Reference documentation and code samples for the Google Cloud Compute V1 API class Google::Cloud::Compute::V1::SecurityPolicyRule.
Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny).
Inherits
- Object
Extended By
- Google::Protobuf::MessageExts::ClassMethods
Includes
- Google::Protobuf::MessageExts
Methods
#action
def action() -> ::String
Returns
-
(::String) — The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for
STATUS
are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.
#action=
def action=(value) -> ::String
Parameter
-
value (::String) — The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for
STATUS
are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.
Returns
-
(::String) — The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for
STATUS
are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.
#description
def description() -> ::String
Returns
- (::String) — An optional description of this resource. Provide this property when you create the resource.
#description=
def description=(value) -> ::String
Parameter
- value (::String) — An optional description of this resource. Provide this property when you create the resource.
Returns
- (::String) — An optional description of this resource. Provide this property when you create the resource.
#header_action
def header_action() -> ::Google::Cloud::Compute::V1::SecurityPolicyRuleHttpHeaderAction
Returns
- (::Google::Cloud::Compute::V1::SecurityPolicyRuleHttpHeaderAction) — Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
#header_action=
def header_action=(value) -> ::Google::Cloud::Compute::V1::SecurityPolicyRuleHttpHeaderAction
Parameter
- value (::Google::Cloud::Compute::V1::SecurityPolicyRuleHttpHeaderAction) — Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
Returns
- (::Google::Cloud::Compute::V1::SecurityPolicyRuleHttpHeaderAction) — Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
#kind
def kind() -> ::String
Returns
- (::String) — [Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules
#kind=
def kind=(value) -> ::String
Parameter
- value (::String) — [Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules
Returns
- (::String) — [Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules
#match
def match() -> ::Google::Cloud::Compute::V1::SecurityPolicyRuleMatcher
Returns
- (::Google::Cloud::Compute::V1::SecurityPolicyRuleMatcher) — A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
#match=
def match=(value) -> ::Google::Cloud::Compute::V1::SecurityPolicyRuleMatcher
Parameter
- value (::Google::Cloud::Compute::V1::SecurityPolicyRuleMatcher) — A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
Returns
- (::Google::Cloud::Compute::V1::SecurityPolicyRuleMatcher) — A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
#network_match
def network_match() -> ::Google::Cloud::Compute::V1::SecurityPolicyRuleNetworkMatcher
Returns
- (::Google::Cloud::Compute::V1::SecurityPolicyRuleNetworkMatcher) — A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.
#network_match=
def network_match=(value) -> ::Google::Cloud::Compute::V1::SecurityPolicyRuleNetworkMatcher
Parameter
- value (::Google::Cloud::Compute::V1::SecurityPolicyRuleNetworkMatcher) — A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.
Returns
- (::Google::Cloud::Compute::V1::SecurityPolicyRuleNetworkMatcher) — A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.
#preconfigured_waf_config
def preconfigured_waf_config() -> ::Google::Cloud::Compute::V1::SecurityPolicyRulePreconfiguredWafConfig
Returns
- (::Google::Cloud::Compute::V1::SecurityPolicyRulePreconfiguredWafConfig) — Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
#preconfigured_waf_config=
def preconfigured_waf_config=(value) -> ::Google::Cloud::Compute::V1::SecurityPolicyRulePreconfiguredWafConfig
Parameter
- value (::Google::Cloud::Compute::V1::SecurityPolicyRulePreconfiguredWafConfig) — Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
Returns
- (::Google::Cloud::Compute::V1::SecurityPolicyRulePreconfiguredWafConfig) — Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
#preview
def preview() -> ::Boolean
Returns
- (::Boolean) — If set to true, the specified action is not enforced.
#preview=
def preview=(value) -> ::Boolean
Parameter
- value (::Boolean) — If set to true, the specified action is not enforced.
Returns
- (::Boolean) — If set to true, the specified action is not enforced.
#priority
def priority() -> ::Integer
Returns
- (::Integer) — An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
#priority=
def priority=(value) -> ::Integer
Parameter
- value (::Integer) — An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
Returns
- (::Integer) — An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
#rate_limit_options
def rate_limit_options() -> ::Google::Cloud::Compute::V1::SecurityPolicyRuleRateLimitOptions
Returns
- (::Google::Cloud::Compute::V1::SecurityPolicyRuleRateLimitOptions) — Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
#rate_limit_options=
def rate_limit_options=(value) -> ::Google::Cloud::Compute::V1::SecurityPolicyRuleRateLimitOptions
Parameter
- value (::Google::Cloud::Compute::V1::SecurityPolicyRuleRateLimitOptions) — Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
Returns
- (::Google::Cloud::Compute::V1::SecurityPolicyRuleRateLimitOptions) — Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
#redirect_options
def redirect_options() -> ::Google::Cloud::Compute::V1::SecurityPolicyRuleRedirectOptions
Returns
- (::Google::Cloud::Compute::V1::SecurityPolicyRuleRedirectOptions) — Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
#redirect_options=
def redirect_options=(value) -> ::Google::Cloud::Compute::V1::SecurityPolicyRuleRedirectOptions
Parameter
- value (::Google::Cloud::Compute::V1::SecurityPolicyRuleRedirectOptions) — Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
Returns
- (::Google::Cloud::Compute::V1::SecurityPolicyRuleRedirectOptions) — Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.