- NAME
-
- gcloud alpha compute security-policies update - update a Compute Engine security policy
- SYNOPSIS
-
-
gcloud alpha compute security-policies update
NAME
[--ddos-protection
=DDOS_PROTECTION
] [--description
=DESCRIPTION
] [--enable-layer7-ddos-defense
] [--enable-ml
] [--json-custom-content-types
=[CONTENT_TYPE
,…]] [--json-parsing
=JSON_PARSING
] [--layer7-ddos-defense-auto-deploy-confidence-threshold
=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_CONFIDENCE_THRESHOLD
] [--layer7-ddos-defense-auto-deploy-expiration-sec
=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_EXPIRATION_SEC
] [--layer7-ddos-defense-auto-deploy-impacted-baseline-threshold
=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_IMPACTED_BASELINE_THRESHOLD
] [--layer7-ddos-defense-auto-deploy-load-threshold
=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_LOAD_THRESHOLD
] [--layer7-ddos-defense-rule-visibility
=VISIBILITY_TYPE
] [--log-level
=LOG_LEVEL
] [--network-ddos-protection
=NETWORK_DDOS_PROTECTION
] [--recaptcha-redirect-site-key
=RECAPTCHA_REDIRECT_SITE_KEY
] [--user-ip-request-headers
=[USER_IP_REQUEST_HEADER
,…]] [--global
|--region
=REGION
] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
-
(ALPHA)
gcloud alpha compute security-policies update
is used to update security policies. - EXAMPLES
-
To update the description run this:
gcloud alpha compute security-policies update SECURITY_POLICY --description='new description'
- POSITIONAL ARGUMENTS
-
NAME
- Name of the security policy to update.
- FLAGS
-
--ddos-protection
=DDOS_PROTECTION
-
The DDoS protection level for network load balancing and instances with external
IPs.
DDOS_PROTECTION
must be one of:STANDARD
,ADVANCED
,ADVANCED_PREVIEW
. --description
=DESCRIPTION
- An optional, textual description for the security policy.
--enable-layer7-ddos-defense
- Whether to enable Cloud Armor Layer 7 DDoS Defense Adaptive Protection.
--enable-ml
- Whether to enable Cloud Armor Adaptive Protection
--json-custom-content-types
=[CONTENT_TYPE
,…]-
A comma-separated list of custom Content-Type header values to apply JSON
parsing for preconfigured WAF rules. Only applicable when JSON parsing is
enabled, like
. When configuring a Content-Type header value, only the type/subtype needs to be specified, and the parameters should be excluded.--json-parsing=STANDARD
--json-parsing
=JSON_PARSING
-
The JSON parsing behavior for this rule. Must be one of the following values:
[DISABLED, STANDARD, STANDARD_WITH_GRAPHQL].
JSON_PARSING
must be one of:DISABLED
,STANDARD
,STANDARD_WITH_GRAPHQL
. --layer7-ddos-defense-auto-deploy-confidence-threshold
=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_CONFIDENCE_THRESHOLD
- Confidence threshold above which Adaptive Protection's auto-deploy takes actions
--layer7-ddos-defense-auto-deploy-expiration-sec
=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_EXPIRATION_SEC
- Duration over which Adaptive Protection's auto-deployed actions last
--layer7-ddos-defense-auto-deploy-impacted-baseline-threshold
=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_IMPACTED_BASELINE_THRESHOLD
- Impacted baseline threshold below which Adaptive Protection's auto-deploy takes actions
--layer7-ddos-defense-auto-deploy-load-threshold
=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_LOAD_THRESHOLD
- Load threshold above which Adaptive Protection's auto-deploy takes actions
--layer7-ddos-defense-rule-visibility
=VISIBILITY_TYPE
-
The visibility type indicates whether the rules are opaque or transparent.
VISIBILITY_TYPE
must be one of:STANDARD
,PREMIUM
. --log-level
=LOG_LEVEL
-
The level of detail to display for WAF logging.
LOG_LEVEL
must be one of:NORMAL
,VERBOSE
. --network-ddos-protection
=NETWORK_DDOS_PROTECTION
-
The DDoS protection level for network load balancing and instances with external
IPs.
NETWORK_DDOS_PROTECTION
must be one of:STANDARD
,ADVANCED
,ADVANCED_PREVIEW
. --recaptcha-redirect-site-key
=RECAPTCHA_REDIRECT_SITE_KEY
-
The reCAPTCHA site key to be used for rules using the
action and theredirect
redirect type under the security policy.google-recaptcha
--user-ip-request-headers
=[USER_IP_REQUEST_HEADER
,…]- A comma-separated list of request header names to use for resolving the caller's user IP address.
-
At most one of these can be specified:
--global
- If set, the security policy is global.
--region
=REGION
-
Region of the security policy to update. Overrides the default
compute/region
property value for this command invocation.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation-only early access
allowlist. These variants are also available:
gcloud compute security-policies update
gcloud beta compute security-policies update
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-06-04 UTC.