Google Cloud v8.30.0 published on Monday, May 12, 2025 by Pulumi
gcp.compute.getSecurityPolicy
Explore with Pulumi AI
To get more information about Google Compute Security Policy, see:
- API documentation
- How-to Guides
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const sp1 = gcp.compute.getSecurityPolicy({
    name: "my-policy",
    project: "my-project",
});
const sp2 = gcp.compute.getSecurityPolicy({
    selfLink: "https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy",
});
import pulumi
import pulumi_gcp as gcp
sp1 = gcp.compute.get_security_policy(name="my-policy",
    project="my-project")
sp2 = gcp.compute.get_security_policy(self_link="https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy")
package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := compute.LookupSecurityPolicy(ctx, &compute.LookupSecurityPolicyArgs{
			Name:    pulumi.StringRef("my-policy"),
			Project: pulumi.StringRef("my-project"),
		}, nil)
		if err != nil {
			return err
		}
		_, err = compute.LookupSecurityPolicy(ctx, &compute.LookupSecurityPolicyArgs{
			SelfLink: pulumi.StringRef("https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() => 
{
    var sp1 = Gcp.Compute.GetSecurityPolicy.Invoke(new()
    {
        Name = "my-policy",
        Project = "my-project",
    });
    var sp2 = Gcp.Compute.GetSecurityPolicy.Invoke(new()
    {
        SelfLink = "https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy",
    });
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.ComputeFunctions;
import com.pulumi.gcp.compute.inputs.GetSecurityPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var sp1 = ComputeFunctions.getSecurityPolicy(GetSecurityPolicyArgs.builder()
            .name("my-policy")
            .project("my-project")
            .build());
        final var sp2 = ComputeFunctions.getSecurityPolicy(GetSecurityPolicyArgs.builder()
            .selfLink("https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy")
            .build());
    }
}
variables:
  sp1:
    fn::invoke:
      function: gcp:compute:getSecurityPolicy
      arguments:
        name: my-policy
        project: my-project
  sp2:
    fn::invoke:
      function: gcp:compute:getSecurityPolicy
      arguments:
        selfLink: https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy
Using getSecurityPolicy
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSecurityPolicy(args: GetSecurityPolicyArgs, opts?: InvokeOptions): Promise<GetSecurityPolicyResult>
function getSecurityPolicyOutput(args: GetSecurityPolicyOutputArgs, opts?: InvokeOptions): Output<GetSecurityPolicyResult>def get_security_policy(name: Optional[str] = None,
                        project: Optional[str] = None,
                        self_link: Optional[str] = None,
                        opts: Optional[InvokeOptions] = None) -> GetSecurityPolicyResult
def get_security_policy_output(name: Optional[pulumi.Input[str]] = None,
                        project: Optional[pulumi.Input[str]] = None,
                        self_link: Optional[pulumi.Input[str]] = None,
                        opts: Optional[InvokeOptions] = None) -> Output[GetSecurityPolicyResult]func LookupSecurityPolicy(ctx *Context, args *LookupSecurityPolicyArgs, opts ...InvokeOption) (*LookupSecurityPolicyResult, error)
func LookupSecurityPolicyOutput(ctx *Context, args *LookupSecurityPolicyOutputArgs, opts ...InvokeOption) LookupSecurityPolicyResultOutput> Note: This function is named LookupSecurityPolicy in the Go SDK.
public static class GetSecurityPolicy 
{
    public static Task<GetSecurityPolicyResult> InvokeAsync(GetSecurityPolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetSecurityPolicyResult> Invoke(GetSecurityPolicyInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetSecurityPolicyResult> getSecurityPolicy(GetSecurityPolicyArgs args, InvokeOptions options)
public static Output<GetSecurityPolicyResult> getSecurityPolicy(GetSecurityPolicyArgs args, InvokeOptions options)
fn::invoke:
  function: gcp:compute/getSecurityPolicy:getSecurityPolicy
  arguments:
    # arguments dictionaryThe following arguments are supported:
getSecurityPolicy Result
The following output properties are available:
- AdaptiveProtection List<GetConfigs Security Policy Adaptive Protection Config> 
- AdvancedOptions List<GetConfigs Security Policy Advanced Options Config> 
- Description string
- Fingerprint string
- Id string
- The provider-assigned unique ID for this managed resource.
- RecaptchaOptions List<GetConfigs Security Policy Recaptcha Options Config> 
- Rules
List<GetSecurity Policy Rule> 
- Type string
- Name string
- Project string
- SelfLink string
- AdaptiveProtection []GetConfigs Security Policy Adaptive Protection Config 
- AdvancedOptions []GetConfigs Security Policy Advanced Options Config 
- Description string
- Fingerprint string
- Id string
- The provider-assigned unique ID for this managed resource.
- RecaptchaOptions []GetConfigs Security Policy Recaptcha Options Config 
- Rules
[]GetSecurity Policy Rule Type 
- Type string
- Name string
- Project string
- SelfLink string
- adaptiveProtection List<GetConfigs Security Policy Adaptive Protection Config> 
- advancedOptions List<GetConfigs Security Policy Advanced Options Config> 
- description String
- fingerprint String
- id String
- The provider-assigned unique ID for this managed resource.
- recaptchaOptions List<GetConfigs Security Policy Recaptcha Options Config> 
- rules
List<GetSecurity Policy Rule> 
- type String
- name String
- project String
- selfLink String
- adaptiveProtection GetConfigs Security Policy Adaptive Protection Config[] 
- advancedOptions GetConfigs Security Policy Advanced Options Config[] 
- description string
- fingerprint string
- id string
- The provider-assigned unique ID for this managed resource.
