mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-16 20:36:39 +00:00
gcloud: Wed Mar 15 11:22:01 UTC 2023
This commit is contained in:
parent
29661f002c
commit
a4bd29dd06
164 changed files with 2541 additions and 844 deletions
|
|
@ -2,7 +2,7 @@ NAME
|
|||
gcloud compute commitments update - update Compute Engine commitments
|
||||
|
||||
SYNOPSIS
|
||||
gcloud compute commitments update COMMITMENT [--auto-renew]
|
||||
gcloud compute commitments update COMMITMENT [--auto-renew] [--plan=PLAN]
|
||||
[--region=REGION] [GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
|
|
@ -15,6 +15,18 @@ EXAMPLES
|
|||
$ gcloud compute commitments update commitment-1 --auto-renew \
|
||||
--region=us-central1
|
||||
|
||||
To disable auto renewal on a commitment called commitment-1 in the
|
||||
us-central1 region, run:
|
||||
|
||||
$ gcloud compute commitments update commitment-1 --no-auto-renew \
|
||||
--region=us-central1
|
||||
|
||||
To upgrade the term of a commitment called commitment-1 from 12-month to
|
||||
36-month, in the us-central1 region, run:
|
||||
|
||||
$ gcloud compute commitments update commitment-1 --plan=36-month \
|
||||
--region=us-central1
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
COMMITMENT
|
||||
Name of the commitment to update.
|
||||
|
|
@ -23,6 +35,10 @@ FLAGS
|
|||
--auto-renew
|
||||
Enable auto renewal for the commitment.
|
||||
|
||||
--plan=PLAN
|
||||
Duration of the commitment. PLAN must be (only one value is supported):
|
||||
36-month.
|
||||
|
||||
--region=REGION
|
||||
Region of the commitment to update. If not specified, you might be
|
||||
prompted to select a region (interactive mode only).
|
||||
|
|
|
|||
|
|
@ -117,7 +117,7 @@ OPTIONAL FLAGS
|
|||
Enables one or more features for VM instances that use the image for
|
||||
their boot disks. See the descriptions of supported features at:
|
||||
https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features.
|
||||
GUEST_OS_FEATURE must be (currently only one value is supported):
|
||||
GUEST_OS_FEATURE must be (only one value is supported):
|
||||
UEFI_COMPATIBLE.
|
||||
|
||||
--log-location=LOG_LOCATION
|
||||
|
|
|
|||
|
|
@ -17,6 +17,8 @@ SYNOPSIS
|
|||
[--external-ipv6-address=EXTERNAL_IPV6_ADDRESS]
|
||||
[--external-ipv6-prefix-length=EXTERNAL_IPV6_PREFIX_LENGTH]
|
||||
[--instance-termination-action=INSTANCE_TERMINATION_ACTION]
|
||||
[--internal-ipv6-address=INTERNAL_IPV6_ADDRESS]
|
||||
[--internal-ipv6-prefix-length=INTERNAL_IPV6_PREFIX_LENGTH]
|
||||
[--ipv6-network-tier=IPV6_NETWORK_TIER]
|
||||
[--key-revocation-action-type=POLICY] [--labels=[KEY=VALUE,...]]
|
||||
[--local-ssd=[device-name=DEVICE-NAME],[interface=INTERFACE]]
|
||||
|
|
@ -363,10 +365,23 @@ FLAGS
|
|||
Default. Stop the VM without preserving memory. The VM can be
|
||||
restarted later.
|
||||
|
||||
--internal-ipv6-address=INTERNAL_IPV6_ADDRESS
|
||||
Assigns the given internal IPv6 address or range to the instance that
|
||||
is created. The address must be the first IP address in the range or
|
||||
from a /96 IP address range. This option can be used only when creating
|
||||
a single instance.
|
||||
|
||||
--internal-ipv6-prefix-length=INTERNAL_IPV6_PREFIX_LENGTH
|
||||
Optional field that indicates the prefix length of the internal IPv6
|
||||
address range. It should be used together with --internal-ipv6-address.
|
||||
Only /96 IP address range is supported and the default value is 96. If
|
||||
not set, either the prefix length from --internal-ipv6-address will be
|
||||
used or the default value of 96 will be assigned.
