mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-16 12:22:03 +00:00
167 lines
7.4 KiB
Text
167 lines
7.4 KiB
Text
NAME
|
|
gcloud alpha compute security-policies rules remove-preconfig-waf-exclusion
|
|
- remove an exclusion configuration for preconfigured WAF evaluation
|
|
from a security policy rule
|
|
|
|
SYNOPSIS
|
|
gcloud alpha compute security-policies rules remove-preconfig-waf-exclusion
|
|
PRIORITY --target-rule-set=TARGET_RULE_SET
|
|
[--request-cookie-to-exclude=[op=OP],[val=VAL]]
|
|
[--request-header-to-exclude=[op=OP],[val=VAL]]
|
|
[--request-query-param-to-exclude=[op=OP],[val=VAL]]
|
|
[--request-uri-to-exclude=[op=OP],[val=VAL]]
|
|
[--security-policy=SECURITY_POLICY] [--target-rule-ids=[RULE_ID,...]]
|
|
[GCLOUD_WIDE_FLAG ...]
|
|
|
|
DESCRIPTION
|
|
(ALPHA) gcloud alpha compute security-policies rules
|
|
remove-preconfig-waf-exclusion is used to remove an exclusion configuration
|
|
for preconfigured WAF evaluation from a security policy rule.
|
|
|
|
Note that request field exclusions are associated with a target, which can
|
|
be a single rule set, or a rule set plus a list of rule IDs under the rule
|
|
set.
|
|
|
|
It is possible to remove request field exclusions at 3 levels:
|
|
▪ Remove specific request field exclusions that are associated with a
|
|
matching target.
|
|
▪ Remove all the request field exclusions that are associated with a
|
|
matching target.
|
|
▪ Remove all the request field exclusions that are configured under the
|
|
security policy rule, regardless of the target.
|
|
|
|
EXAMPLES
|
|
To remove specific request field exclusions that are associated with the
|
|
target of 'sqli-stable': ['owasp-crs-v030001-id942110-sqli',
|
|
'owasp-crs-v030001-id942120-sqli'], run:
|
|
|
|
$ gcloud alpha compute security-policies rules \
|
|
remove-preconfig-waf-exclusion 1000 \
|
|
--security-policy=my-policy --target-rule-set=sqli-stable \
|
|
--target-rule-ids=owasp-crs-v030001-id942110-sqli,\
|
|
owasp-crs-v030001-id942120-sqli \
|
|
--request-header-to-exclude=op=EQUALS,val=abc \
|
|
--request-header-to-exclude=op=STARTS_WITH,val=xyz \
|
|
--request-uri-to-exclude=op=EQUALS_ANY
|
|
|
|
To remove all the request field exclusions that are associated with the
|
|
target of 'sqli-stable': ['owasp-crs-v030001-id942110-sqli',
|
|
'owasp-crs-v030001-id942120-sqli'], run:
|
|
|
|
$ gcloud alpha compute security-policies rules \
|
|
remove-preconfig-waf-exclusion 1000 \
|
|
--security-policy=my-policy --target-rule-set=sqli-stable \
|
|
--target-rule-ids=owasp-crs-v030001-id942110-sqli,\
|
|
owasp-crs-v030001-id942120-sqli
|
|
|
|
To remove all the request field exclusions that are associated with the
|
|
target of 'sqli-stable': [], run:
|
|
|
|
$ gcloud alpha compute security-policies rules \
|
|
remove-preconfig-waf-exclusion 1000 \
|
|
--security-policy=my-policy --target-rule-set=sqli-stable
|
|
|
|
To remove all the request field exclusions that are configured under the
|
|
security policy rule, regardless of the target, run:
|
|
|
|
$ gcloud alpha compute security-policies rules \
|
|
remove-preconfig-waf-exclusion 1000 \
|
|
--security-policy=my-policy --target-rule-set=*
|
|
|
|
POSITIONAL ARGUMENTS
|
|
PRIORITY
|
|
The priority of the rule to remove the exclusion configuration for
|
|
preconfigured WAF evaluation. Rules are evaluated in order from highest
|
|
priority to lowest priority where 0 is the highest priority and
|
|
2147483647 is the lowest priority.
