enforce compatibility with legacy servers. The values include:
|
in_band_health_checks.max_http_errors | Numeric | Optional | The maximum number of HTTP error responses to be allowed per 1024 requests before marking the server as out of service. |
in_band_health_checks.max_refused | Numeric | Optional | The maximum number of connection refused errors to be allowed per 1024 connections before marking the server as out-of-service (default is 10). |
in_band_health_checks.max_other_failure | Numeric | Optional | The maximum number of connection time-out errors to be allowed per 1024 connections before marking the server as out-of-service (default is 10). |
in_band_health_checks.max_timeout_failure | Numeric | Optional | The maximum number of other errors to be allowed per 1024 connections before marking the server as out-of-service (default is 10). |
out_of_band_health_checks.enable_OOB_health_checks | String | Optional | The status of Out-of-Band monitoring. The values include:
|
out_of_band_health_checks.interval | Numeric | Optional | The interval time (in seconds) between the probes sent by the Barracuda Web Application Firewall to the server to determine the health status. |
application_layer_health_check.additional_headers | Alphanumeric | Optional | Any additional headers to be sent with the OOB HTTP request. |
application_layer_health_check.status_code | Numeric | Optional | The expected HTTP response status code. |
application_layer_health_check.url | URL | Optional | The URL to be used in the HTTP request to determine the server health. |
application_layer_health_check.method | Enumeration | Optional | The method to be used for the HTTP request. The enumerated values include:
|
application_layer_health_check.match_content_string | String | Optional | The string that needs to be matched in the response. If specified, the response must contain the string. If the response does not contain the string, the probe is deemed unsuccessful, and the server will be marked out-of-service. |
connection_pooling.enable_connection_pooling | String | Optional | The connection pooling status. The values include:
|
connection_pooling.keepalive_timeout | Numeric | Optional | The time in milliseconds to time out a connection that was used at least once. This is the maximum amount of time a connection is kept alive. This value is applicable per 1024 connections, where a time-out error had occurred before turning off the server. |
advanced_configuration.max_connections | Numeric | Optional | The maximum number of connections established to the server at any time. |
advanced_configuration.max_requests | Numeric | Optional | The maximum number of requests that can be queued. |
advanced_configuration.max_keepalive_requests | Numeric | Optional | The maximum number of requests retained on a persistent connection before the connection is shut down (if the server does not close the connection first). |
advanced_configuration.max_establishing_connections | Numeric | Optional | The maximum number of simultaneous connections that can be established to the server. |
advanced_configuration.max_spare_connections | Numeric | Optional | The maximum number of pre-allocated connections. |
advanced_configuration.timeout | Numeric | Optional | The time in milliseconds to time out an unused connection. |
advanced_configuration.client_impersonation | String | Optional | Specifies if the Barracuda Web Application Firewall uses the client IP address as the source IP address to communicate to the servers. The values include:
|
advanced_configuration.source_ip_to_connect | Alphanumeric | Optional | The IP address to be used by the Barracuda Web Application Firewall to communicate with the server. It can be WAN IP address, LAN IP address or a custom virtual interface IP address in the Vsite. If client_impersonation is set to yes, then this IP is used only for Out of Band Health checks. Note: If the server is reachable through a static route configured in the Vsite, the custom virtual interface defined in that Vsite should be specified in source_ip_to_connect. |
Example 1:
Request:
curl http://192.168.0.1:8000/restapi/v1/virtual_services/demo_service/servers/demo_server -u 'eyJldCI6IjEzODAwdXNlciI6ImFkbWluIn0=\n:' -X PUT -H Content-Type:application/json -d '{"ssl":{"enable_https":0},"status":"in-service"}'
Response:
{"id":"demo_server","token":"eyJldCI6IjEzNjE3IiwidXNlciI6ImFkbWluIn0=\n"}
Example 2:
Request:
curl http://192.168.0.1:8000/restapi/v1/virtual_services/aert/servers/Server1 -u 'eyJldCI6IjE0NTklciI6ImFkbWluIn0=\n:' -X PUT -H Content-Type:application/json -d '{"enable_ssl_compatibility_mode":"yes"}'
Response:
{"id":"Server1","token":"eyJldCI61IiwidXNlciI6ImFkbWluIn0=\n"}
Deleting a Server
URL: /v1/virtual_services/{virtual_service_id}/servers/{server_id} |
Method: DELETE |
Description: Deletes the given server configured under the given service. |
Example:
Request:
curl http://192.168.0.1:8000/restapi/v1/virtual_services/demo_service/servers/demo_server -u 'eyJldCI6IjEzODAwXNlciI6ImFkbWluIn0=\n:admin' -X DELETE
Response:
{"msg":"Successfully deleted","token":"eyJldCIRlIiwidXNlciI6ImFkbWluIn0=\n"}