|
||||
|
||||
--ipv6-network-tier=IPV6_NETWORK_TIER
|
||||
Specifies the IPv6 network tier that will be used to configure the
|
||||
instance network interface IPv6 access config. IPV6_NETWORK_TIER must
|
||||
be (currently only one value is supported):
|
||||
be (only one value is supported):
|
||||
|
||||
PREMIUM
|
||||
High quality, Google-grade network tier.
|
||||
|
|
|
|||
|
|
@ -20,6 +20,8 @@ SYNOPSIS
|
|||
[--external-ipv6-prefix-length=EXTERNAL_IPV6_PREFIX_LENGTH]
|
||||
[--hostname=HOSTNAME]
|
||||
[--instance-termination-action=INSTANCE_TERMINATION_ACTION]
|
||||
[--internal-ipv6-address=INTERNAL_IPV6_ADDRESS]
|
||||
[--internal-ipv6-prefix-length=INTERNAL_IPV6_PREFIX_LENGTH]
|
||||
[--ipv6-network-tier=IPV6_NETWORK_TIER]
|
||||
[--ipv6-public-ptr-domain=IPV6_PUBLIC_PTR_DOMAIN]
|
||||
[--key-revocation-action-type=POLICY] [--labels=[KEY=VALUE,...]]
|
||||
|
|
@ -430,10 +432,23 @@ FLAGS
|
|||
Default. Stop the VM without preserving memory. The VM can be
|
||||
restarted later.
|
||||
|
||||
--internal-ipv6-address=INTERNAL_IPV6_ADDRESS
|
||||
Assigns the given internal IPv6 address or range to the instance that
|
||||
is created. The address must be the first IP address in the range or
|
||||
from a /96 IP address range. This option can be used only when creating
|
||||
a single instance.
|
||||
|
||||
--internal-ipv6-prefix-length=INTERNAL_IPV6_PREFIX_LENGTH
|
||||
Optional field that indicates the prefix length of the internal IPv6
|
||||
address range. It should be used together with --internal-ipv6-address.
|
||||
Only /96 IP address range is supported and the default value is 96. If
|
||||
not set, either the prefix length from --internal-ipv6-address will be
|
||||
used or the default value of 96 will be assigned.
|
||||
|
||||
--ipv6-network-tier=IPV6_NETWORK_TIER
|
||||
Specifies the IPv6 network tier that will be used to configure the
|
||||
instance network interface IPv6 access config. IPV6_NETWORK_TIER must
|
||||
be (currently only one value is supported):
|
||||
be (only one value is supported):
|
||||
|
||||
PREMIUM
|
||||
High quality, Google-grade network tier.
|
||||
|
|
@ -597,6 +612,13 @@ FLAGS
|
|||
Specifies the Network Interface Controller (NIC) type for the
|
||||
interface. NIC_TYPE must be one of: GVNIC, VIRTIO_NET.
|
||||
|
||||
queue-count
|
||||
Specifies the networking queue count for this interface. Both Rx
|
||||
and Tx queues will be set to this number. If it's not specified, a
|
||||
default queue count will be assigned. For Virtio-net, each
|
||||
interface will get min(floor(#vCPU / #vNIC), 32) queues. For gVNIC,
|
||||
each interface will get min(floor(#vCPU / #vNIC / 2), 16) qeueus.
|
||||
|
||||
stack-type
|
||||
Specifies whether IPv6 is enabled on the interface. STACK_TYPE must
|
||||
be one of: IPV4_ONLY, IPV4_IPV6. The default value is IPV4_ONLY.
|
||||
|
|
|
|||
|
|
@ -124,7 +124,7 @@ OPTIONAL FLAGS
|
|||
Enables one or more features for VM instances that use the image for
|
||||
their boot disks. See the descriptions of supported features at:
|
||||
https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features.
|
||||
GUEST_OS_FEATURE must be (currently only one value is supported):
|
||||
GUEST_OS_FEATURE must be (only one value is supported):
|
||||
UEFI_COMPATIBLE.
