It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Rule Group Server

  • Last updated on

To Create a Rule Group Server

URL:    /v1/virtual_services/{virtual_service_id}/content_rules/{rule_id}/rg_servers
Method: POST
Description: Adds a rule group server.
Parameter NameData TypeMandatoryDescription
Input Parameters:   
nameAlphanumericYesA name to identify this server.
identifierEnumerationYes

The way to be used by the Barracuda Web Application Firewall to identify the server. The enumerated values include:

  • hostname
  • ip_address
address_versionEnumerationYes

The internet protocol version to be used. The enumerated values include:

  • ipv4
  • ipv6
ip_addressAlphanumericConditionalThe IP address of the server. This is required when identifier is set to ip_address.
hostnameAlphanumericConditionalThe hostname of the server. This is required when identifier is set to hostname.
portNumericYesThe port number of the server.
statusEnumerationOptional

The status for the server to handle the requests. The enumerated values include:

  • out_of_service_sticky
  • in_service
  • out_of_service_all
  • out_of_service_maintenance
backup_serverStringOptional

Determines whether to designate this server as a last resort server to be used when all other servers configured under the Service fail. The values include:

  • yes
  • no


Note: If backup_server is set to yes, the weight value automatically resets to zero (0) and modifying this value will not take effect on the server.

weightNumericOptionalThe weight for the server. This is applicable only when the Load Balancing Algorithm is set to weighted_round_robin.
Example:

Request:

curl http://192.168.0.1:8000/restapi/v1/virtual_services/demo_service/content_rules/rule1/rg_servers -u 'eyJldCI6IjEzODAwNzg5MzEiLCJwYXNzd29yZCI6IjA3YTFhMTQyNjQ1NmI0NjllZjczOWM4NjY5\nNDRhZmI2IiwidXNlciI6ImFkbWluIn0=\n:' -X POST -H Content-Type:application/json -d '{"name":"demo_rg_server","ip_address":"10.11.3.213","port":"80"}';

Response:

{"id":"demo_rg_server","token":"eyJldCI6IjEzODAwNzk0NTEiLCJwYXNzd29yZCI6IjQ5YWI3Yzc0NGJkYWM3ZjA5NzU1MzZmMTUw\nMWQwYTBhIiwidXNlciI6ImFkbWluIn0=\n"}

To Retrieve Rule Group Servers

URL:  /v1/virtual_services/{virtual_service_id}/content_rules/{rule_id}/rg_servers

          /v1/virtual_services/{virtual_service_id}/content_rules/{rule_id}/rg_servers/{rg_server_id}
Method: GET
Description: Lists all rule group servers if “rg_server_id” is not specified.
Parameter NameData TypeMandatoryDescription
Input Parameters:   
parametersAlphanumericOptional

Any specific parameter name that needs to be retrieved.

 

For information on passing the parameters in the request, refer to the Example 2 in To Retrieve Servers.
Example:

Request:

curl http://192.168.0.1:8000/restapi/v1/virtual_services/demo_service/content_rules/rule1/rg_servers/demo_rg_server -u 'eyJldCI6IjEzODAwNzg5MzEiLCJwYXNzd29yZCI6IjA3YTFhMTQyNjQ1NmI0NjllZjczOWM4NjY5\nNDRhZmI2IiwidXNlciI6ImFkbWluIn0=\n:' -X GET

Response:

{"in_band_health_checks":{"max_http_errors":"0","max_refused":"10","max_timeout_failure":"10","max_other_failure":"10"},"out_of_band_health_checks":{"enable_OOB_health_checks":"1","interval":"10"},"status":"in-service","application_layer_health_check":{"additional_headers":[],"status_code":"200","url":null,"method":"GET","match_content_string":null},"max_request":"1000","comments":null,"max_establishing_connections":"100","backup_server":"0","timeout":"300000","max_connections":"10000","weight":"1","ip_address":"10.11.3.213","id":"demo_rg_server","token":"eyJldCI6IjEzODAwNzk2MzgiLCJwYXNzd29yZCI6ImI1OTQxZDg2ZWI0N2U4NDAwNjZmNzA3MzQw\nOTEzZGY0IiwidXNlciI6ImFkbWluIn0=\n","ssl":{"enable_https":"0","client_certificate":null,"enable_ssl_3":"1","validate_certificate":"0","enable_tls_1":"1"},"version":"ipv4","name":"demo_rg_server","port":"80","connection_pooling":{"enable_connection_pooling":"1","keepalive_timeout":"900000"},"max_keepalive_requests":"0","max_spare_connections":"0"}

To Update a Rule Group Server

In this REST API call, the parameters can be passed in a Simple JSON request or a Nested JSON request based on the parameters that needs to be modified. For information on JSON requests, see Request Syntax.

