NAME
    gcloud compute org-security-policies rules remove-preconfig-waf-exclusion -
        remove an exclusion configuration for preconfigured WAF evaluation from
        a security policy rule

SYNOPSIS
    gcloud compute org-security-policies rules remove-preconfig-waf-exclusion
        PRIORITY --security-policy=SECURITY_POLICY
        --target-rule-set=TARGET_RULE_SET [--organization=ORGANIZATION]
        [--request-cookie-to-exclude=[op=OP],[val=VAL]]
        [--request-header-to-exclude=[op=OP],[val=VAL]]
        [--request-query-param-to-exclude=[op=OP],[val=VAL]]
        [--request-uri-to-exclude=[op=OP],[val=VAL]]
        [--target-rule-ids=[RULE_ID,...]] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    gcloud compute org-security-policies rules remove-preconfig-waf-exclusion
    is used to remove an exclusion configuration for preconfigured WAF
    evaluation from a security policy rule.

    Note that request field exclusions are associated with a target, which can
    be a single rule set, or a rule set plus a list of rule IDs under the rule
    set.

    It is possible to remove request field exclusions at 3 levels:
      ▪ Remove specific request field exclusions that are associated with a
        matching target.
      ▪ Remove all the request field exclusions that are associated with a
        matching target.
      ▪ Remove all the request field exclusions that are configured under the
        security policy rule, regardless of the target.

EXAMPLES
    To remove specific request field exclusions that are associated with the
    target of 'sqli-stable': ['owasp-crs-v030001-id942110-sqli',
    'owasp-crs-v030001-id942120-sqli'], run:

        $ gcloud compute org-security-policies rules \
            remove-preconfig-waf-exclusion 1000 \
            --security-policy=1234567890 --target-rule-set=sqli-stable \
            --target-rule-ids='owasp-crs-v030001-id942110-sqli',\
        'owasp-crs-v030001-id942120-sqli' \
            --request-header-to-exclude='op=EQUALS,val=abc' \
            --request-header-to-exclude='op=STARTS_WITH,val=xyz' \
            --request-uri-to-exclude='op=EQUALS_ANY'

    To remove all the request field exclusions that are associated with the
    target of 'sqli-stable': ['owasp-crs-v030001-id942110-sqli',
    'owasp-crs-v030001-id942120-sqli'], run:

        $ gcloud compute org-security-policies rules \
            remove-preconfig-waf-exclusion 1000 \
            --security-policy=1234567890 --target-rule-set=sqli-stable \
            --target-rule-ids='owasp-crs-v030001-id942110-sqli',\
        'owasp-crs-v030001-id942120-sqli'

    To remove all the request field exclusions that are associated with the
    target of 'sqli-stable': [], run:

        $ gcloud compute org-security-policies rules \
            remove-preconfig-waf-exclusion 1000 \
            --security-policy=1234567890 --target-rule-set=sqli-stable

    To remove all the request field exclusions that are configured under the
    security policy rule, regardless of the target, run:

        $ gcloud compute org-security-policies rules \
            remove-preconfig-waf-exclusion 1000 \
            --security-policy=1234567890 --target-rule-set=*

POSITIONAL ARGUMENTS
     PRIORITY
        Priority of the security policy rule to remove preconfig WAF exclusion.

REQUIRED FLAGS
     --security-policy=SECURITY_POLICY
        short name of the security policy into which the rule should be
        updated.

     --target-rule-set=TARGET_RULE_SET
        Target WAF rule set from where to remove the request field exclusions.

        This, together with the target rule IDs (if given), determines the
        target for associating request field exclusions. See --target-rule-ids.

        Note that the removal of request field exclusions is restricted to
        those associated with a matching target. Set this flag to * if you want
        to remove request field exclusions regardless of the target.

OPTIONAL FLAGS
     --organization=ORGANIZATION
        Organization which the organization security policy belongs to. Must be
        set if SECURITY_POLICY is short name.

     --request-cookie-to-exclude=[op=OP],[val=VAL]
        Removes a request cookie from the existing request field exclusions
        associated with the rule set and rule IDs (if given).

        You can specify an exact match or a partial match by using a field
        operator and a field value. Available field operators are:
        ◆ EQUALS: the operator matches if the field value equals the
          specified value.
        ◆ STARTS_WITH: the operator matches if the field value starts with
          the specified value.
        ◆ ENDS_WITH: the operator matches if the field value ends with the
          specified value.
        ◆ CONTAINS: the operator matches if the field value contains the
          specified value.
        ◆ EQUALS_ANY: the operator matches if the field value is any value.

        A field value must be given if the field operator is not EQUALS_ANY,
        and cannot be given if the field operator is EQUALS_ANY. For example,
        --request-header-to-exclude op=EQUALS,val=abc or
        --request-header-to-exclude op=EQUALS_ANY.

        This flag can be repeated to specify multiple request headers to
        exclude. For example, --request-header-to-exclude op=EQUALS,val=abc
        --request-header-to-exclude op=STARTS_WITH,val=xyz.

     --request-header-to-exclude=[op=OP],[val=VAL]
        Removes a request header from the existing request field exclusions
        associated with the rule set and rule IDs (if given).

        Refer to the syntax under --request-cookie-to-exclude.

        This flag can be repeated to specify multiple request headers.

     --request-query-param-to-exclude=[op=OP],[val=VAL]
        Removes a request query parameter from the existing request field
        exclusions associated with the rule set and rule IDs (if given).

        Refer to the syntax under --request-cookie-to-exclude.

        This flag can be repeated to specify multiple request query parameters.

     --request-uri-to-exclude=[op=OP],[val=VAL]
        Removes a request URI from the existing request field exclusions
        associated with the rule set and rule IDs (if given).

        Refer to the syntax under --request-cookie-to-exclude.

        This flag can be repeated to specify multiple request URIs.

     --target-rule-ids=[RULE_ID,...]
        A comma-separated list of target rule IDs under the WAF rule set from
        where to remove the request field exclusions. If omitted, the removal
        of request field exclusions is restricted to those associated with the
        rule set only, without specific rule IDs.

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.

NOTES
    These variants are also available:

        $ gcloud alpha compute org-security-policies rules \
            remove-preconfig-waf-exclusion

        $ gcloud beta compute org-security-policies rules \
            remove-preconfig-waf-exclusion