|
||||
|
||||
--hostname=HOSTNAME
|
||||
|
|
|
|||
|
|
@ -6,6 +6,8 @@ SYNOPSIS
|
|||
gcloud compute instances network-interfaces update INSTANCE_NAME
|
||||
[--aliases=ALIASES] [--external-ipv6-address=EXTERNAL_IPV6_ADDRESS]
|
||||
[--external-ipv6-prefix-length=EXTERNAL_IPV6_PREFIX_LENGTH]
|
||||
[--internal-ipv6-address=INTERNAL_IPV6_ADDRESS]
|
||||
[--internal-ipv6-prefix-length=INTERNAL_IPV6_PREFIX_LENGTH]
|
||||
[--ipv6-network-tier=IPV6_NETWORK_TIER] [--network=NETWORK]
|
||||
[--network-interface=NETWORK_INTERFACE; default="nic0"]
|
||||
[--private-network-ip=PRIVATE_NETWORK_IP] [--stack-type=STACK_TYPE]
|
||||
|
|
@ -53,10 +55,24 @@ FLAGS
|
|||
be used together with --external-ipv6-address. Currently only /96 is
|
||||
supported and the default value is 96.
|
||||
|
||||
--internal-ipv6-address=INTERNAL_IPV6_ADDRESS
|
||||
Assigns the given internal IPv6 address or range to an instance. The
|
||||
address must be the first IP address in the range or a /96 IP address
|
||||
range. This option can only be used on a dual stack instance network
|
||||
interface.
|
||||
|
||||
--internal-ipv6-prefix-length=INTERNAL_IPV6_PREFIX_LENGTH
|
||||
Optional field that indicates the prefix length of the internal IPv6
|
||||
address range, should be used together with
|
||||
--internal-ipv6-address=fd20::. Only /96 IP address range is supported
|
||||
and the default value is 96. If not set, then either the prefix length
|
||||
from --internal-ipv6-address=fd20::/96 will be used or the default
|
||||
value of 96 will be assigned.
|
||||
|
||||
--ipv6-network-tier=IPV6_NETWORK_TIER
|
||||
Specifies the IPv6 network tier that will be used to configure the
|
||||
instance network interface IPv6 access config. IPV6_NETWORK_TIER must
|
||||
be (currently only one value is supported):
|
||||
be (only one value is supported):
|
||||
|
||||
PREMIUM
|
||||
High quality, Google-grade network tier.
|
||||
|
|
|
|||
|
|
@ -124,7 +124,7 @@ OPTIONAL FLAGS
|
|||
Enables one or more features for VM instances that use the image for
|
||||
their boot disks. See the descriptions of supported features at:
|
||||
https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features.
|
||||
GUEST_OS_FEATURE must be (currently only one value is supported):
|
||||
GUEST_OS_FEATURE must be (only one value is supported):
|
||||
UEFI_COMPATIBLE.
|
||||
|
||||
--labels=[KEY=VALUE,...]
|
||||
|
|
|
|||
|
|
@ -146,7 +146,7 @@ FLAGS
|
|||
--purpose=PURPOSE
|
||||
The purpose of the subnetwork is set to REGIONAL_MANAGED_PROXY to
|
||||
migrate from the INTERNAL_HTTPS_LOAD_BALANCER purpose. PURPOSE must
|
||||
be (currently only one value is supported):
|
||||
be (only one value is supported):
|
||||
|
||||
REGIONAL_MANAGED_PROXY
|
||||
The proxy-only subnet for regional HTTP(S) load balancers.
|
||||
|
|
@ -166,7 +166,7 @@ FLAGS
|
|||
This field is only valid when updating a reserved IP address range
|
||||
used for the purpose of Internal HTTP(S) Load Balancer.
|
||||
|
||||
ROLE must be (currently only one value is supported):
|
||||
ROLE must be (only one value is supported):
|
||||
|
||||
ACTIVE
|
||||
The ACTIVE subnet that is currently used.
|
||||
|
|
|
|||
|
|
@ -18,8 +18,8 @@ POSITIONAL ARGUMENTS
|
|||
|
||||
REQUIRED FLAGS
|
||||
--status=STATUS
|
||||
The status of public advertised prefix. STATUS must be (currently only
|
||||
one value is supported): ptr-configured.