URL:  /v1/virtual_services/{virtual_service_id}/content_rules/{rule_id}/rg_servers/{rg_server_id}
Method: PUT
Description:  Updates the values of given parameters in the given rule group server.
Parameter NameData TypeMandatoryDescription
Input Parameters:   
nameAlphanumericOptionalThe name of the rule group server.
identifierEnumerationOptional

The way to be used by the Barracuda Web Application Firewall to identify the server. The enumerated values include:

  • hostname
  • ip_address
address_versionEnumerationOptional

The internet protocol version to be used. The enumerated values include:

  • ipv4
  • ipv6
ip_addressAlphanumericOptionalThe IP address of the server. This is required when identifier is set to ip_address.
hostnameAlphanumericOptionalThe hostname of the server. This is required when identifier is set to hostname.
portNumericOptionalThe port number of the server.
statusEnumerationOptional

The status for the server to handle the requests. The enumerated values include:

  • out_of_service_sticky
  • in_service
  • out_of_service_all
  • out_of_service_maintenance
backup_serverStringOptional

Determines whether to designate this server as a last resort server to be used when all other servers configured under the Service fail. The values include:

  • yes
  • no

 

Note: If backup_server is set to yes, the weight value automatically resets to zero (0) and modifying this value will not take effect on the server.
weightNumericOptionalThe weight for the server. This is applicable only when the Load Balancing Algorithm is set to weighted_round_robin.
ssl.enable_httpsEnumerationOptional

The SSL status for backend connections. The values include:

  • yes
  • no
ssl.enable_ssl_3StringOptional

SSL 3.0 protocol to be used by the clients to establish the connection to the server. The values include:

  • yes
  • no
ssl.enable_tls_1StringOptional

TLS 1.0 protocol to be used by the clients to establish the connection to the server. The values include:

  • yes
  • no
ssl.enable_tls_1_1StringOptional

TLS 1.1 protocol to be used by the clients to establish the connection to the server. The values include:

  • yes
  • no
ssl.enable_tls_1_2StringOptional

TLS 1.2 protocol to be used by the clients to establish the connection to the server. The values include:

  • yes
  • no
ssl.enable_sniEnumerationOptional

When set to Yes, the Barracuda Web Application Firewall allows a client to request a certificate for a specific domain from a web server. It can be used if multiple virtual HTTP domains with different certificates are hosted on one server. The values include:

  • yes
  • no
ssl.client_certificateStringOptionalThe certificate to be used when the server requires client authentication.
ssl.validate_certificateStringOptional

Determines whether to validate the server certificate. The values include:

  • yes
  • no
ssl.enable_ssl_compatibility_modeStringOptional

Determines whether to enforce compatibility with legacy servers or not. The values include:

  • yes
  • no
in_band_health_checks.max_http_errorsNumericOptionalThe maximum number of HTTP error responses to be allowed per 1024 requests before marking the server as out of service.
in_band_health_checks.max_refusedNumericOptionalThe maximum number of connection refused errors to be allowed per 1024 connections before marking the server as out-of-service (default is 10).
in_band_health_checks.max_other_failureNumericOptionalThe maximum number of connection time-out errors to be allowed per 1024 connections before marking the server as out-of-service (default is 10).
in_band_health_checks.max_timeout_failureNumericOptionalThe maximum number of other errors to be allowed per 1024 connections before marking the server as out-of-service (default is 10).
out_of_band_health_checks.enable_OOB_health_checksStringOptional

The status of Out-of-Band monitoring. The values include:

  • yes
  • no
out_of_band_health_checks.intervalNumericOptionalThe interval time (in seconds) between the probes sent by the Barracuda Web Application Firewall to the server to determine the health status.
application_layer_health_check.additional_headersAlphanumericOptionalAny additional headers to be sent with the OOB HTTP request.
application_layer_health_check.status_codeNumericOptionalThe expected HTTP response status code.
application_layer_health_check.urlURLOptionalThe URL to be used in the HTTP request to determine the server health.
application_layer_health_check.methodEnumerationOptional

The method to be used for the HTTP request. The enumerated values include:

  • POST
  • GET
  • HEAD
application_layer_health_check.match_content_stringStringOptionalThe string that needs to be matched in the response. If specified, the response must contain the string. If the response does not contain the string, the probe is deemed unsuccessful, and the server will be marked out- of- service.
connection_pooling.enable_connection_poolingStringOptional

