REST Resource: projects.firewallpolicies

Resource: FirewallPolicy

A FirewallPolicy represents a single matching pattern and resulting actions to take.

JSON representation
{
  "name": string,
  "description": string,
  "path": string,
  "condition": string,
  "actions": [
    {
      object (FirewallAction)
    }
  ]
}
Fields
name

string

Identifier. The resource name for the FirewallPolicy in the format projects/{project}/firewallpolicies/{firewallpolicy}.

description

string

Optional. A description of what this policy aims to achieve, for convenience purposes. The description can at most include 256 UTF-8 characters.

path

string

Optional. The path for which this policy applies, specified as a glob pattern. For more information on glob, see the manual page. A path has a max length of 200 characters.

condition

string

Optional. A CEL (Common Expression Language) conditional expression that specifies if this policy applies to an incoming user request. If this condition evaluates to true and the requested path matched the path pattern, the associated actions should be executed by the caller. The condition string is checked for CEL syntax correctness on creation. For more information, see the CEL spec and its language definition. A condition has a max length of 500 characters.

actions[]

object (FirewallAction)

Optional. The actions that the caller should take regarding user access. There should be at most one terminal action. A terminal action is any action that forces a response, such as AllowAction, BlockAction or SubstituteAction. Zero or more non-terminal actions such as SetHeader might be specified. A single policy can contain up to 16 actions.

FirewallAction

An individual action. Each action represents what to do if a policy matches.

JSON representation
{

  // Union field firewall_action_oneof can be only one of the following:
  "allow": {
    object (AllowAction)
  },
  "block": {
    object (BlockAction)
  },
  "includeRecaptchaScript": {
    object (IncludeRecaptchaScriptAction)
  },
  "redirect": {
    object (RedirectAction)
  },
  "substitute": {
    object (SubstituteAction)
  },
  "setHeader": {
    object (SetHeaderAction)
  }
  // End of list of possible types for union field firewall_action_oneof.
}
Fields

Union field firewall_action_oneof.

firewall_action_oneof can be only one of the following:

allow

object (AllowAction)

The user request did not match any policy and should be allowed access to the requested resource.

block

object (BlockAction)

This action denies access to a given page. The user gets an HTTP error code.

includeRecaptchaScript

object (IncludeRecaptchaScriptAction)

This action injects reCAPTCHA JavaScript code into the HTML page returned by the site backend.

redirect

object (RedirectAction)

This action redirects the request to a reCAPTCHA interstitial to attach a token.

substitute

object (SubstituteAction)

This action transparently serves a different page to an offending user.

setHeader

object (SetHeaderAction)

This action sets a custom header but allow the request to continue to the customer backend.

AllowAction

This type has no fields.

An allow action continues processing a request unimpeded.

BlockAction

This type has no fields.

A block action serves an HTTP error code a prevents the request from hitting the backend.

IncludeRecaptchaScriptAction

This type has no fields.

An include reCAPTCHA script action involves injecting reCAPTCHA JavaScript code into the HTML returned by the site backend. This reCAPTCHA script is tasked with collecting user signals on the requested web page, issuing tokens as a cookie within the site domain, and enabling their utilization in subsequent page requests.

RedirectAction

This type has no fields.

A redirect action returns a 307 (temporary redirect) response, pointing the user to a reCAPTCHA interstitial page to attach a token.

SubstituteAction

A substitute action transparently serves a different page than the one requested.

JSON representation
{
  "path": string
}
Fields
path

string

Optional. The address to redirect to. The target is a relative path in the current host. Example: "/blog/404.html".

SetHeaderAction

A set header action sets a header and forwards the request to the backend. This can be used to trigger custom protection implemented on the backend.

JSON representation
{
  "key": string,
  "value": string
}
Fields
key

string

Optional. The header key to set in the request to the backend server.

value

string

Optional. The header value to set in the request to the backend server.

Methods

create

Creates a new FirewallPolicy, specifying conditions at which reCAPTCHA Enterprise actions can be executed.

delete

Deletes the specified firewall policy.

get

Returns the specified firewall policy.

list

Returns the list of all firewall policies that belong to a project.

patch

Updates the specified firewall policy.

reorder

Reorders all firewall policies.