|
||||
The status of public advertised prefix. STATUS must be (only one value
|
||||
is supported): ptr-configured.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
|
|
|
|||
|
|
@ -141,7 +141,7 @@ OPTIONAL FLAGS
|
|||
this peer. This list can only be specified in custom advertisement
|
||||
mode.
|
||||
|
||||
GROUP must be (currently only one value is supported):
|
||||
GROUP must be (only one value is supported):
|
||||
|
||||
ALL_SUBNETS
|
||||
Automatically advertise all available subnets. This excludes any
|
||||
|
|
|
|||
|
|
@ -90,7 +90,7 @@ OPTIONAL FLAGS
|
|||
this router. This list can only be specified in custom advertisement
|
||||
mode.
|
||||
|
||||
GROUP must be (currently only one value is supported):
|
||||
GROUP must be (only one value is supported):
|
||||
|
||||
ALL_SUBNETS
|
||||
Automatically advertise all available subnets. This excludes any
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ FLAGS
|
|||
this router. This list can only be specified in custom advertisement
|
||||
mode.
|
||||
|
||||
GROUP must be (currently only one value is supported):
|
||||
GROUP must be (only one value is supported):
|
||||
|
||||
ALL_SUBNETS
|
||||
Automatically advertise all available subnets. This excludes any
|
||||
|
|
@ -101,7 +101,7 @@ FLAGS
|
|||
this router. This list is appended to any existing advertisements.
|
||||
This field can only be specified in custom advertisement mode.
|
||||
|
||||
GROUP must be (currently only one value is supported):
|
||||
GROUP must be (only one value is supported):
|
||||
|
||||
ALL_SUBNETS
|
||||
Automatically advertise all available subnets. This excludes any
|
||||
|
|
@ -122,7 +122,7 @@ FLAGS
|
|||
the current set of custom advertisements. This field can only be
|
||||
specified in custom advertisement mode.
|
||||
|
||||
GROUP must be (currently only one value is supported):
|
||||
GROUP must be (only one value is supported):
|
||||
|
||||
ALL_SUBNETS
|
||||
Automatically advertise all available subnets. This excludes any
|
||||
|
|
|
|||
|
|
@ -127,7 +127,7 @@ OPTIONAL FLAGS
|
|||
this peer. This list can only be specified in custom advertisement
|
||||
mode.
|
||||
|
||||
GROUP must be (currently only one value is supported):
|
||||
GROUP must be (only one value is supported):
|
||||
|
||||
ALL_SUBNETS
|
||||
Automatically advertise all available subnets. This excludes any
|
||||
|
|
@ -148,7 +148,7 @@ OPTIONAL FLAGS
|
|||
this peer. This list is appended to any existing advertisements. This
|
||||
field can only be specified in custom advertisement mode.
|
||||
|
||||
GROUP must be (currently only one value is supported):
|
||||
GROUP must be (only one value is supported):
|
||||
|
||||
ALL_SUBNETS
|
||||
Automatically advertise all available subnets. This excludes any
|
||||
|
|
@ -169,7 +169,7 @@ OPTIONAL FLAGS
|
|||
current set of custom advertisements. This field can only be
|
||||
specified in custom advertisement mode.
|
||||
|
||||
GROUP must be (currently only one value is supported):
|
||||
GROUP must be (only one value is supported):
|
||||
|
||||
ALL_SUBNETS
|
||||
Automatically advertise all available subnets. This excludes any
|
||||
|
|
|
|||
|
|
@ -0,0 +1,146 @@
|
|||
NAME
|
||||
gcloud compute security-policies rules add-preconfig-waf-exclusion - add an
|
||||
exclusion configuration for preconfigured WAF evaluation into a
|
||||
security policy rule
|
||||
|
||||
SYNOPSIS
|
||||
gcloud compute security-policies rules add-preconfig-waf-exclusion PRIORITY
|
||||
--target-rule-set=TARGET_RULE_SET
|
||||
[--request-cookie-to-exclude=[op=OP],[val=VAL]]
|
||||
[--request-header-to-exclude=[op=OP],[val=VAL]]
|
||||
[--request-query-param-to-exclude=[op=OP],[val=VAL]]
|
||||
[--request-uri-to-exclude=[op=OP],[val=VAL]]
|
||||
[--security-policy=SECURITY_POLICY] [--target-rule-ids=[RULE_ID,...]]
