Interface SecurityPolicyRuleOrBuilder (1.64.0)

public interface SecurityPolicyRuleOrBuilder extends MessageOrBuilder

Implements

MessageOrBuilder

Methods

getAction()

public abstract String getAction()

The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.

optional string action = 187661878;

Returns
Type Description
String

The action.

getActionBytes()

public abstract ByteString getActionBytes()

The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.

optional string action = 187661878;

Returns
Type Description
ByteString

The bytes for action.

getDescription()

public abstract String getDescription()

An optional description of this resource. Provide this property when you create the resource.

optional string description = 422937596;

Returns
Type Description
String

The description.

getDescriptionBytes()

public abstract ByteString getDescriptionBytes()

An optional description of this resource. Provide this property when you create the resource.

optional string description = 422937596;

Returns
Type Description
ByteString

The bytes for description.

getHeaderAction()

public abstract SecurityPolicyRuleHttpHeaderAction getHeaderAction()

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;

Returns
Type Description
SecurityPolicyRuleHttpHeaderAction

The headerAction.

getHeaderActionOrBuilder()

public abstract SecurityPolicyRuleHttpHeaderActionOrBuilder getHeaderActionOrBuilder()

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;

Returns
Type Description
SecurityPolicyRuleHttpHeaderActionOrBuilder

getKind()

public abstract String getKind()

[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules

optional string kind = 3292052;

Returns
Type Description
String

The kind.

getKindBytes()

public abstract ByteString getKindBytes()

[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules

optional string kind = 3292052;

Returns
Type Description
ByteString

The bytes for kind.

getMatch()

public abstract SecurityPolicyRuleMatcher getMatch()

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;

Returns
Type Description
SecurityPolicyRuleMatcher

The match.

getMatchOrBuilder()

public abstract SecurityPolicyRuleMatcherOrBuilder getMatchOrBuilder()

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;

Returns
Type Description
SecurityPolicyRuleMatcherOrBuilder

getNetworkMatch()

public abstract SecurityPolicyRuleNetworkMatcher getNetworkMatch()

A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.

optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;

Returns
Type Description
SecurityPolicyRuleNetworkMatcher

The networkMatch.

getNetworkMatchOrBuilder()

public abstract SecurityPolicyRuleNetworkMatcherOrBuilder getNetworkMatchOrBuilder()

A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.

optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;

Returns
Type Description
SecurityPolicyRuleNetworkMatcherOrBuilder

getPreconfiguredWafConfig()

public abstract SecurityPolicyRulePreconfiguredWafConfig getPreconfiguredWafConfig()

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.

optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;

Returns
Type Description
SecurityPolicyRulePreconfiguredWafConfig

The preconfiguredWafConfig.

getPreconfiguredWafConfigOrBuilder()

public abstract SecurityPolicyRulePreconfiguredWafConfigOrBuilder getPreconfiguredWafConfigOrBuilder()

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.

optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;

Returns
Type Description
SecurityPolicyRulePreconfiguredWafConfigOrBuilder

getPreview()

public abstract boolean getPreview()

If set to true, the specified action is not enforced.

optional bool preview = 218686408;

Returns
Type Description
boolean

The preview.

getPriority()

public abstract int getPriority()

An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.

optional int32 priority = 445151652;

Returns
Type Description
int

The priority.

getRateLimitOptions()

public abstract SecurityPolicyRuleRateLimitOptions getRateLimitOptions()

Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.

optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;

Returns
Type Description
SecurityPolicyRuleRateLimitOptions

The rateLimitOptions.

getRateLimitOptionsOrBuilder()

public abstract SecurityPolicyRuleRateLimitOptionsOrBuilder getRateLimitOptionsOrBuilder()

Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.

optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;

Returns
Type Description
SecurityPolicyRuleRateLimitOptionsOrBuilder

getRedirectOptions()

public abstract SecurityPolicyRuleRedirectOptions getRedirectOptions()

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;

Returns
Type Description
SecurityPolicyRuleRedirectOptions

The redirectOptions.

getRedirectOptionsOrBuilder()

public abstract SecurityPolicyRuleRedirectOptionsOrBuilder getRedirectOptionsOrBuilder()

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;

Returns
Type Description
SecurityPolicyRuleRedirectOptionsOrBuilder

hasAction()

public abstract boolean hasAction()

The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.

optional string action = 187661878;

Returns
Type Description
boolean

Whether the action field is set.

hasDescription()

public abstract boolean hasDescription()

An optional description of this resource. Provide this property when you create the resource.

optional string description = 422937596;

Returns
Type Description
boolean

Whether the description field is set.

hasHeaderAction()

public abstract boolean hasHeaderAction()

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;

Returns
Type Description
boolean

Whether the headerAction field is set.

hasKind()

public abstract boolean hasKind()

[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules

optional string kind = 3292052;

Returns
Type Description
boolean

Whether the kind field is set.

hasMatch()

public abstract boolean hasMatch()

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;

Returns
Type Description
boolean

Whether the match field is set.

hasNetworkMatch()

public abstract boolean hasNetworkMatch()

A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.

optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;

Returns
Type Description
boolean

Whether the networkMatch field is set.

hasPreconfiguredWafConfig()

public abstract boolean hasPreconfiguredWafConfig()

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.

optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;

Returns
Type Description
boolean

Whether the preconfiguredWafConfig field is set.

hasPreview()

public abstract boolean hasPreview()

If set to true, the specified action is not enforced.

optional bool preview = 218686408;

Returns
Type Description
boolean

Whether the preview field is set.

hasPriority()

public abstract boolean hasPriority()

An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.

optional int32 priority = 445151652;

Returns
Type Description
boolean

Whether the priority field is set.

hasRateLimitOptions()

public abstract boolean hasRateLimitOptions()

Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.

optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;

Returns
Type Description
boolean

Whether the rateLimitOptions field is set.

hasRedirectOptions()

public abstract boolean hasRedirectOptions()

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;

Returns
Type Description
boolean

Whether the redirectOptions field is set.