- recaptchaOptions GetConfigs Security Policy Recaptcha Options Config[] 
- rules
GetSecurity Policy Rule[] 
- type string
- name string
- project string
- selfLink string
- adaptive_protection_ Sequence[Getconfigs Security Policy Adaptive Protection Config] 
- advanced_options_ Sequence[Getconfigs Security Policy Advanced Options Config] 
- description str
- fingerprint str
- id str
- The provider-assigned unique ID for this managed resource.
- recaptcha_options_ Sequence[Getconfigs Security Policy Recaptcha Options Config] 
- rules
Sequence[GetSecurity Policy Rule] 
- type str
- name str
- project str
- self_link str
- adaptiveProtection List<Property Map>Configs 
- advancedOptions List<Property Map>Configs 
- description String
- fingerprint String
- id String
- The provider-assigned unique ID for this managed resource.
- recaptchaOptions List<Property Map>Configs 
- rules List<Property Map>
- type String
- name String
- project String
- selfLink String
Supporting Types
GetSecurityPolicyAdaptiveProtectionConfig     
- AutoDeploy List<GetConfigs Security Policy Adaptive Protection Config Auto Deploy Config> 
- Auto Deploy Config of this security policy
- Layer7DdosDefense List<GetConfigs Security Policy Adaptive Protection Config Layer7Ddos Defense Config> 
- Layer 7 DDoS Defense Config of this security policy
- AutoDeploy []GetConfigs Security Policy Adaptive Protection Config Auto Deploy Config 
- Auto Deploy Config of this security policy
- Layer7DdosDefense []GetConfigs Security Policy Adaptive Protection Config Layer7Ddos Defense Config 
- Layer 7 DDoS Defense Config of this security policy
- autoDeploy List<GetConfigs Security Policy Adaptive Protection Config Auto Deploy Config> 
- Auto Deploy Config of this security policy
- layer7DdosDefense List<GetConfigs Security Policy Adaptive Protection Config Layer7Ddos Defense Config> 
- Layer 7 DDoS Defense Config of this security policy
- autoDeploy GetConfigs Security Policy Adaptive Protection Config Auto Deploy Config[] 
- Auto Deploy Config of this security policy
- layer7DdosDefense GetConfigs Security Policy Adaptive Protection Config Layer7Ddos Defense Config[] 
- Layer 7 DDoS Defense Config of this security policy
- auto_deploy_ Sequence[Getconfigs Security Policy Adaptive Protection Config Auto Deploy Config] 
- Auto Deploy Config of this security policy
- layer7_ddos_ Sequence[Getdefense_ configs Security Policy Adaptive Protection Config Layer7Ddos Defense Config] 
- Layer 7 DDoS Defense Config of this security policy
- autoDeploy List<Property Map>Configs 
- Auto Deploy Config of this security policy
- layer7DdosDefense List<Property Map>Configs 
- Layer 7 DDoS Defense Config of this security policy
GetSecurityPolicyAdaptiveProtectionConfigAutoDeployConfig        
- ConfidenceThreshold double
- Rules are only automatically deployed for alerts on potential attacks with confidence scores greater than this threshold.
- ExpirationSec int
- Google Cloud Armor stops applying the action in the automatically deployed rule to an identified attacker after this duration. The rule continues to operate against new requests.
- ImpactedBaseline doubleThreshold 
- Rules are only automatically deployed when the estimated impact to baseline traffic from the suggested mitigation is below this threshold.
- LoadThreshold double
- Identifies new attackers only when the load to the backend service that is under attack exceeds this threshold.
- ConfidenceThreshold float64
- Rules are only automatically deployed for alerts on potential attacks with confidence scores greater than this threshold.
- ExpirationSec int
- Google Cloud Armor stops applying the action in the automatically deployed rule to an identified attacker after this duration. The rule continues to operate against new requests.
- ImpactedBaseline float64Threshold 
- Rules are only automatically deployed when the estimated impact to baseline traffic from the suggested mitigation is below this threshold.
- LoadThreshold float64
- Identifies new attackers only when the load to the backend service that is under attack exceeds this threshold.
- confidenceThreshold Double
- Rules are only automatically deployed for alerts on potential attacks with confidence scores greater than this threshold.
- expirationSec Integer
- Google Cloud Armor stops applying the action in the automatically deployed rule to an identified attacker after this duration. The rule continues to operate against new requests.
- impactedBaseline DoubleThreshold 
- Rules are only automatically deployed when the estimated impact to baseline traffic from the suggested mitigation is below this threshold.
- loadThreshold Double
- Identifies new attackers only when the load to the backend service that is under attack exceeds this threshold.
- confidenceThreshold number
- Rules are only automatically deployed for alerts on potential attacks with confidence scores greater than this threshold.
- expirationSec number
- Google Cloud Armor stops applying the action in the automatically deployed rule to an identified attacker after this duration. The rule continues to operate against new requests.
- impactedBaseline numberThreshold 
- Rules are only automatically deployed when the estimated impact to baseline traffic from the suggested mitigation is below this threshold.
- loadThreshold number
- Identifies new attackers only when the load to the backend service that is under attack exceeds this threshold.
- confidence_threshold float
- Rules are only automatically deployed for alerts on potential attacks with confidence scores greater than this threshold.
- expiration_sec int
- Google Cloud Armor stops applying the action in the automatically deployed rule to an identified attacker after this duration. The rule continues to operate against new requests.
- impacted_baseline_ floatthreshold 
- Rules are only automatically deployed when the estimated impact to baseline traffic from the suggested mitigation is below this threshold.
- load_threshold float
- Identifies new attackers only when the load to the backend service that is under attack exceeds this threshold.
- confidenceThreshold Number
- Rules are only automatically deployed for alerts on potential attacks with confidence scores greater than this threshold.
- expirationSec Number
- Google Cloud Armor stops applying the action in the automatically deployed rule to an identified attacker after this duration. The rule continues to operate against new requests.
- impactedBaseline NumberThreshold 
- Rules are only automatically deployed when the estimated impact to baseline traffic from the suggested mitigation is below this threshold.