|
||||
[GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
gcloud compute security-policies rules add-preconfig-waf-exclusion is used
|
||||
to add an exclusion configuration for preconfigured WAF evaluation into a
|
||||
security policy rule.
|
||||
|
||||
Note that request field exclusions are associated with a target, which can
|
||||
be a single rule set, or a rule set plus a list of rule IDs under the rule
|
||||
set.
|
||||
|
||||
EXAMPLES
|
||||
To add specific request field exclusions that are associated with the
|
||||
target of 'sqli-stable': ['owasp-crs-v030001-id942110-sqli',
|
||||
'owasp-crs-v030001-id942120-sqli'], run:
|
||||
|
||||
$ gcloud compute security-policies rules \
|
||||
add-preconfig-waf-exclusion 1000 --security-policy=my-policy \
|
||||
--target-rule-set=sqli-stable \
|
||||
--target-rule-ids=owasp-crs-v030001-id942110-sqli,\
|
||||
owasp-crs-v030001-id942120-sqli \
|
||||
--request-header-to-exclude=op=EQUALS,val=abc \
|
||||
--request-header-to-exclude=op=STARTS_WITH,val=xyz \
|
||||
--request-uri-to-exclude=op=EQUALS_ANY
|
||||
|
||||
To add specific request field exclusions that are associated with the
|
||||
target of 'sqli-stable': [], run:
|
||||
|
||||
$ gcloud compute security-policies rules \
|
||||
add-preconfig-waf-exclusion 1000 --security-policy=my-policy \
|
||||
--target-rule-set=sqli-stable \
|
||||
--request-cookie-to-exclude=op=EQUALS_ANY
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
PRIORITY
|
||||
The priority of the rule to add the exclusion configuration for
|
||||
preconfigured WAF evaluation. Rules are evaluated in order from highest
|
||||
priority to lowest priority where 0 is the highest priority and
|
||||
2147483647 is the lowest priority.
|
||||
|
||||
REQUIRED FLAGS
|
||||
--target-rule-set=TARGET_RULE_SET
|
||||
Target WAF rule set where the request field exclusions being added
|
||||
would apply.
|
||||
|
||||
This, together with the target rule IDs (if given), determines the
|
||||
target for associating request field exclusions. See --target-rule-ids.
|
||||
|
||||
OPTIONAL FLAGS
|
||||
--request-cookie-to-exclude=[op=OP],[val=VAL]
|
||||
Adds a request cookie to the request field exclusions associated with
|
||||
the rule set and rule IDs (if given). This specifies a request cookie
|
||||
whose value will be excluded from inspection during preconfigured WAF
|
||||
evaluation.
|
||||
|
||||
You can specify an exact match or a partial match by using a field
|
||||
operator and a field value. Available field operators are:
|
||||
◆ EQUALS: the operator matches if the field value equals the
|
||||
specified value.
|
||||
◆ STARTS_WITH: the operator matches if the field value starts with
|
||||
the specified value.
|
||||
◆ ENDS_WITH: the operator matches if the field value ends with the
|
||||
specified value.
|
||||
◆ CONTAINS: the operator matches if the field value contains the
|
||||
specified value.
|
||||
◆ EQUALS_ANY: the operator matches if the field value is any value.
|
||||
|
||||
A field value must be given if the field operator is not EQUALS_ANY,
|
||||
and cannot be given if the field operator is EQUALS_ANY. For example,
|
||||
--request-header-to-exclude op=EQUALS,val=abc or
|
||||
--request-header-to-exclude op=EQUALS_ANY.
|
||||
|
||||
This flag can be repeated to specify multiple request headers to
|
||||
exclude. For example, --request-header-to-exclude op=EQUALS,val=abc
|
||||
--request-header-to-exclude op=STARTS_WITH,val=xyz.
