Resource: FirewallPolicy
A FirewallPolicy represents a single matching pattern and resulting actions to take.
| JSON representation |
|---|
{
"name": string,
"description": string,
"path": string,
"condition": string,
"actions": [
{
object ( |
| Fields | |
|---|---|
name |
Identifier. The resource name for the FirewallPolicy in the format |
description |
Optional. A description of what this policy aims to achieve, for convenience purposes. The description can at most include 256 UTF-8 characters. |
path |
Optional. The path for which this policy applies, specified as a glob pattern. For more information on glob, see the manual page. A path has a max length of 200 characters. |
condition |
Optional. A CEL (Common Expression Language) conditional expression that specifies if this policy applies to an incoming user request. If this condition evaluates to true and the requested path matched the path pattern, the associated actions should be executed by the caller. The condition string is checked for CEL syntax correctness on creation. For more information, see the CEL spec and its language definition. A condition has a max length of 500 characters. |
actions[] |
Optional. The actions that the caller should take regarding user access. There should be at most one terminal action. A terminal action is any action that forces a response, such as |
FirewallAction
An individual action. Each action represents what to do if a policy matches.
| JSON representation |
|---|
{ // Union field |
| Fields | |
|---|---|
Union field
|
|
allow |
The user request did not match any policy and should be allowed access to the requested resource. |
block |
This action will deny access to a given page. The user will get an HTTP error code. |
includeRecaptchaScript |
This action will inject reCAPTCHA JavaScript code into the HTML page returned by the site backend. |
redirect |
This action will redirect the request to a ReCaptcha interstitial to attach a token. |
substitute |
This action will transparently serve a different page to an offending user. |
setHeader |
This action will set a custom header but allow the request to continue to the customer backend. |
AllowAction
This type has no fields.
An allow action continues processing a request unimpeded.
BlockAction
This type has no fields.
A block action serves an HTTP error code a prevents the request from hitting the backend.
IncludeRecaptchaScriptAction
This type has no fields.
An include reCAPTCHA script action involves injecting reCAPTCHA JavaScript code into the HTML returned by the site backend. This reCAPTCHA script is tasked with collecting user signals on the requested web page, issuing tokens as a cookie within the site domain, and enabling their utilization in subsequent page requests.
RedirectAction
This type has no fields.
A redirect action returns a 307 (temporary redirect) response, pointing the user to a ReCaptcha interstitial page to attach a token.
SubstituteAction
A substitute action transparently serves a different page than the one requested.
| JSON representation |
|---|
{ "path": string } |
| Fields | |
|---|---|
path |
Optional. The address to redirect to. The target is a relative path in the current host. Example: "/blog/404.html". |
SetHeaderAction
A set header action sets a header and forwards the request to the backend. This can be used to trigger custom protection implemented on the backend.
| JSON representation |
|---|
{ "key": string, "value": string } |
| Fields | |
|---|---|
key |
Optional. The header key to set in the request to the backend server. |
value |
Optional. The header value to set in the request to the backend server. |
Methods |
|
|---|---|
|
Creates a new FirewallPolicy, specifying conditions at which reCAPTCHA Enterprise actions can be executed. |
|
Deletes the specified firewall policy. |
|
Returns the specified firewall policy. |
|
Returns the list of all firewall policies that belong to a project. |
|
Updates the specified firewall policy. |
|
Reorders all firewall policies. |