- loadThreshold Number
- Identifies new attackers only when the load to the backend service that is under attack exceeds this threshold.
GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig        
- Enable bool
- If set to true, enables CAAP for L7 DDoS detection.
- RuleVisibility string
- Rule visibility. Supported values include: "STANDARD", "PREMIUM".
- ThresholdConfigs List<GetSecurity Policy Adaptive Protection Config Layer7Ddos Defense Config Threshold Config> 
- Configuration options for layer7 adaptive protection for various customizable thresholds.
- Enable bool
- If set to true, enables CAAP for L7 DDoS detection.
- RuleVisibility string
- Rule visibility. Supported values include: "STANDARD", "PREMIUM".
- ThresholdConfigs []GetSecurity Policy Adaptive Protection Config Layer7Ddos Defense Config Threshold Config 
- Configuration options for layer7 adaptive protection for various customizable thresholds.
- enable Boolean
- If set to true, enables CAAP for L7 DDoS detection.
- ruleVisibility String
- Rule visibility. Supported values include: "STANDARD", "PREMIUM".
- thresholdConfigs List<GetSecurity Policy Adaptive Protection Config Layer7Ddos Defense Config Threshold Config> 
- Configuration options for layer7 adaptive protection for various customizable thresholds.
- enable boolean
- If set to true, enables CAAP for L7 DDoS detection.
- ruleVisibility string
- Rule visibility. Supported values include: "STANDARD", "PREMIUM".
- thresholdConfigs GetSecurity Policy Adaptive Protection Config Layer7Ddos Defense Config Threshold Config[] 
- Configuration options for layer7 adaptive protection for various customizable thresholds.
- enable bool
- If set to true, enables CAAP for L7 DDoS detection.
- rule_visibility str
- Rule visibility. Supported values include: "STANDARD", "PREMIUM".
- threshold_configs Sequence[GetSecurity Policy Adaptive Protection Config Layer7Ddos Defense Config Threshold Config] 
- Configuration options for layer7 adaptive protection for various customizable thresholds.
- enable Boolean
- If set to true, enables CAAP for L7 DDoS detection.
- ruleVisibility String
- Rule visibility. Supported values include: "STANDARD", "PREMIUM".
- thresholdConfigs List<Property Map>
- Configuration options for layer7 adaptive protection for various customizable thresholds.
GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfig          
- AutoDeploy doubleConfidence Threshold 
- AutoDeploy intExpiration Sec 
- AutoDeploy doubleImpacted Baseline Threshold 
- AutoDeploy doubleLoad Threshold 
- DetectionAbsolute doubleQps 
- DetectionLoad doubleThreshold 
- DetectionRelative doubleTo Baseline Qps 
- Name string
- The name of the security policy. Provide either this or a self_link.
- TrafficGranularity List<GetConfigs Security Policy Adaptive Protection Config Layer7Ddos Defense Config Threshold Config Traffic Granularity Config> 
- AutoDeploy float64Confidence Threshold 
- AutoDeploy intExpiration Sec 
- AutoDeploy float64Impacted Baseline Threshold 
- AutoDeploy float64Load Threshold 
- DetectionAbsolute float64Qps 
- DetectionLoad float64Threshold 
- DetectionRelative float64To Baseline Qps 
- Name string
- The name of the security policy. Provide either this or a self_link.
- TrafficGranularity []GetConfigs Security Policy Adaptive Protection Config Layer7Ddos Defense Config Threshold Config Traffic Granularity Config 
- autoDeploy DoubleConfidence Threshold 
- autoDeploy IntegerExpiration Sec 
- autoDeploy DoubleImpacted Baseline Threshold 
- autoDeploy DoubleLoad Threshold 
- detectionAbsolute DoubleQps 
- detectionLoad DoubleThreshold 
- detectionRelative DoubleTo Baseline Qps 
- name String
- The name of the security policy. Provide either this or a self_link.
- trafficGranularity List<GetConfigs Security Policy Adaptive Protection Config Layer7Ddos Defense Config Threshold Config Traffic Granularity Config> 
- autoDeploy numberConfidence Threshold 
- autoDeploy numberExpiration Sec 
- autoDeploy numberImpacted Baseline Threshold 
- autoDeploy numberLoad Threshold 
- detectionAbsolute numberQps 
- detectionLoad numberThreshold 
- detectionRelative numberTo Baseline Qps 
- name string
- The name of the security policy. Provide either this or a self_link.
- trafficGranularity GetConfigs Security Policy Adaptive Protection Config Layer7Ddos Defense Config Threshold Config Traffic Granularity Config[] 
- auto_deploy_ floatconfidence_ threshold 
- auto_deploy_ intexpiration_ sec 
- auto_deploy_ floatimpacted_ baseline_ threshold 
- auto_deploy_ floatload_ threshold 
- detection_absolute_ floatqps 
- detection_load_ floatthreshold 
- detection_relative_ floatto_ baseline_ qps 
- name str
- The name of the security policy. Provide either this or a self_link.
- traffic_granularity_ Sequence[Getconfigs Security Policy Adaptive Protection Config Layer7Ddos Defense Config Threshold Config Traffic Granularity Config] 
- autoDeploy NumberConfidence Threshold 
- autoDeploy NumberExpiration Sec 
- autoDeploy NumberImpacted Baseline Threshold 
- autoDeploy NumberLoad Threshold 
- detectionAbsolute NumberQps 
- detectionLoad NumberThreshold 
- detectionRelative NumberTo Baseline Qps 
- name String
- The name of the security policy. Provide either this or a self_link.
- trafficGranularity List<Property Map>Configs 
GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfigTrafficGranularityConfig             
- EnableEach boolUnique Value 
- If enabled, traffic matching each unique value for the specified type constitutes a separate traffic unit. It can only be set to true if value is empty.
- Type string
- Type of this configuration.