|
||||
|
||||
--request-header-to-exclude=[op=OP],[val=VAL]
|
||||
Adds a request header to the request field exclusions associated with
|
||||
the rule set and rule IDs (if given). This specifies a request header
|
||||
whose value will be excluded from inspection during preconfigured WAF
|
||||
evaluation.
|
||||
|
||||
Refer to the syntax under --request-cookie-to-exclude.
|
||||
|
||||
This flag can be repeated to specify multiple request headers.
|
||||
|
||||
--request-query-param-to-exclude=[op=OP],[val=VAL]
|
||||
Adds a request query parameter to the request field exclusions
|
||||
associated with the rule set and rule IDs (if given). This specifies a
|
||||
request query parameter in the query string or in the POST body whose
|
||||
value will be excluded from inspection during preconfigured WAF
|
||||
evaluation.
|
||||
|
||||
Refer to the syntax under --request-cookie-to-exclude.
|
||||
|
||||
This flag can be repeated to specify multiple request query parameters.
|
||||
|
||||
--request-uri-to-exclude=[op=OP],[val=VAL]
|
||||
Adds a request URI to the request field exclusions associated with the
|
||||
rule set and rule IDs (if given). This specifies a request URI from the
|
||||
request line to be excluded from inspection during preconfigured WAF
|
||||
evaluation.
|
||||
|
||||
Refer to the syntax under --request-cookie-to-exclude.
|
||||
|
||||
This flag can be repeated to specify multiple request URIs.
|
||||
|
||||
--security-policy=SECURITY_POLICY
|
||||
The security policy that this rule belongs to.
|
||||
|
||||
--target-rule-ids=[RULE_ID,...]
|
||||
A comma-separated list of target rule IDs under the WAF rule set where
|
||||
the request field exclusions being added would apply. If omitted, the
|
||||
added request field exclusions will be associated with the rule set
|
||||
only, which would apply to all the rule IDs under the rule set.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
||||
--trace-token, --user-output-enabled, --verbosity.
|
||||
|
||||
Run $ gcloud help for details.
|
||||
|
||||
NOTES
|
||||
These variants are also available:
|
||||
|
||||
$ gcloud alpha compute security-policies rules \
|
||||
add-preconfig-waf-exclusion
|
||||
|
||||
$ gcloud beta compute security-policies rules \
|
||||
add-preconfig-waf-exclusion
|
||||
|
||||
|
|
@ -102,8 +102,8 @@ OPTIONAL FLAGS
|
|||
--conform-action=CONFORM_ACTION
|
||||
Action to take when requests are under the given threshold. When
|
||||
requests are throttled, this is also the action for all requests which
|
||||
are not dropped. CONFORM_ACTION must be (currently only one value is
|
||||
supported): allow.
|
||||
are not dropped. CONFORM_ACTION must be (only one value is supported):
|
||||
allow.
|
||||
|
||||
--description=DESCRIPTION
|
||||
An optional, textual description for the rule.
|
||||
|
|
|
|||
|
|
@ -16,6 +16,10 @@ GCLOUD WIDE FLAGS
|
|||
COMMANDS
|
||||
COMMAND is one of the following:
|
||||
|
||||
add-preconfig-waf-exclusion
|
||||
Add an exclusion configuration for preconfigured WAF evaluation into a
|
||||
security policy rule.
|
||||
|
||||
create
|
||||
Create a Compute Engine security policy rule.
|
||||
|
||||
|
|
@ -25,6 +29,10 @@ COMMANDS
|
|||
describe
|
||||
Describe a Compute Engine security policy rule.
|
||||
|
||||
remove-preconfig-waf-exclusion
|
||||
Remove an exclusion configuration for preconfigured WAF evaluation from
|
||||
a security policy rule.
|
||||
|
||||
update
|
||||
Update a Compute Engine security policy rule.
