mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-08 10:35:03 +00:00
125 lines
5.4 KiB
Text
125 lines
5.4 KiB
Text
NAME
|
|
gcloud alpha compute security-policies update - update a Compute Engine
|
|
security policy
|
|
|
|
SYNOPSIS
|
|
gcloud alpha compute security-policies update NAME
|
|
[--ddos-protection=DDOS_PROTECTION] [--description=DESCRIPTION]
|
|
[--enable-layer7-ddos-defense] [--enable-ml]
|
|
[--json-custom-content-types=[CONTENT_TYPE,...]]
|
|
[--json-parsing=JSON_PARSING]
|
|
[--layer7-ddos-defense-auto-deploy-confidence-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_CONFIDENCE_THRESHOLD]
|
|
[--layer7-ddos-defense-auto-deploy-expiration-sec=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_EXPIRATION_SEC]
|
|
[--layer7-ddos-defense-auto-deploy-impacted-baseline-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_IMPACTED_BASELINE_THRESHOLD]
|
|
[--layer7-ddos-defense-auto-deploy-load-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_LOAD_THRESHOLD]
|
|
[--layer7-ddos-defense-rule-visibility=VISIBILITY_TYPE]
|
|
[--log-level=LOG_LEVEL]
|
|
[--network-ddos-protection=NETWORK_DDOS_PROTECTION]
|
|
[--recaptcha-redirect-site-key=RECAPTCHA_REDIRECT_SITE_KEY]
|
|
[--user-ip-request-headers=[USER_IP_REQUEST_HEADER,...]]
|
|
[--global | --region=REGION] [GCLOUD_WIDE_FLAG ...]
|
|
|
|
DESCRIPTION
|
|
(ALPHA) gcloud alpha compute security-policies update is used to update
|
|
security policies.
|
|
|
|
EXAMPLES
|
|
To update the description run this:
|
|
|
|
$ gcloud alpha compute security-policies update SECURITY_POLICY \
|
|
--description='new description'
|
|
|
|
POSITIONAL ARGUMENTS
|
|
NAME
|
|
Name of the security policy to update.
|
|
|
|
FLAGS
|
|
--ddos-protection=DDOS_PROTECTION
|
|
The DDoS protection level for network load balancing and instances with
|
|
external IPs. DDOS_PROTECTION must be one of: STANDARD, ADVANCED,
|
|
ADVANCED_PREVIEW.
|
|
|
|
--description=DESCRIPTION
|
|
An optional, textual description for the security policy.
|
|
|
|
--enable-layer7-ddos-defense
|
|
Whether to enable Cloud Armor Layer 7 DDoS Defense Adaptive Protection.
|
|
|
|
--enable-ml
|
|
Whether to enable Cloud Armor Adaptive Protection
|
|
|
|
--json-custom-content-types=[CONTENT_TYPE,...]
|
|
A comma-separated list of custom Content-Type header values to apply
|
|
JSON parsing for preconfigured WAF rules. Only applicable when JSON
|
|
parsing is enabled, like --json-parsing=STANDARD. When configuring a
|
|
Content-Type header value, only the type/subtype needs to be specified,
|
|
and the parameters should be excluded.
|
|
|
|
--json-parsing=JSON_PARSING
|
|
The JSON parsing behavior for this rule. Must be one of the following
|
|
values: [DISABLED, STANDARD, STANDARD_WITH_GRAPHQL]. JSON_PARSING must
|
|
be one of: DISABLED, STANDARD, STANDARD_WITH_GRAPHQL.
|
|
|
|
--layer7-ddos-defense-auto-deploy-confidence-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_CONFIDENCE_THRESHOLD
|
|
Confidence threshold above which Adaptive Protection's auto-deploy
|
|
takes actions
|
|
|
|
--layer7-ddos-defense-auto-deploy-expiration-sec=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_EXPIRATION_SEC
|
|
Duration over which Adaptive Protection's auto-deployed actions last
|
|
|
|
--layer7-ddos-defense-auto-deploy-impacted-baseline-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_IMPACTED_BASELINE_THRESHOLD
|
|
Impacted baseline threshold below which Adaptive Protection's
|
|
auto-deploy takes actions
|
|
|
|
--layer7-ddos-defense-auto-deploy-load-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_LOAD_THRESHOLD
|
|
Load threshold above which Adaptive Protection's auto-deploy takes
|
|
actions
|
|
|
|
--layer7-ddos-defense-rule-visibility=VISIBILITY_TYPE
|
|
The visibility type indicates whether the rules are opaque or
|
|
transparent. VISIBILITY_TYPE must be one of: STANDARD, PREMIUM.
|
|
|
|
--log-level=LOG_LEVEL
|
|
The level of detail to display for WAF logging. LOG_LEVEL must be one
|
|
of: NORMAL, VERBOSE.
|
|
|
|
--network-ddos-protection=NETWORK_DDOS_PROTECTION
|
|
The DDoS protection level for network load balancing and instances with
|
|
external IPs. NETWORK_DDOS_PROTECTION must be one of: STANDARD,
|
|
ADVANCED, ADVANCED_PREVIEW.
|
|
|
|
--recaptcha-redirect-site-key=RECAPTCHA_REDIRECT_SITE_KEY
|
|
The reCAPTCHA site key to be used for rules using the redirect action
|
|
and the google-recaptcha redirect type under the security policy.
|
|
|
|
--user-ip-request-headers=[USER_IP_REQUEST_HEADER,...]
|
|
A comma-separated list of request header names to use for resolving the
|
|
caller's user IP address.
|
|
|
|
At most one of these can be specified:
|
|
|
|
--global
|
|
If set, the security policy is global.
|
|
|
|
--region=REGION
|
|
Region of the security policy to update. Overrides the default
|
|
compute/region property value for this command invocation.
|
|
|
|
GCLOUD WIDE FLAGS
|
|
These flags are available to all commands: --access-token-file, --account,
|
|
--billing-project, --configuration, --flags-file, --flatten, --format,
|
|
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
|
--trace-token, --user-output-enabled, --verbosity.
|
|
|
|
Run $ gcloud help for details.
|
|
|
|
NOTES
|
|
This command is currently in alpha and might change without notice. If this
|
|
command fails with API permission errors despite specifying the correct
|
|
project, you might be trying to access an API with an invitation-only early
|
|
access allowlist. These variants are also available:
|
|
|
|
$ gcloud compute security-policies update
|
|
|
|
$ gcloud beta compute security-policies update
|
|
|