- Value string
- Requests that match this value constitute a granular traffic unit.
- EnableEach boolUnique Value 
- If enabled, traffic matching each unique value for the specified type constitutes a separate traffic unit. It can only be set to true if value is empty.
- Type string
- Type of this configuration.
- Value string
- Requests that match this value constitute a granular traffic unit.
- enableEach BooleanUnique Value 
- If enabled, traffic matching each unique value for the specified type constitutes a separate traffic unit. It can only be set to true if value is empty.
- type String
- Type of this configuration.
- value String
- Requests that match this value constitute a granular traffic unit.
- enableEach booleanUnique Value 
- If enabled, traffic matching each unique value for the specified type constitutes a separate traffic unit. It can only be set to true if value is empty.
- type string
- Type of this configuration.
- value string
- Requests that match this value constitute a granular traffic unit.
- enable_each_ boolunique_ value 
- If enabled, traffic matching each unique value for the specified type constitutes a separate traffic unit. It can only be set to true if value is empty.
- type str
- Type of this configuration.
- value str
- Requests that match this value constitute a granular traffic unit.
- enableEach BooleanUnique Value 
- If enabled, traffic matching each unique value for the specified type constitutes a separate traffic unit. It can only be set to true if value is empty.
- type String
- Type of this configuration.
- value String
- Requests that match this value constitute a granular traffic unit.
GetSecurityPolicyAdvancedOptionsConfig     
- JsonCustom List<GetConfigs Security Policy Advanced Options Config Json Custom Config> 
- Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.
- JsonParsing string
- JSON body parsing. Supported values include: "DISABLED", "STANDARD".
- LogLevel string
- Logging level. Supported values include: "NORMAL", "VERBOSE".
- UserIp List<string>Request Headers 
- An optional list of case-insensitive request header names to use for resolving the callers client IP address.
- JsonCustom []GetConfigs Security Policy Advanced Options Config Json Custom Config 
- Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.
- JsonParsing string
- JSON body parsing. Supported values include: "DISABLED", "STANDARD".
- LogLevel string
- Logging level. Supported values include: "NORMAL", "VERBOSE".
- UserIp []stringRequest Headers 
- An optional list of case-insensitive request header names to use for resolving the callers client IP address.
- jsonCustom List<GetConfigs Security Policy Advanced Options Config Json Custom Config> 
- Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.
- jsonParsing String
- JSON body parsing. Supported values include: "DISABLED", "STANDARD".
- logLevel String
- Logging level. Supported values include: "NORMAL", "VERBOSE".
- userIp List<String>Request Headers 
- An optional list of case-insensitive request header names to use for resolving the callers client IP address.
- jsonCustom GetConfigs Security Policy Advanced Options Config Json Custom Config[] 
- Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.
- jsonParsing string
- JSON body parsing. Supported values include: "DISABLED", "STANDARD".
- logLevel string
- Logging level. Supported values include: "NORMAL", "VERBOSE".
- userIp string[]Request Headers 
- An optional list of case-insensitive request header names to use for resolving the callers client IP address.
- json_custom_ Sequence[Getconfigs Security Policy Advanced Options Config Json Custom Config] 
- Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.
- json_parsing str
- JSON body parsing. Supported values include: "DISABLED", "STANDARD".
- log_level str
- Logging level. Supported values include: "NORMAL", "VERBOSE".
- user_ip_ Sequence[str]request_ headers 
- An optional list of case-insensitive request header names to use for resolving the callers client IP address.
- jsonCustom List<Property Map>Configs 
- Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.
- jsonParsing String
- JSON body parsing. Supported values include: "DISABLED", "STANDARD".
- logLevel String
- Logging level. Supported values include: "NORMAL", "VERBOSE".
- userIp List<String>Request Headers 
- An optional list of case-insensitive request header names to use for resolving the callers client IP address.
GetSecurityPolicyAdvancedOptionsConfigJsonCustomConfig        
- ContentTypes List<string>
- A list of custom Content-Type header values to apply the JSON parsing.
- ContentTypes []string
- A list of custom Content-Type header values to apply the JSON parsing.
- contentTypes List<String>
- A list of custom Content-Type header values to apply the JSON parsing.
- contentTypes string[]
- A list of custom Content-Type header values to apply the JSON parsing.
- content_types Sequence[str]
- A list of custom Content-Type header values to apply the JSON parsing.
- contentTypes List<String>
- A list of custom Content-Type header values to apply the JSON parsing.
GetSecurityPolicyRecaptchaOptionsConfig     
- RedirectSite stringKey 
- A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.
- RedirectSite stringKey 
- A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.
- redirectSite StringKey 
- A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.
- redirectSite stringKey 
- A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.
- redirect_site_ strkey 
- A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.
- redirectSite StringKey 
- A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.
GetSecurityPolicyRule   
- Action string
- Action to take when match matches the request.
- Description string
- An optional description of this rule. Max size is 64.
- HeaderActions List<GetSecurity Policy Rule Header Action> 
- Additional actions that are performed on headers.
- Matches
List<GetSecurity Policy Rule Match> 
- A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced.
- PreconfiguredWaf List<GetConfigs Security Policy Rule Preconfigured Waf Config> 
- Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
- Preview bool
- When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.
- Priority int
- An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.
- RateLimit List<GetOptions Security Policy Rule Rate Limit Option> 
- Rate limit threshold for this security policy. Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
- RedirectOptions List<GetSecurity Policy Rule Redirect Option> 
- Parameters defining the redirect action. Cannot be specified for any other actions.
- Action string
- Action to take when match matches the request.
- Description string
- An optional description of this rule. Max size is 64.
- HeaderActions []GetSecurity Policy Rule Header Action 
- Additional actions that are performed on headers.
- Matches
[]GetSecurity Policy Rule Match 
- A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced.