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,164 @@
|
|||
NAME
|
||||
gcloud compute security-policies rules remove-preconfig-waf-exclusion -
|
||||
remove an exclusion configuration for preconfigured WAF evaluation from
|
||||
a security policy rule
|
||||
|
||||
SYNOPSIS
|
||||
gcloud compute security-policies rules remove-preconfig-waf-exclusion
|
||||
PRIORITY --target-rule-set=TARGET_RULE_SET
|
||||
[--request-cookie-to-exclude=[op=OP],[val=VAL]]
|
||||
[--request-header-to-exclude=[op=OP],[val=VAL]]
|
||||
[--request-query-param-to-exclude=[op=OP],[val=VAL]]
|
||||
[--request-uri-to-exclude=[op=OP],[val=VAL]]
|
||||
[--security-policy=SECURITY_POLICY] [--target-rule-ids=[RULE_ID,...]]
|
||||
[GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
gcloud compute security-policies rules remove-preconfig-waf-exclusion is
|
||||
used to remove an exclusion configuration for preconfigured WAF evaluation
|
||||
from a security policy rule.
|
||||
|
||||
Note that request field exclusions are associated with a target, which can
|
||||
be a single rule set, or a rule set plus a list of rule IDs under the rule
|
||||
set.
|
||||
|
||||
It is possible to remove request field exclusions at 3 levels:
|
||||
▪ Remove specific request field exclusions that are associated with a
|
||||
matching target.
|
||||
▪ Remove all the request field exclusions that are associated with a
|
||||
matching target.
|
||||
▪ Remove all the request field exclusions that are configured under the
|
||||
security policy rule, regardless of the target.
|
||||
|
||||
EXAMPLES
|
||||
To remove specific request field exclusions that are associated with the
|
||||
target of 'sqli-stable': ['owasp-crs-v030001-id942110-sqli',
|
||||
'owasp-crs-v030001-id942120-sqli'], run:
|
||||
|
||||
$ gcloud compute security-policies rules \
|
||||
remove-preconfig-waf-exclusion 1000 \
|
||||
--security-policy=my-policy --target-rule-set=sqli-stable \
|
||||
--target-rule-ids=owasp-crs-v030001-id942110-sqli,\
|
||||
owasp-crs-v030001-id942120-sqli \
|
||||
--request-header-to-exclude=op=EQUALS,val=abc \
|
||||
--request-header-to-exclude=op=STARTS_WITH,val=xyz \
|
||||
--request-uri-to-exclude=op=EQUALS_ANY
|
||||
|
||||
To remove all the request field exclusions that are associated with the
|
||||
target of 'sqli-stable': ['owasp-crs-v030001-id942110-sqli',
|
||||
'owasp-crs-v030001-id942120-sqli'], run:
|
||||
|
||||
$ gcloud compute security-policies rules \
|
||||
remove-preconfig-waf-exclusion 1000 \
|
||||
--security-policy=my-policy --target-rule-set=sqli-stable \
|
||||
--target-rule-ids=owasp-crs-v030001-id942110-sqli,\
|
||||
owasp-crs-v030001-id942120-sqli
|
||||
|
||||
To remove all the request field exclusions that are associated with the
|
||||
target of 'sqli-stable': [], run:
|
||||
|
||||
$ gcloud compute security-policies rules \
|
||||
remove-preconfig-waf-exclusion 1000 \
|
||||
--security-policy=my-policy --target-rule-set=sqli-stable
|
||||
|
||||
To remove all the request field exclusions that are configured under the
|
||||
security policy rule, regardless of the target, run:
|
||||
|
||||
$ gcloud compute security-policies rules \
|
||||
remove-preconfig-waf-exclusion 1000 \
|
||||
--security-policy=my-policy --target-rule-set=*
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
PRIORITY
|
||||
The priority of the rule to remove the exclusion configuration for
|
||||
preconfigured WAF evaluation. Rules are evaluated in order from highest
|
||||
priority to lowest priority where 0 is the highest priority and
|
||||
2147483647 is the lowest priority.
|
||||
|
||||
REQUIRED FLAGS
|
||||
--target-rule-set=TARGET_RULE_SET
|
||||
Target WAF rule set from where to remove the request field exclusions.
|
||||
|
||||
This, together with the target rule IDs (if given), determines the
|
||||
target for associating request field exclusions. See --target-rule-ids.