The connection pooling status. The values include:

  • yes
  • no
connection_pooling.keepalive_timeoutNumericOptionalThe time in milliseconds to timeout a connection which was used at least once. This is the maximum amount of time a connection is kept alive. This value is applicable per 1024 connections, where a time-out error had occurred before turning off the server.
advanced_configuration.max_connectionsNumericOptionalThe maximum number of connections established to the server at any time.
advanced_configuration.max_requestsNumericOptionalThe maximum number of requests that can be queued.
advanced_configuration.max_keepalive_requestsNumericOptionalThe maximum number of requests retained on a persistent connection before the connection is shut down (if the server does not close the connection first).
advanced_configuration.max_establishing_connectionsNumericOptionalThe maximum number of simultaneous connections that can be established to the server.
advanced_configuration.max_spare_connectionsNumericOptionalThe maximum number of pre-allocated connections.
advanced_configuration.timeoutNumericOptionalThe time in milliseconds to timeout an unused connection.
advanced_configuration.client_impersonationStringOptional

Specifies if the Barracuda Web Application Firewall uses the client IP address as the source IP address to communicate to the servers. The values include:

  • yes
  • no
advanced_configuration.source_ip_to_connectAlphanumericOptional

The IP address to be used by the Barracuda Web Application Firewall to communicate with the Server. It can be WAN IP address, LAN IP address or a custom virtual interface IP address in the Vsite. If client_impersonation is set to Yes, then this IP is used only for Out of Band Health checks.

 

Note: If the server is reachable through a static route configured in the Vsite, then the custom virtual interface defined in that Vsite should be specified in source_ip_to_connect.
Example 1:

Request:

curl http://192.168.0.1:8000/restapi/v1/virtual_services/demo_service/content_rules/rule1/rg_servers/demo_rg_server -u 'eyJldCI6IjEzODAwNzg5MzEiLCJwYXNzd29yZCI6IjA3YTFhMTQyNjQ1NmI0NjllZjczOWM4NjY5\nNDRhZmI2IiwidXNlciI6ImFkbWluIn0=\n:' -X PUT -H Content-Type:application/json -d '{"in_band_health_checks":{"max_http_errors":500},"connection_pooling":{"keepalive_timeout":700000},"status":"out-of-service-all"}'

Response:

{"id":"demo_rg_server","token":"eyJldCI6IjEzODAwNzk3NTUiLCJwYXNzd29yZCI6IjMyZmY3NTk2NTg0NGY2YzI5MDFlMGFhNGQ0\nNGY0NDc2IiwidXNlciI6ImFkbWluIn0=\n"}

Example 2:

Request:

curl http://192.168.0.1:8000/restapi/v1/virtual_services/aert/servers/Server1 -u 'eyJldCI6IjE0NTk0MDk0NTMiLCJwYXNzd29yZCI6IjU5MjkxNTY4ZWFlODI1ZDkyNTc3YmU1NDEz\nYTYyMTEyIiwidXNlciI6ImFkbWluIn0=\n:' -X PUT -H Content-Type:application/json -d '{"ssl" :{"enable_compatibility_mode":"yes"}}'

Response:

{"id":"Server1","token":"eyJldCI6IjE0NTk0MDk1MTIiLCJwYXNzd29yZCI6IjAwN2Q0ODEzNTk3NzRkNGYwMWNmYzJmMDYw\nM2UyZWU1IiwidXNlciI6ImFkbWluIn0=\n"}

 

To Delete a Rule Group Server

URL: /v1/virtual_services/{virtual_service_id}/content_rules/{rule_id}/rg_servers/{rg_server_id}
Method: DELETE
Description: Deletes the given rule group server.

Request:

curl http://192.168.0.1:8000/restapi/v1/virtual_services/demo_service/content_rules/rule1/rg_servers/demo_rg_server -u  'eyJldCI6IjEzODAyMzczMDciLCJwYXNzd29yZCI6IjM1MGM0MDQxYzA1NTEwZTcwNmYwZDBmNmE5\nNWMyN2U5IiwidXNlciI6ImFkbWluIn0=\n:' -X DELETE

Response:

{"msg":"Successfully deleted","token":"eyJldCI6IjEzODAyNDAyOTkiLCJwYXNzd29yZCI6IjRjYzNhYjM0YTkwZjU4ZTFmZTRjOWNjOWZi\nYTU3MDMwIiwidXNlciI6ImFkbWluIn0=\n"}