- PreconfiguredWaf []GetConfigs Security Policy Rule Preconfigured Waf Config 
- Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
- Preview bool
- When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.
- Priority int
- An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.
- RateLimit []GetOptions Security Policy Rule Rate Limit Option 
- Rate limit threshold for this security policy. Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
- RedirectOptions []GetSecurity Policy Rule Redirect Option 
- Parameters defining the redirect action. Cannot be specified for any other actions.
- action String
- Action to take when match matches the request.
- description String
- An optional description of this rule. Max size is 64.
- headerActions List<GetSecurity Policy Rule Header Action> 
- Additional actions that are performed on headers.
- matches
List<GetSecurity Policy Rule Match> 
- A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced.
- preconfiguredWaf List<GetConfigs Security Policy Rule Preconfigured Waf Config> 
- Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
- preview Boolean
- When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.
- priority Integer
- An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.
- rateLimit List<GetOptions Security Policy Rule Rate Limit Option> 
- Rate limit threshold for this security policy. Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
- redirectOptions List<GetSecurity Policy Rule Redirect Option> 
- Parameters defining the redirect action. Cannot be specified for any other actions.
- action string
- Action to take when match matches the request.
- description string
- An optional description of this rule. Max size is 64.
- headerActions GetSecurity Policy Rule Header Action[] 
- Additional actions that are performed on headers.
- matches
GetSecurity Policy Rule Match[] 
- A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced.
- preconfiguredWaf GetConfigs Security Policy Rule Preconfigured Waf Config[] 
- Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
- preview boolean
- When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.
- priority number
- An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.
- rateLimit GetOptions Security Policy Rule Rate Limit Option[] 
- Rate limit threshold for this security policy. Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
- redirectOptions GetSecurity Policy Rule Redirect Option[] 
- Parameters defining the redirect action. Cannot be specified for any other actions.
- action str
- Action to take when match matches the request.
- description str
- An optional description of this rule. Max size is 64.
- header_actions Sequence[GetSecurity Policy Rule Header Action] 
- Additional actions that are performed on headers.
- matches
Sequence[GetSecurity Policy Rule Match] 
- A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced.
- preconfigured_waf_ Sequence[Getconfigs Security Policy Rule Preconfigured Waf Config] 
- Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
- preview bool
- When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.
- priority int
- An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.
- rate_limit_ Sequence[Getoptions Security Policy Rule Rate Limit Option] 
- Rate limit threshold for this security policy. Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
- redirect_options Sequence[GetSecurity Policy Rule Redirect Option] 
- Parameters defining the redirect action. Cannot be specified for any other actions.
- action String
- Action to take when match matches the request.
- description String
- An optional description of this rule. Max size is 64.
- headerActions List<Property Map>
- Additional actions that are performed on headers.
- matches List<Property Map>
- A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced.
- preconfiguredWaf List<Property Map>Configs 
- Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
- preview Boolean
- When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.
- priority Number
- An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.
- rateLimit List<Property Map>Options 
- Rate limit threshold for this security policy. Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
- redirectOptions List<Property Map>
- Parameters defining the redirect action. Cannot be specified for any other actions.
GetSecurityPolicyRuleHeaderAction     
- RequestHeaders List<GetTo Adds Security Policy Rule Header Action Request Headers To Add> 
- The list of request headers to add or overwrite if they're already present.
- RequestHeaders []GetTo Adds Security Policy Rule Header Action Request Headers To Add 
- The list of request headers to add or overwrite if they're already present.
- requestHeaders List<GetTo Adds Security Policy Rule Header Action Request Headers To Add> 
- The list of request headers to add or overwrite if they're already present.
- requestHeaders GetTo Adds Security Policy Rule Header Action Request Headers To Add[] 
- The list of request headers to add or overwrite if they're already present.
- request_headers_ Sequence[Getto_ adds Security Policy Rule Header Action Request Headers To Add] 
- The list of request headers to add or overwrite if they're already present.
- requestHeaders List<Property Map>To Adds 
- The list of request headers to add or overwrite if they're already present.
GetSecurityPolicyRuleHeaderActionRequestHeadersToAdd         
- HeaderName string
- The name of the header to set.
- HeaderValue string
- The value to set the named header to.
- HeaderName string
- The name of the header to set.
- HeaderValue string
- The value to set the named header to.
- headerName String
- The name of the header to set.
- headerValue String
- The value to set the named header to.
- headerName string
- The name of the header to set.
- headerValue string
- The value to set the named header to.
- header_name str
- The name of the header to set.
- header_value str
- The value to set the named header to.
- headerName String
- The name of the header to set.
- headerValue String
- The value to set the named header to.
GetSecurityPolicyRuleMatch    
- Configs
List<GetSecurity Policy Rule Match Config> 
- The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.
- ExprOptions List<GetSecurity Policy Rule Match Expr Option> 
- The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').
- Exprs
List<GetSecurity Policy Rule Match Expr> 
- User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
- VersionedExpr string
- Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.
- Configs
[]GetSecurity Policy Rule Match Config 
- The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.
- ExprOptions []GetSecurity Policy Rule Match Expr Option 
- The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').
- Exprs
[]GetSecurity Policy Rule Match Expr 
- User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
- VersionedExpr string
- Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.
- configs
List<GetSecurity Policy Rule Match Config> 
- The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.
- exprOptions List<GetSecurity Policy Rule Match Expr Option> 
- The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').
- exprs
List<GetSecurity Policy Rule Match Expr> 
- User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
- versionedExpr String
- Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.
- configs
GetSecurity Policy Rule Match Config[] 
- The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.
- exprOptions GetSecurity Policy Rule Match Expr Option[] 
- The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').
- exprs
GetSecurity Policy Rule Match Expr[] 
- User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
- versionedExpr string
- Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.
- configs
Sequence[GetSecurity Policy Rule Match Config] 
- The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.
- expr_options Sequence[GetSecurity Policy Rule Match Expr Option] 
- The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').