|
|
|
|
REQUIRED FLAGS
|
|
--target-rule-set=TARGET_RULE_SET
|
|
Target WAF rule set from where to remove the request field exclusions.
|
|
|
|
This, together with the target rule IDs (if given), determines the
|
|
target for associating request field exclusions. See --target-rule-ids.
|
|
|
|
Note that the removal of request field exclusions is restricted to
|
|
those associated with a matching target. Set this flag to * if you want
|
|
to remove request field exclusions regardless of the target.
|
|
|
|
OPTIONAL FLAGS
|
|
--request-cookie-to-exclude=[op=OP],[val=VAL]
|
|
Removes a request cookie from the existing request field exclusions
|
|
associated with the rule set and rule IDs (if given).
|
|
|
|
You can specify an exact match or a partial match by using a field
|
|
operator and a field value. Available field operators are:
|
|
◆ EQUALS: the operator matches if the field value equals the
|
|
specified value.
|
|
◆ STARTS_WITH: the operator matches if the field value starts with
|
|
the specified value.
|
|
◆ ENDS_WITH: the operator matches if the field value ends with the
|
|
specified value.
|
|
◆ CONTAINS: the operator matches if the field value contains the
|
|
specified value.
|
|
◆ EQUALS_ANY: the operator matches if the field value is any value.
|
|
|
|
A field value must be given if the field operator is not EQUALS_ANY,
|
|
and cannot be given if the field operator is EQUALS_ANY. For example,
|
|
--request-header-to-exclude op=EQUALS,val=abc or
|
|
--request-header-to-exclude op=EQUALS_ANY.
|
|
|
|
This flag can be repeated to specify multiple request headers to
|
|
exclude. For example, --request-header-to-exclude op=EQUALS,val=abc
|
|
--request-header-to-exclude op=STARTS_WITH,val=xyz.
|
|
|
|
--request-header-to-exclude=[op=OP],[val=VAL]
|
|
Removes a request header from the existing request field exclusions
|
|
associated with the rule set and rule IDs (if given).
|
|
|
|
Refer to the syntax under --request-cookie-to-exclude.
|
|
|
|
This flag can be repeated to specify multiple request headers.
|
|
|
|
--request-query-param-to-exclude=[op=OP],[val=VAL]
|
|
Removes a request query parameter from the existing request field
|
|
exclusions associated with the rule set and rule IDs (if given).
|
|
|
|
Refer to the syntax under --request-cookie-to-exclude.
|
|
|
|
This flag can be repeated to specify multiple request query parameters.
|
|
|
|
--request-uri-to-exclude=[op=OP],[val=VAL]
|
|
Removes a request URI from the existing request field exclusions
|
|
associated with the rule set and rule IDs (if given).
|
|
|
|
Refer to the syntax under --request-cookie-to-exclude.
|
|
|
|
This flag can be repeated to specify multiple request URIs.
|
|
|
|
--security-policy=SECURITY_POLICY
|
|
The security policy that this rule belongs to.
|
|
|
|
--target-rule-ids=[RULE_ID,...]
|
|
A comma-separated list of target rule IDs under the WAF rule set from
|
|
where to remove the request field exclusions. If omitted, the removal
|
|
of request field exclusions is restricted to those associated with the
|
|
rule set only, without specific rule IDs.
|
|
|
|
GCLOUD WIDE FLAGS
|
|
These flags are available to all commands: --access-token-file, --account,
|
|
--billing-project, --configuration, --flags-file, --flatten, --format,
|
|
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
|
--trace-token, --user-output-enabled, --verbosity.
|
|
|
|
Run $ gcloud help for details.
|
|
|
|
NOTES
|
|
This command is currently in alpha and might change without notice. If this
|
|
command fails with API permission errors despite specifying the correct
|
|
project, you might be trying to access an API with an invitation-only early
|
|
access allowlist. These variants are also available:
|
|
|
|
$ gcloud compute security-policies rules \
|
|
remove-preconfig-waf-exclusion
|
|
|
|
$ gcloud beta compute security-policies rules \
|
|
remove-preconfig-waf-exclusion
|
|
|