- NAME
-
- gcloud compute security-policies rules remove-preconfig-waf-exclusion - remove an exclusion configuration for preconfigured WAF evaluation from a security policy rule
- SYNOPSIS
-
-
gcloud compute security-policies rules remove-preconfig-waf-exclusion
PRIORITY
--target-rule-set
=TARGET_RULE_SET
[--region
=REGION
] [--request-cookie-to-exclude
=[op
=OP
],[val
=VAL
]] [--request-header-to-exclude
=[op
=OP
],[val
=VAL
]] [--request-query-param-to-exclude
=[op
=OP
],[val
=VAL
]] [--request-uri-to-exclude
=[op
=OP
],[val
=VAL
]] [--security-policy
=SECURITY_POLICY
] [--target-rule-ids
=[RULE_ID
,…]] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
-
gcloud compute security-policies rules remove-preconfig-waf-exclusion
is used to remove an exclusion configuration for preconfigured WAF evaluation from a security policy rule.Note that request field exclusions are associated with a target, which can be a single rule set, or a rule set plus a list of rule IDs under the rule set.
It is possible to remove request field exclusions at 3 levels:
- Remove specific request field exclusions that are associated with a matching target.
- Remove all the request field exclusions that are associated with a matching target.
- Remove all the request field exclusions that are configured under the security policy rule, regardless of the target.
- EXAMPLES
-
To remove specific request field exclusions that are associated with the target
of 'sqli-stable': ['owasp-crs-v030001-id942110-sqli',
'owasp-crs-v030001-id942120-sqli'], run:
gcloud compute security-policies rules remove-preconfig-waf-exclusion 1000 --security-policy=my-policy --target-rule-set=sqli-stable --target-rule-ids=owasp-crs-v030001-id942110-sqli,owasp-crs-v030001-id942120-sqli --request-header-to-exclude=op=EQUALS,val=abc --request-header-to-exclude=op=STARTS_WITH,val=xyz --request-uri-to-exclude=op=EQUALS_ANY
To remove all the request field exclusions that are associated with the target of 'sqli-stable': ['owasp-crs-v030001-id942110-sqli', 'owasp-crs-v030001-id942120-sqli'], run:
gcloud compute security-policies rules remove-preconfig-waf-exclusion 1000 --security-policy=my-policy --target-rule-set=sqli-stable --target-rule-ids=owasp-crs-v030001-id942110-sqli,owasp-crs-v030001-id942120-sqli
To remove all the request field exclusions that are associated with the target of 'sqli-stable': [], run:
gcloud compute security-policies rules remove-preconfig-waf-exclusion 1000 --security-policy=my-policy --target-rule-set=sqli-stable
To remove all the request field exclusions that are configured under the security policy rule, regardless of the target, run:
gcloud compute security-policies rules remove-preconfig-waf-exclusion 1000 --security-policy=my-policy --target-rule-set=*
- POSITIONAL ARGUMENTS
-
PRIORITY
- The priority of the rule to remove the exclusion configuration for preconfigured WAF evaluation. Rules are evaluated in order from highest priority to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
- REQUIRED FLAGS
-
--target-rule-set
=TARGET_RULE_SET
-
Target WAF rule set from where to remove the request field exclusions.
This, together with the target rule IDs (if given), determines the target for associating request field exclusions. See
--target-rule-ids
.Note that the removal of request field exclusions is restricted to those associated with a matching target. Set this flag to * if you want to remove request field exclusions regardless of the target.
- OPTIONAL FLAGS
-
--region
=REGION
-
Region of the security policy to remove the exclusion configuration for
preconfigured WAF evaluation. If not specified, you might be prompted to select
a region (interactive mode only).
A list of regions can be fetched by running:
gcloud compute regions list
Overrides the default
compute/region
property value for this command invocation. -
Removes a request cookie from the existing request field exclusions associated
with the rule set and rule IDs (if given).
You can specify an exact match or a partial match by using a field operator and a field value. Available field operators are:
-
: the operator matches if the field value equals the specified value.EQUALS
-
: the operator matches if the field value starts with the specified value.STARTS_WITH
-
: the operator matches if the field value ends with the specified value.ENDS_WITH
-
: the operator matches if the field value contains the specified value.CONTAINS
-
: the operator matches if the field value is any value.EQUALS_ANY
A field value must be given if the field operator is not
, and cannot be given if the field operator isEQUALS_ANY
. For example,EQUALS_ANY
--request-header-to-exclude op=EQUALS,val=abc
or--request-header-to-exclude op=EQUALS_ANY
.This flag can be repeated to specify multiple request headers to exclude. For example,
--request-header-to-exclude op=EQUALS,val=abc --request-header-to-exclude op=STARTS_WITH,val=xyz
. -
--request-header-to-exclude
=[op
=OP
],[val
=VAL
]-
Removes a request header from the existing request field exclusions associated
with the rule set and rule IDs (if given).
Refer to the syntax under
--request-cookie-to-exclude
.This flag can be repeated to specify multiple request headers.
--request-query-param-to-exclude
=[op
=OP
],[val
=VAL
]-
Removes a request query parameter from the existing request field exclusions
associated with the rule set and rule IDs (if given).
Refer to the syntax under
--request-cookie-to-exclude
.This flag can be repeated to specify multiple request query parameters.
--request-uri-to-exclude
=[op
=OP
],[val
=VAL
]-
Removes a request URI from the existing request field exclusions associated with
the rule set and rule IDs (if given).
Refer to the syntax under
--request-cookie-to-exclude
.This flag can be repeated to specify multiple request URIs.
--security-policy
=SECURITY_POLICY
- The security policy that this rule belongs to.
--target-rule-ids
=[RULE_ID
,…]- A comma-separated list of target rule IDs under the WAF rule set from where to remove the request field exclusions. If omitted, the removal of request field exclusions is restricted to those associated with the rule set only, without specific rule IDs.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
These variants are also available:
gcloud alpha compute security-policies rules remove-preconfig-waf-exclusion
gcloud beta compute security-policies rules remove-preconfig-waf-exclusion
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-06-04 UTC.