- exprs
Sequence[GetSecurity Policy Rule Match Expr] 
- User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
- versioned_expr str
- Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.
- configs List<Property Map>
- The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.
- exprOptions List<Property Map>
- The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').
- exprs List<Property Map>
- User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
- versionedExpr String
- Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.
GetSecurityPolicyRuleMatchConfig     
- SrcIp List<string>Ranges 
- Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior).
- SrcIp []stringRanges 
- Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior).
- srcIp List<String>Ranges 
- Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior).
- srcIp string[]Ranges 
- Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior).
- src_ip_ Sequence[str]ranges 
- Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior).
- srcIp List<String>Ranges 
- Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior).
GetSecurityPolicyRuleMatchExpr     
- Expression string
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- Expression string
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- expression String
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- expression string
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- expression str
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- expression String
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
GetSecurityPolicyRuleMatchExprOption      
- RecaptchaOptions List<GetSecurity Policy Rule Match Expr Option Recaptcha Option> 
- reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.
- RecaptchaOptions []GetSecurity Policy Rule Match Expr Option Recaptcha Option 
- reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.
- recaptchaOptions List<GetSecurity Policy Rule Match Expr Option Recaptcha Option> 
- reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.
- recaptchaOptions GetSecurity Policy Rule Match Expr Option Recaptcha Option[] 
- reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.
- recaptcha_options Sequence[GetSecurity Policy Rule Match Expr Option Recaptcha Option] 
- reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.
- recaptchaOptions List<Property Map>
- reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.
GetSecurityPolicyRuleMatchExprOptionRecaptchaOption        
- ActionToken List<string>Site Keys 
- A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created
- SessionToken List<string>Site Keys 
- A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.
- ActionToken []stringSite Keys 
- A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created
- SessionToken []stringSite Keys 
- A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.
- actionToken List<String>Site Keys 
- A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created
- sessionToken List<String>Site Keys 
- A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.
- actionToken string[]Site Keys 
- A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created
- sessionToken string[]Site Keys 
- A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.
- action_token_ Sequence[str]site_ keys 
- A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created
- session_token_ Sequence[str]site_ keys 
- A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.
- actionToken List<String>Site Keys 
- A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created
- sessionToken List<String>Site Keys 
- A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.
GetSecurityPolicyRulePreconfiguredWafConfig      
- Exclusions
List<GetSecurity Policy Rule Preconfigured Waf Config Exclusion> 
- An exclusion to apply during preconfigured WAF evaluation.
- Exclusions
[]GetSecurity Policy Rule Preconfigured Waf Config Exclusion 
- An exclusion to apply during preconfigured WAF evaluation.
- exclusions
List<GetSecurity Policy Rule Preconfigured Waf Config Exclusion> 
- An exclusion to apply during preconfigured WAF evaluation.
- exclusions
GetSecurity Policy Rule Preconfigured Waf Config Exclusion[] 
- An exclusion to apply during preconfigured WAF evaluation.
- exclusions
Sequence[GetSecurity Policy Rule Preconfigured Waf Config Exclusion] 
- An exclusion to apply during preconfigured WAF evaluation.
- exclusions List<Property Map>
- An exclusion to apply during preconfigured WAF evaluation.
GetSecurityPolicyRulePreconfiguredWafConfigExclusion       
- 
List<GetSecurity Policy Rule Preconfigured Waf Config Exclusion Request Cooky> 
- Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation.
- RequestHeaders List<GetSecurity Policy Rule Preconfigured Waf Config Exclusion Request Header> 
- Request header whose value will be excluded from inspection during preconfigured WAF evaluation.
- RequestQuery List<GetParams Security Policy Rule Preconfigured Waf Config Exclusion Request Query Param> 
- Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body.
- RequestUris List<GetSecurity Policy Rule Preconfigured Waf Config Exclusion Request Uri> 
- Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded.
- TargetRule List<string>Ids 
- A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.
- TargetRule stringSet 
- Target WAF rule set to apply the preconfigured WAF exclusion.
- 
[]GetSecurity Policy Rule Preconfigured Waf Config Exclusion Request Cooky 
- Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation.
- RequestHeaders []GetSecurity Policy Rule Preconfigured Waf Config Exclusion Request Header 
- Request header whose value will be excluded from inspection during preconfigured WAF evaluation.
- RequestQuery []GetParams Security Policy Rule Preconfigured Waf Config Exclusion Request Query Param 
- Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body.
- RequestUris []GetSecurity Policy Rule Preconfigured Waf Config Exclusion Request Uri 
- Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded.
- TargetRule []stringIds 
- A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.
- TargetRule stringSet 
- Target WAF rule set to apply the preconfigured WAF exclusion.
- 
List<GetSecurity Policy Rule Preconfigured Waf Config Exclusion Request Cooky> 
- Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation.
- requestHeaders List<GetSecurity Policy Rule Preconfigured Waf Config Exclusion Request Header> 
- Request header whose value will be excluded from inspection during preconfigured WAF evaluation.
- requestQuery List<GetParams Security Policy Rule Preconfigured Waf Config Exclusion Request Query Param> 
- Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body.
- requestUris List<GetSecurity Policy Rule Preconfigured Waf Config Exclusion Request Uri> 
- Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded.
- targetRule List<String>Ids 
- A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.
- targetRule StringSet 
- Target WAF rule set to apply the preconfigured WAF exclusion.
- 
GetSecurity Policy Rule Preconfigured Waf Config Exclusion Request Cooky[] 
- Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation.
- requestHeaders GetSecurity Policy Rule Preconfigured Waf Config Exclusion Request Header[] 
- Request header whose value will be excluded from inspection during preconfigured WAF evaluation.
- requestQuery GetParams Security Policy Rule Preconfigured Waf Config Exclusion Request Query Param[] 
- Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body.
- requestUris GetSecurity Policy Rule Preconfigured Waf Config Exclusion Request Uri[] 
- Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded.
- targetRule string[]Ids 
- A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.
- targetRule stringSet 
- Target WAF rule set to apply the preconfigured WAF exclusion.
- 
Sequence[GetSecurity Policy Rule Preconfigured Waf Config Exclusion Request Cooky] 
- Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation.
- request_headers Sequence[GetSecurity Policy Rule Preconfigured Waf Config Exclusion Request Header] 
- Request header whose value will be excluded from inspection during preconfigured WAF evaluation.
- request_query_ Sequence[Getparams Security Policy Rule Preconfigured Waf Config Exclusion Request Query Param] 
- Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body.
- request_uris Sequence[GetSecurity Policy Rule Preconfigured Waf Config Exclusion Request Uri] 
- Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded.
- target_rule_ Sequence[str]ids 
- A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.
- target_rule_ strset 
- Target WAF rule set to apply the preconfigured WAF exclusion.
- List<Property Map>
- Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation.
- requestHeaders List<Property Map>
- Request header whose value will be excluded from inspection during preconfigured WAF evaluation.
- requestQuery List<Property Map>Params 
- Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body.
- requestUris List<Property Map>
- Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded.
- targetRule List<String>Ids 
- A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.
- targetRule StringSet 
- Target WAF rule set to apply the preconfigured WAF exclusion.
GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCooky         
- Operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- Value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- Operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- Value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator String
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value String
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator str
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value str
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator String
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value String
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader         
- Operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- Value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- Operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- Value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator String
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value String
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator str
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value str
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator String
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value String
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam          
- Operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- Value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- Operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- Value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator String
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value String
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator str
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value str
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator String
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value String
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri         
- Operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- Value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- Operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- Value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator String
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value String
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator str
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value str
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator String
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value String
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
GetSecurityPolicyRuleRateLimitOption      
- BanDuration intSec 
- Can only be specified if the action for the rule is "rate_based_ban". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.
- BanThresholds List<GetSecurity Policy Rule Rate Limit Option Ban Threshold> 
- Can only be specified if the action for the rule is "rate_based_ban". If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.
- ConformAction string
- Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only.
- EnforceOn stringKey 
- Determines the key to enforce the rateLimitThreshold on
- EnforceOn List<GetKey Configs Security Policy Rule Rate Limit Option Enforce On Key Config> 
- Enforce On Key Config of this security policy
- EnforceOn stringKey Name 
- Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
- ExceedAction string
- Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are "deny()" where valid values for status are 403, 404, 429, and 502, and "redirect" where the redirect parameters come from exceedRedirectOptions below.
- ExceedRedirect List<GetOptions Security Policy Rule Rate Limit Option Exceed Redirect Option> 
- Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.
- RateLimit List<GetThresholds Security Policy Rule Rate Limit Option Rate Limit Threshold> 
- Threshold at which to begin ratelimiting.
- BanDuration intSec 
- Can only be specified if the action for the rule is "rate_based_ban". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.
- BanThresholds []GetSecurity Policy Rule Rate Limit Option Ban Threshold 
- Can only be specified if the action for the rule is "rate_based_ban". If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.
- ConformAction string
- Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only.
- EnforceOn stringKey 
- Determines the key to enforce the rateLimitThreshold on
- EnforceOn []GetKey Configs Security Policy Rule Rate Limit Option Enforce On Key Config 
- Enforce On Key Config of this security policy
- EnforceOn stringKey Name 
- Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
- ExceedAction string
- Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are "deny()" where valid values for status are 403, 404, 429, and 502, and "redirect" where the redirect parameters come from exceedRedirectOptions below.
- ExceedRedirect []GetOptions Security Policy Rule Rate Limit Option Exceed Redirect Option 
- Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.
- RateLimit []GetThresholds Security Policy Rule Rate Limit Option Rate Limit Threshold 
- Threshold at which to begin ratelimiting.
- banDuration IntegerSec 
- Can only be specified if the action for the rule is "rate_based_ban". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.
- banThresholds List<GetSecurity Policy Rule Rate Limit Option Ban Threshold> 
- Can only be specified if the action for the rule is "rate_based_ban". If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.
- conformAction String
- Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only.
- enforceOn StringKey 
- Determines the key to enforce the rateLimitThreshold on
- enforceOn List<GetKey Configs Security Policy Rule Rate Limit Option Enforce On Key Config> 
- Enforce On Key Config of this security policy
- enforceOn StringKey Name 
- Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
- exceedAction String
- Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are "deny()" where valid values for status are 403, 404, 429, and 502, and "redirect" where the redirect parameters come from exceedRedirectOptions below.
- exceedRedirect List<GetOptions Security Policy Rule Rate Limit Option Exceed Redirect Option> 
- Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.
- rateLimit List<GetThresholds Security Policy Rule Rate Limit Option Rate Limit Threshold> 
- Threshold at which to begin ratelimiting.
- banDuration numberSec 
- Can only be specified if the action for the rule is "rate_based_ban". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.
- banThresholds GetSecurity Policy Rule Rate Limit Option Ban Threshold[] 
- Can only be specified if the action for the rule is "rate_based_ban". If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.
- conformAction string
- Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only.
- enforceOn stringKey 
- Determines the key to enforce the rateLimitThreshold on
- enforceOn GetKey Configs Security Policy Rule Rate Limit Option Enforce On Key Config[] 
- Enforce On Key Config of this security policy
- enforceOn stringKey Name 
- Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
- exceedAction string
- Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are "deny()" where valid values for status are 403, 404, 429, and 502, and "redirect" where the redirect parameters come from exceedRedirectOptions below.
- exceedRedirect GetOptions Security Policy Rule Rate Limit Option Exceed Redirect Option[] 
- Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.
- rateLimit GetThresholds Security Policy Rule Rate Limit Option Rate Limit Threshold[] 
- Threshold at which to begin ratelimiting.
- ban_duration_ intsec 
- Can only be specified if the action for the rule is "rate_based_ban". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.
- ban_thresholds Sequence[GetSecurity Policy Rule Rate Limit Option Ban Threshold] 
- Can only be specified if the action for the rule is "rate_based_ban". If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.
- conform_action str
- Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only.
- enforce_on_ strkey 
- Determines the key to enforce the rateLimitThreshold on
- enforce_on_ Sequence[Getkey_ configs Security Policy Rule Rate Limit Option Enforce On Key Config] 
- Enforce On Key Config of this security policy
- enforce_on_ strkey_ name 
- Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
- exceed_action str
- Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are "deny()" where valid values for status are 403, 404, 429, and 502, and "redirect" where the redirect parameters come from exceedRedirectOptions below.
- exceed_redirect_ Sequence[Getoptions Security Policy Rule Rate Limit Option Exceed Redirect Option] 
- Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.
- rate_limit_ Sequence[Getthresholds Security Policy Rule Rate Limit Option Rate Limit Threshold] 
- Threshold at which to begin ratelimiting.
- banDuration NumberSec 
- Can only be specified if the action for the rule is "rate_based_ban". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.
- banThresholds List<Property Map>
- Can only be specified if the action for the rule is "rate_based_ban". If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.
- conformAction String
- Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only.
- enforceOn StringKey 
- Determines the key to enforce the rateLimitThreshold on
- enforceOn List<Property Map>Key Configs 
- Enforce On Key Config of this security policy
- enforceOn StringKey Name 
- Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
- exceedAction String
- Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are "deny()" where valid values for status are 403, 404, 429, and 502, and "redirect" where the redirect parameters come from exceedRedirectOptions below.
- exceedRedirect List<Property Map>Options 
- Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.
- rateLimit List<Property Map>Thresholds 
- Threshold at which to begin ratelimiting.
GetSecurityPolicyRuleRateLimitOptionBanThreshold        
- Count int
- Number of HTTP(S) requests for calculating the threshold.
- IntervalSec int
- Interval over which the threshold is computed.
- Count int
- Number of HTTP(S) requests for calculating the threshold.
- IntervalSec int
- Interval over which the threshold is computed.
- count Integer
- Number of HTTP(S) requests for calculating the threshold.
- intervalSec Integer
- Interval over which the threshold is computed.
- count number
- Number of HTTP(S) requests for calculating the threshold.
- intervalSec number
- Interval over which the threshold is computed.
- count int
- Number of HTTP(S) requests for calculating the threshold.
- interval_sec int
- Interval over which the threshold is computed.
- count Number
- Number of HTTP(S) requests for calculating the threshold.
- intervalSec Number
- Interval over which the threshold is computed.
GetSecurityPolicyRuleRateLimitOptionEnforceOnKeyConfig          
- EnforceOn stringKey Name 
- Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
- EnforceOn stringKey Type 
- Determines the key to enforce the rate_limit_threshold on
- EnforceOn stringKey Name 
- Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
- EnforceOn stringKey Type 
- Determines the key to enforce the rate_limit_threshold on
- enforceOn StringKey Name 
- Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
- enforceOn StringKey Type 
- Determines the key to enforce the rate_limit_threshold on
- enforceOn stringKey Name 
- Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
- enforceOn stringKey Type 
- Determines the key to enforce the rate_limit_threshold on
- enforce_on_ strkey_ name 
- Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
- enforce_on_ strkey_ type 
- Determines the key to enforce the rate_limit_threshold on
- enforceOn StringKey Name 
- Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
- enforceOn StringKey Type 
- Determines the key to enforce the rate_limit_threshold on
GetSecurityPolicyRuleRateLimitOptionExceedRedirectOption         
GetSecurityPolicyRuleRateLimitOptionRateLimitThreshold         
- Count int
- Number of HTTP(S) requests for calculating the threshold.
- IntervalSec int
- Interval over which the threshold is computed.
- Count int
- Number of HTTP(S) requests for calculating the threshold.
- IntervalSec int
- Interval over which the threshold is computed.
- count Integer
- Number of HTTP(S) requests for calculating the threshold.
- intervalSec Integer
- Interval over which the threshold is computed.
- count number
- Number of HTTP(S) requests for calculating the threshold.
- intervalSec number
- Interval over which the threshold is computed.
- count int
- Number of HTTP(S) requests for calculating the threshold.
- interval_sec int
- Interval over which the threshold is computed.
- count Number
- Number of HTTP(S) requests for calculating the threshold.
- intervalSec Number
- Interval over which the threshold is computed.
GetSecurityPolicyRuleRedirectOption     
- Target string
- Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.
- Type string
- Type of the redirect action. Available options: EXTERNAL_302: Must specify the corresponding target field in config. GOOGLE_RECAPTCHA: Cannot specify target field in config.
- Target string
- Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.
- Type string
- Type of the redirect action. Available options: EXTERNAL_302: Must specify the corresponding target field in config. GOOGLE_RECAPTCHA: Cannot specify target field in config.
- target String
- Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.
- type String
- Type of the redirect action. Available options: EXTERNAL_302: Must specify the corresponding target field in config. GOOGLE_RECAPTCHA: Cannot specify target field in config.
- target string
- Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.
- type string
- Type of the redirect action. Available options: EXTERNAL_302: Must specify the corresponding target field in config. GOOGLE_RECAPTCHA: Cannot specify target field in config.
- target str
- Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.
- type str
- Type of the redirect action. Available options: EXTERNAL_302: Must specify the corresponding target field in config. GOOGLE_RECAPTCHA: Cannot specify target field in config.
- target String
- Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.
- type String
- Type of the redirect action. Available options: EXTERNAL_302: Must specify the corresponding target field in config. GOOGLE_RECAPTCHA: Cannot specify target field in config.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the google-betaTerraform Provider.