1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-16 20:36:39 +00:00
gcloud-help/gcloud/alpha/compute/security-policies/rules/remove-preconfig-waf-exclusion
2023-03-15 11:22:01 +00:00

167 lines
7.4 KiB
Text

NAME
gcloud alpha compute security-policies rules remove-preconfig-waf-exclusion
- remove an exclusion configuration for preconfigured WAF evaluation
from a security policy rule
SYNOPSIS
gcloud alpha compute security-policies rules remove-preconfig-waf-exclusion
PRIORITY --target-rule-set=TARGET_RULE_SET
[--request-cookie-to-exclude=[op=OP],[val=VAL]]
[--request-header-to-exclude=[op=OP],[val=VAL]]
[--request-query-param-to-exclude=[op=OP],[val=VAL]]
[--request-uri-to-exclude=[op=OP],[val=VAL]]
[--security-policy=SECURITY_POLICY] [--target-rule-ids=[RULE_ID,...]]
[GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) gcloud alpha compute security-policies rules
remove-preconfig-waf-exclusion is used to remove an exclusion configuration
for preconfigured WAF evaluation from a security policy rule.
Note that request field exclusions are associated with a target, which can
be a single rule set, or a rule set plus a list of rule IDs under the rule
set.
It is possible to remove request field exclusions at 3 levels:
▪ Remove specific request field exclusions that are associated with a
matching target.
▪ Remove all the request field exclusions that are associated with a
matching target.
▪ Remove all the request field exclusions that are configured under the
security policy rule, regardless of the target.
EXAMPLES
To remove specific request field exclusions that are associated with the
target of 'sqli-stable': ['owasp-crs-v030001-id942110-sqli',
'owasp-crs-v030001-id942120-sqli'], run:
$ gcloud alpha compute security-policies rules \
remove-preconfig-waf-exclusion 1000 \
--security-policy=my-policy --target-rule-set=sqli-stable \
--target-rule-ids=owasp-crs-v030001-id942110-sqli,\
owasp-crs-v030001-id942120-sqli \
--request-header-to-exclude=op=EQUALS,val=abc \
--request-header-to-exclude=op=STARTS_WITH,val=xyz \
--request-uri-to-exclude=op=EQUALS_ANY
To remove all the request field exclusions that are associated with the
target of 'sqli-stable': ['owasp-crs-v030001-id942110-sqli',
'owasp-crs-v030001-id942120-sqli'], run:
$ gcloud alpha compute security-policies rules \
remove-preconfig-waf-exclusion 1000 \
--security-policy=my-policy --target-rule-set=sqli-stable \
--target-rule-ids=owasp-crs-v030001-id942110-sqli,\
owasp-crs-v030001-id942120-sqli
To remove all the request field exclusions that are associated with the
target of 'sqli-stable': [], run:
$ gcloud alpha compute security-policies rules \
remove-preconfig-waf-exclusion 1000 \
--security-policy=my-policy --target-rule-set=sqli-stable
To remove all the request field exclusions that are configured under the
security policy rule, regardless of the target, run:
$ gcloud alpha compute security-policies rules \
remove-preconfig-waf-exclusion 1000 \
--security-policy=my-policy --target-rule-set=*
POSITIONAL ARGUMENTS
PRIORITY
The priority of the rule to remove the exclusion configuration for
preconfigured WAF evaluation. Rules are evaluated in order from highest
priority to lowest priority where 0 is the highest priority and
2147483647 is the lowest priority.
REQUIRED FLAGS
--target-rule-set=TARGET_RULE_SET
Target WAF rule set from where to remove the request field exclusions.
This, together with the target rule IDs (if given), determines the
target for associating request field exclusions. See --target-rule-ids.
Note that the removal of request field exclusions is restricted to
those associated with a matching target. Set this flag to * if you want
to remove request field exclusions regardless of the target.
OPTIONAL FLAGS
--request-cookie-to-exclude=[op=OP],[val=VAL]
Removes a request cookie from the existing request field exclusions
associated with the rule set and rule IDs (if given).
You can specify an exact match or a partial match by using a field
operator and a field value. Available field operators are:
◆ EQUALS: the operator matches if the field value equals the
specified value.
◆ STARTS_WITH: the operator matches if the field value starts with
the specified value.
◆ ENDS_WITH: the operator matches if the field value ends with the
specified value.
◆ CONTAINS: the operator matches if the field value contains the
specified value.
◆ EQUALS_ANY: the operator matches if the field value is any value.
A field value must be given if the field operator is not EQUALS_ANY,
and cannot be given if the field operator is EQUALS_ANY. For example,
--request-header-to-exclude op=EQUALS,val=abc or
--request-header-to-exclude op=EQUALS_ANY.
This flag can be repeated to specify multiple request headers to
exclude. For example, --request-header-to-exclude op=EQUALS,val=abc
--request-header-to-exclude op=STARTS_WITH,val=xyz.
--request-header-to-exclude=[op=OP],[val=VAL]
Removes a request header from the existing request field exclusions
associated with the rule set and rule IDs (if given).
Refer to the syntax under --request-cookie-to-exclude.
This flag can be repeated to specify multiple request headers.
--request-query-param-to-exclude=[op=OP],[val=VAL]
Removes a request query parameter from the existing request field
exclusions associated with the rule set and rule IDs (if given).
Refer to the syntax under --request-cookie-to-exclude.
This flag can be repeated to specify multiple request query parameters.
--request-uri-to-exclude=[op=OP],[val=VAL]
Removes a request URI from the existing request field exclusions
associated with the rule set and rule IDs (if given).
Refer to the syntax under --request-cookie-to-exclude.
This flag can be repeated to specify multiple request URIs.
--security-policy=SECURITY_POLICY
The security policy that this rule belongs to.
--target-rule-ids=[RULE_ID,...]
A comma-separated list of target rule IDs under the WAF rule set from
where to remove the request field exclusions. If omitted, the removal
of request field exclusions is restricted to those associated with the
rule set only, without specific rule IDs.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
NOTES
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct
project, you might be trying to access an API with an invitation-only early
access allowlist. These variants are also available:
$ gcloud compute security-policies rules \
remove-preconfig-waf-exclusion
$ gcloud beta compute security-policies rules \
remove-preconfig-waf-exclusion