|
||||
|
||||
Note that the removal of request field exclusions is restricted to
|
||||
those associated with a matching target. Set this flag to * if you want
|
||||
to remove request field exclusions regardless of the target.
|
||||
|
||||
OPTIONAL FLAGS
|
||||
--request-cookie-to-exclude=[op=OP],[val=VAL]
|
||||
Removes a request cookie from the existing request field exclusions
|
||||
associated with the rule set and rule IDs (if given).
|
||||
|
||||
You can specify an exact match or a partial match by using a field
|
||||
operator and a field value. Available field operators are:
|
||||
◆ EQUALS: the operator matches if the field value equals the
|
||||
specified value.
|
||||
◆ STARTS_WITH: the operator matches if the field value starts with
|
||||
the specified value.
|
||||
◆ ENDS_WITH: the operator matches if the field value ends with the
|
||||
specified value.
|
||||
◆ CONTAINS: the operator matches if the field value contains the
|
||||
specified value.
|
||||
◆ EQUALS_ANY: the operator matches if the field value is any value.
|
||||
|
||||
A field value must be given if the field operator is not EQUALS_ANY,
|
||||
and cannot be given if the field operator is EQUALS_ANY. For example,
|
||||
--request-header-to-exclude op=EQUALS,val=abc or
|
||||
--request-header-to-exclude op=EQUALS_ANY.
|
||||
|
||||
This flag can be repeated to specify multiple request headers to
|
||||
exclude. For example, --request-header-to-exclude op=EQUALS,val=abc
|
||||
--request-header-to-exclude op=STARTS_WITH,val=xyz.
|
||||
|
||||
--request-header-to-exclude=[op=OP],[val=VAL]
|
||||
Removes a request header from the existing request field exclusions
|
||||
associated with the rule set and rule IDs (if given).
|
||||
|
||||
Refer to the syntax under --request-cookie-to-exclude.
|
||||
|
||||
This flag can be repeated to specify multiple request headers.
|
||||
|
||||
--request-query-param-to-exclude=[op=OP],[val=VAL]
|
||||
Removes a request query parameter from the existing request field
|
||||
exclusions associated with the rule set and rule IDs (if given).
|
||||
|
||||
Refer to the syntax under --request-cookie-to-exclude.
|
||||
|
||||
This flag can be repeated to specify multiple request query parameters.
|
||||
|
||||
--request-uri-to-exclude=[op=OP],[val=VAL]
|
||||
Removes a request URI from the existing request field exclusions
|
||||
associated with the rule set and rule IDs (if given).
|
||||
|
||||
Refer to the syntax under --request-cookie-to-exclude.
|
||||
|
||||
This flag can be repeated to specify multiple request URIs.
|
||||
|
||||
--security-policy=SECURITY_POLICY
|
||||
The security policy that this rule belongs to.
|
||||
|
||||
--target-rule-ids=[RULE_ID,...]
|
||||
A comma-separated list of target rule IDs under the WAF rule set from
|
||||
where to remove the request field exclusions. If omitted, the removal
|
||||
of request field exclusions is restricted to those associated with the
|
||||
rule set only, without specific rule IDs.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
||||
--trace-token, --user-output-enabled, --verbosity.
|
||||
|
||||
Run $ gcloud help for details.
|
||||
|
||||
NOTES
|
||||
These variants are also available:
|
||||
|
||||
$ gcloud alpha compute security-policies rules \
|
||||
remove-preconfig-waf-exclusion
|
||||
|
||||
$ gcloud beta compute security-policies rules \
|
||||
remove-preconfig-waf-exclusion
|
||||
|
||||
|
|
@ -91,8 +91,8 @@ FLAGS
|
|||
--conform-action=CONFORM_ACTION
|
||||
Action to take when requests are under the given threshold. When
|
||||
requests are throttled, this is also the action for all requests which
|
||||
are not dropped. CONFORM_ACTION must be (currently only one value is
|
||||
supported): allow.
|
||||
are not dropped. CONFORM_ACTION must be (only one value is supported):
|
||||
allow.
|
||||
|
||||
--description=DESCRIPTION
|
||||
An optional, textual description for the rule.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue