gcloud beta compute security-policies update

gcloud beta compute security-policies update - update a Compute Engine security policy

gcloud beta compute security-policies update NAME [--description=DESCRIPTION] [--enable-layer7-ddos-defense] [--json-custom-content-types=[CONTENT_TYPE,…]] [--json-parsing=JSON_PARSING] [--layer7-ddos-defense-auto-deploy-confidence-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_CONFIDENCE_THRESHOLD] [--layer7-ddos-defense-auto-deploy-expiration-sec=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_EXPIRATION_SEC] [--layer7-ddos-defense-auto-deploy-impacted-baseline-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_IMPACTED_BASELINE_THRESHOLD] [--layer7-ddos-defense-auto-deploy-load-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_LOAD_THRESHOLD] [--layer7-ddos-defense-rule-visibility=VISIBILITY_TYPE] [--log-level=LOG_LEVEL] [--network-ddos-protection=NETWORK_DDOS_PROTECTION] [--recaptcha-redirect-site-key=RECAPTCHA_REDIRECT_SITE_KEY] [--user-ip-request-headers=[USER_IP_REQUEST_HEADER,…]] [--global     | --region=REGION] [GCLOUD_WIDE_FLAG …]

gcloud beta compute security-policies update SECURITY_POLICY --description='new description'

NAME

Name of the security policy to update.

--description=DESCRIPTION

An optional, textual description for the security policy.

--enable-layer7-ddos-defense

Whether to enable Cloud Armor Layer 7 DDoS Defense Adaptive Protection.

--json-custom-content-types=[CONTENT_TYPE,…]

A comma-separated list of custom Content-Type header values to apply JSON parsing for preconfigured WAF rules. Only applicable when JSON parsing is enabled, like --json-parsing=STANDARD. When configuring a Content-Type header value, only the type/subtype needs to be specified, and the parameters should be excluded.

--json-parsing=JSON_PARSING

The JSON parsing behavior for this rule. Must be one of the following values: [DISABLED, STANDARD, STANDARD_WITH_GRAPHQL]. JSON_PARSING must be one of: DISABLED, STANDARD, STANDARD_WITH_GRAPHQL.

--layer7-ddos-defense-auto-deploy-confidence-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_CONFIDENCE_THRESHOLD

Confidence threshold above which Adaptive Protection's auto-deploy takes actions

--layer7-ddos-defense-auto-deploy-expiration-sec=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_EXPIRATION_SEC

Duration over which Adaptive Protection's auto-deployed actions last

--layer7-ddos-defense-auto-deploy-impacted-baseline-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_IMPACTED_BASELINE_THRESHOLD

Impacted baseline threshold below which Adaptive Protection's auto-deploy takes actions

--layer7-ddos-defense-auto-deploy-load-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_LOAD_THRESHOLD

Load threshold above which Adaptive Protection's auto-deploy takes actions

--layer7-ddos-defense-rule-visibility=VISIBILITY_TYPE

The visibility type indicates whether the rules are opaque or transparent. VISIBILITY_TYPE must be one of: STANDARD, PREMIUM.

--log-level=LOG_LEVEL

The level of detail to display for WAF logging. LOG_LEVEL must be one of: NORMAL, VERBOSE.

--network-ddos-protection=NETWORK_DDOS_PROTECTION

The DDoS protection level for network load balancing and instances with external IPs. NETWORK_DDOS_PROTECTION must be one of: STANDARD, ADVANCED, ADVANCED_PREVIEW.

--recaptcha-redirect-site-key=RECAPTCHA_REDIRECT_SITE_KEY

The reCAPTCHA site key to be used for rules using the redirect action and the google-recaptcha redirect type under the security policy.

--user-ip-request-headers=[USER_IP_REQUEST_HEADER,…]

A comma-separated list of request header names to use for resolving the caller's user IP address.

At most one of these can be specified:

--global

If set, the security policy is global.

--region=REGION

Region of the security policy to update. Overrides the default compute/region property value for this command invocation.

Run $ gcloud help for details.

gcloud compute security-policies update

gcloud alpha compute security-policies update