Google Cloud v8.25.0, Apr 3 25

Google Cloud v8.25.0 published on Thursday, Apr 3, 2025 by Pulumi

gcp.compute.getSecurityPolicy

Explore with Pulumi AI

Google Cloud v8.25.0 published on Thursday, Apr 3, 2025 by Pulumi

Example Usage

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const sp1 = gcp.compute.getSecurityPolicy({
    name: "my-policy",
    project: "my-project",
});
const sp2 = gcp.compute.getSecurityPolicy({
    selfLink: "https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy",
});

import pulumi
import pulumi_gcp as gcp

sp1 = gcp.compute.get_security_policy(name="my-policy",
    project="my-project")
sp2 = gcp.compute.get_security_policy(self_link="https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy")

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := compute.LookupSecurityPolicy(ctx, &compute.LookupSecurityPolicyArgs{
			Name:    pulumi.StringRef("my-policy"),
			Project: pulumi.StringRef("my-project"),
		}, nil)
		if err != nil {
			return err
		}
		_, err = compute.LookupSecurityPolicy(ctx, &compute.LookupSecurityPolicyArgs{
			SelfLink: pulumi.StringRef("https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var sp1 = Gcp.Compute.GetSecurityPolicy.Invoke(new()
    {
        Name = "my-policy",
        Project = "my-project",
    });

    var sp2 = Gcp.Compute.GetSecurityPolicy.Invoke(new()
    {
        SelfLink = "https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.ComputeFunctions;
import com.pulumi.gcp.compute.inputs.GetSecurityPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var sp1 = ComputeFunctions.getSecurityPolicy(GetSecurityPolicyArgs.builder()
            .name("my-policy")
            .project("my-project")
            .build());

        final var sp2 = ComputeFunctions.getSecurityPolicy(GetSecurityPolicyArgs.builder()
            .selfLink("https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy")
            .build());

    }
}

variables:
  sp1:
    fn::invoke:
      function: gcp:compute:getSecurityPolicy
      arguments:
        name: my-policy
        project: my-project
  sp2:
    fn::invoke:
      function: gcp:compute:getSecurityPolicy
      arguments:
        selfLink: https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy

Using getSecurityPolicy

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

TypeScript
Python
Go
C#
Java
YAML

function getSecurityPolicy(args: GetSecurityPolicyArgs, opts?: InvokeOptions): Promise<GetSecurityPolicyResult>
function getSecurityPolicyOutput(args: GetSecurityPolicyOutputArgs, opts?: InvokeOptions): Output<GetSecurityPolicyResult>

def get_security_policy(name: Optional[str] = None,
                        project: Optional[str] = None,
                        self_link: Optional[str] = None,
                        opts: Optional[InvokeOptions] = None) -> GetSecurityPolicyResult
def get_security_policy_output(name: Optional[pulumi.Input[str]] = None,
                        project: Optional[pulumi.Input[str]] = None,
                        self_link: Optional[pulumi.Input[str]] = None,
                        opts: Optional[InvokeOptions] = None) -> Output[GetSecurityPolicyResult]

func LookupSecurityPolicy(ctx *Context, args *LookupSecurityPolicyArgs, opts ...InvokeOption) (*LookupSecurityPolicyResult, error)
func LookupSecurityPolicyOutput(ctx *Context, args *LookupSecurityPolicyOutputArgs, opts ...InvokeOption) LookupSecurityPolicyResultOutput

> Note: This function is named LookupSecurityPolicy in the Go SDK.

public static class GetSecurityPolicy 
{
    public static Task<GetSecurityPolicyResult> InvokeAsync(GetSecurityPolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetSecurityPolicyResult> Invoke(GetSecurityPolicyInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetSecurityPolicyResult> getSecurityPolicy(GetSecurityPolicyArgs args, InvokeOptions options)
public static Output<GetSecurityPolicyResult> getSecurityPolicy(GetSecurityPolicyArgs args, InvokeOptions options)

fn::invoke:
  function: gcp:compute/getSecurityPolicy:getSecurityPolicy
  arguments:
    # arguments dictionary

The following arguments are supported:

Name string: The name of the security policy. Provide either this or a self_link.
Project string: The project in which the resource belongs. If it is not provided, the provider project is used.
SelfLink string: The self_link of the security policy. Provide either this or a name

Name string: The name of the security policy. Provide either this or a self_link.
Project string: The project in which the resource belongs. If it is not provided, the provider project is used.
SelfLink string: The self_link of the security policy. Provide either this or a name

name String: The name of the security policy. Provide either this or a self_link.
project String: The project in which the resource belongs. If it is not provided, the provider project is used.
selfLink String: The self_link of the security policy. Provide either this or a name

name string: The name of the security policy. Provide either this or a self_link.
project string: The project in which the resource belongs. If it is not provided, the provider project is used.
selfLink string: The self_link of the security policy. Provide either this or a name

name str: The name of the security policy. Provide either this or a self_link.
project str: The project in which the resource belongs. If it is not provided, the provider project is used.
self_link str: The self_link of the security policy. Provide either this or a name

name String: The name of the security policy. Provide either this or a self_link.
project String: The project in which the resource belongs. If it is not provided, the provider project is used.
selfLink String: The self_link of the security policy. Provide either this or a name

getSecurityPolicy Result

The following output properties are available:

AdaptiveProtectionConfigs List<GetSecurityPolicyAdaptiveProtectionConfig>
AdvancedOptionsConfigs List<GetSecurityPolicyAdvancedOptionsConfig>
Description string
Fingerprint string
Id string: The provider-assigned unique ID for this managed resource.
RecaptchaOptionsConfigs List<GetSecurityPolicyRecaptchaOptionsConfig>
Rules List<GetSecurityPolicyRule>
Type string
Name string
Project string
SelfLink string

AdaptiveProtectionConfigs []GetSecurityPolicyAdaptiveProtectionConfig
AdvancedOptionsConfigs []GetSecurityPolicyAdvancedOptionsConfig
Description string
Fingerprint string
Id string: The provider-assigned unique ID for this managed resource.
RecaptchaOptionsConfigs []GetSecurityPolicyRecaptchaOptionsConfig
Rules []GetSecurityPolicyRuleType
Type string
Name string
Project string
SelfLink string

adaptiveProtectionConfigs List<GetSecurityPolicyAdaptiveProtectionConfig>
advancedOptionsConfigs List<GetSecurityPolicyAdvancedOptionsConfig>
description String
fingerprint String
id String: The provider-assigned unique ID for this managed resource.
recaptchaOptionsConfigs List<GetSecurityPolicyRecaptchaOptionsConfig>
rules List<GetSecurityPolicyRule>
type String
name String
project String
selfLink String

adaptiveProtectionConfigs GetSecurityPolicyAdaptiveProtectionConfig[]
advancedOptionsConfigs GetSecurityPolicyAdvancedOptionsConfig[]
description string
fingerprint string
id string: The provider-assigned unique ID for this managed resource.
recaptchaOptionsConfigs GetSecurityPolicyRecaptchaOptionsConfig[]
rules GetSecurityPolicyRule[]
type string
name string
project string
selfLink string

adaptive_protection_configs Sequence[GetSecurityPolicyAdaptiveProtectionConfig]
advanced_options_configs Sequence[GetSecurityPolicyAdvancedOptionsConfig]
description str
fingerprint str
id str: The provider-assigned unique ID for this managed resource.
recaptcha_options_configs Sequence[GetSecurityPolicyRecaptchaOptionsConfig]
rules Sequence[GetSecurityPolicyRule]
type str
name str
project str
self_link str

adaptiveProtectionConfigs List<Property Map>
advancedOptionsConfigs List<Property Map>
description String
fingerprint String
id String: The provider-assigned unique ID for this managed resource.
recaptchaOptionsConfigs List<Property Map>
rules List<Property Map>
type String
name String
project String
selfLink String

Supporting Types

GetSecurityPolicyAdaptiveProtectionConfig

AutoDeployConfigs List<GetSecurityPolicyAdaptiveProtectionConfigAutoDeployConfig>: Auto Deploy Config of this security policy
Layer7DdosDefenseConfigs List<GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig>: Layer 7 DDoS Defense Config of this security policy

AutoDeployConfigs []GetSecurityPolicyAdaptiveProtectionConfigAutoDeployConfig: Auto Deploy Config of this security policy
Layer7DdosDefenseConfigs []GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig: Layer 7 DDoS Defense Config of this security policy

autoDeployConfigs List<GetSecurityPolicyAdaptiveProtectionConfigAutoDeployConfig>: Auto Deploy Config of this security policy
layer7DdosDefenseConfigs List<GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig>: Layer 7 DDoS Defense Config of this security policy

autoDeployConfigs GetSecurityPolicyAdaptiveProtectionConfigAutoDeployConfig[]: Auto Deploy Config of this security policy
layer7DdosDefenseConfigs GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig[]: Layer 7 DDoS Defense Config of this security policy

auto_deploy_configs Sequence[GetSecurityPolicyAdaptiveProtectionConfigAutoDeployConfig]: Auto Deploy Config of this security policy
layer7_ddos_defense_configs Sequence[GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig]: Layer 7 DDoS Defense Config of this security policy

autoDeployConfigs List<Property Map>: Auto Deploy Config of this security policy
layer7DdosDefenseConfigs List<Property Map>: Layer 7 DDoS Defense Config of this security policy

GetSecurityPolicyAdaptiveProtectionConfigAutoDeployConfig

ConfidenceThreshold double: Rules are only automatically deployed for alerts on potential attacks with confidence scores greater than this threshold.
ExpirationSec int: Google Cloud Armor stops applying the action in the automatically deployed rule to an identified attacker after this duration. The rule continues to operate against new requests.
ImpactedBaselineThreshold double: Rules are only automatically deployed when the estimated impact to baseline traffic from the suggested mitigation is below this threshold.
LoadThreshold double: Identifies new attackers only when the load to the backend service that is under attack exceeds this threshold.

ConfidenceThreshold float64: Rules are only automatically deployed for alerts on potential attacks with confidence scores greater than this threshold.
ExpirationSec int: Google Cloud Armor stops applying the action in the automatically deployed rule to an identified attacker after this duration. The rule continues to operate against new requests.
ImpactedBaselineThreshold float64: Rules are only automatically deployed when the estimated impact to baseline traffic from the suggested mitigation is below this threshold.
LoadThreshold float64: Identifies new attackers only when the load to the backend service that is under attack exceeds this threshold.

confidenceThreshold Double: Rules are only automatically deployed for alerts on potential attacks with confidence scores greater than this threshold.
expirationSec Integer: Google Cloud Armor stops applying the action in the automatically deployed rule to an identified attacker after this duration. The rule continues to operate against new requests.
impactedBaselineThreshold Double: Rules are only automatically deployed when the estimated impact to baseline traffic from the suggested mitigation is below this threshold.
loadThreshold Double: Identifies new attackers only when the load to the backend service that is under attack exceeds this threshold.

confidenceThreshold number: Rules are only automatically deployed for alerts on potential attacks with confidence scores greater than this threshold.
expirationSec number: Google Cloud Armor stops applying the action in the automatically deployed rule to an identified attacker after this duration. The rule continues to operate against new requests.
impactedBaselineThreshold number: Rules are only automatically deployed when the estimated impact to baseline traffic from the suggested mitigation is below this threshold.
loadThreshold number: Identifies new attackers only when the load to the backend service that is under attack exceeds this threshold.

confidence_threshold float: Rules are only automatically deployed for alerts on potential attacks with confidence scores greater than this threshold.
expiration_sec int: Google Cloud Armor stops applying the action in the automatically deployed rule to an identified attacker after this duration. The rule continues to operate against new requests.
impacted_baseline_threshold float: Rules are only automatically deployed when the estimated impact to baseline traffic from the suggested mitigation is below this threshold.
load_threshold float: Identifies new attackers only when the load to the backend service that is under attack exceeds this threshold.

confidenceThreshold Number: Rules are only automatically deployed for alerts on potential attacks with confidence scores greater than this threshold.
expirationSec Number: Google Cloud Armor stops applying the action in the automatically deployed rule to an identified attacker after this duration. The rule continues to operate against new requests.
impactedBaselineThreshold Number: Rules are only automatically deployed when the estimated impact to baseline traffic from the suggested mitigation is below this threshold.
loadThreshold Number: Identifies new attackers only when the load to the backend service that is under attack exceeds this threshold.

GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig

Enable bool: If set to true, enables CAAP for L7 DDoS detection.
RuleVisibility string: Rule visibility. Supported values include: "STANDARD", "PREMIUM".
ThresholdConfigs List<GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfig>: Configuration options for layer7 adaptive protection for various customizable thresholds.

Enable bool: If set to true, enables CAAP for L7 DDoS detection.
RuleVisibility string: Rule visibility. Supported values include: "STANDARD", "PREMIUM".
ThresholdConfigs []GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfig: Configuration options for layer7 adaptive protection for various customizable thresholds.

enable Boolean: If set to true, enables CAAP for L7 DDoS detection.
ruleVisibility String: Rule visibility. Supported values include: "STANDARD", "PREMIUM".
thresholdConfigs List<GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfig>: Configuration options for layer7 adaptive protection for various customizable thresholds.

enable boolean: If set to true, enables CAAP for L7 DDoS detection.
ruleVisibility string: Rule visibility. Supported values include: "STANDARD", "PREMIUM".
thresholdConfigs GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfig[]: Configuration options for layer7 adaptive protection for various customizable thresholds.

enable bool: If set to true, enables CAAP for L7 DDoS detection.
rule_visibility str: Rule visibility. Supported values include: "STANDARD", "PREMIUM".
threshold_configs Sequence[GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfig]: Configuration options for layer7 adaptive protection for various customizable thresholds.

enable Boolean: If set to true, enables CAAP for L7 DDoS detection.
ruleVisibility String: Rule visibility. Supported values include: "STANDARD", "PREMIUM".
thresholdConfigs List<Property Map>: Configuration options for layer7 adaptive protection for various customizable thresholds.

GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfig

AutoDeployConfidenceThreshold double
AutoDeployExpirationSec int
AutoDeployImpactedBaselineThreshold double
AutoDeployLoadThreshold double
DetectionAbsoluteQps double
DetectionLoadThreshold double
DetectionRelativeToBaselineQps double
Name string: The name of the security policy. Provide either this or a self_link.
TrafficGranularityConfigs List<GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfigTrafficGranularityConfig>

AutoDeployConfidenceThreshold float64
AutoDeployExpirationSec int
AutoDeployImpactedBaselineThreshold float64
AutoDeployLoadThreshold float64
DetectionAbsoluteQps float64
DetectionLoadThreshold float64
DetectionRelativeToBaselineQps float64
Name string: The name of the security policy. Provide either this or a self_link.
TrafficGranularityConfigs []GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfigTrafficGranularityConfig

autoDeployConfidenceThreshold Double
autoDeployExpirationSec Integer
autoDeployImpactedBaselineThreshold Double
autoDeployLoadThreshold Double
detectionAbsoluteQps Double
detectionLoadThreshold Double
detectionRelativeToBaselineQps Double
name String: The name of the security policy. Provide either this or a self_link.
trafficGranularityConfigs List<GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfigTrafficGranularityConfig>

autoDeployConfidenceThreshold number
autoDeployExpirationSec number
autoDeployImpactedBaselineThreshold number
autoDeployLoadThreshold number
detectionAbsoluteQps number
detectionLoadThreshold number
detectionRelativeToBaselineQps number
name string: The name of the security policy. Provide either this or a self_link.
trafficGranularityConfigs GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfigTrafficGranularityConfig[]

auto_deploy_confidence_threshold float
auto_deploy_expiration_sec int
auto_deploy_impacted_baseline_threshold float
auto_deploy_load_threshold float
detection_absolute_qps float
detection_load_threshold float
detection_relative_to_baseline_qps float
name str: The name of the security policy. Provide either this or a self_link.
traffic_granularity_configs Sequence[GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfigTrafficGranularityConfig]

autoDeployConfidenceThreshold Number
autoDeployExpirationSec Number
autoDeployImpactedBaselineThreshold Number
autoDeployLoadThreshold Number
detectionAbsoluteQps Number
detectionLoadThreshold Number
detectionRelativeToBaselineQps Number
name String: The name of the security policy. Provide either this or a self_link.
trafficGranularityConfigs List<Property Map>

GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfigTrafficGranularityConfig

EnableEachUniqueValue bool: If enabled, traffic matching each unique value for the specified type constitutes a separate traffic unit. It can only be set to true if value is empty.
Type string: Type of this configuration.
Value string: Requests that match this value constitute a granular traffic unit.

EnableEachUniqueValue bool: If enabled, traffic matching each unique value for the specified type constitutes a separate traffic unit. It can only be set to true if value is empty.
Type string: Type of this configuration.
Value string: Requests that match this value constitute a granular traffic unit.

enableEachUniqueValue Boolean: If enabled, traffic matching each unique value for the specified type constitutes a separate traffic unit. It can only be set to true if value is empty.
type String: Type of this configuration.
value String: Requests that match this value constitute a granular traffic unit.

enableEachUniqueValue boolean: If enabled, traffic matching each unique value for the specified type constitutes a separate traffic unit. It can only be set to true if value is empty.
type string: Type of this configuration.
value string: Requests that match this value constitute a granular traffic unit.

enable_each_unique_value bool: If enabled, traffic matching each unique value for the specified type constitutes a separate traffic unit. It can only be set to true if value is empty.
type str: Type of this configuration.
value str: Requests that match this value constitute a granular traffic unit.

enableEachUniqueValue Boolean: If enabled, traffic matching each unique value for the specified type constitutes a separate traffic unit. It can only be set to true if value is empty.
type String: Type of this configuration.
value String: Requests that match this value constitute a granular traffic unit.

GetSecurityPolicyAdvancedOptionsConfig

JsonCustomConfigs List<GetSecurityPolicyAdvancedOptionsConfigJsonCustomConfig>: Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.
JsonParsing string: JSON body parsing. Supported values include: "DISABLED", "STANDARD".
LogLevel string: Logging level. Supported values include: "NORMAL", "VERBOSE".
UserIpRequestHeaders List<string>: An optional list of case-insensitive request header names to use for resolving the callers client IP address.

JsonCustomConfigs []GetSecurityPolicyAdvancedOptionsConfigJsonCustomConfig: Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.
JsonParsing string: JSON body parsing. Supported values include: "DISABLED", "STANDARD".
LogLevel string: Logging level. Supported values include: "NORMAL", "VERBOSE".
UserIpRequestHeaders []string: An optional list of case-insensitive request header names to use for resolving the callers client IP address.

jsonCustomConfigs List<GetSecurityPolicyAdvancedOptionsConfigJsonCustomConfig>: Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.
jsonParsing String: JSON body parsing. Supported values include: "DISABLED", "STANDARD".
logLevel String: Logging level. Supported values include: "NORMAL", "VERBOSE".
userIpRequestHeaders List<String>: An optional list of case-insensitive request header names to use for resolving the callers client IP address.

jsonCustomConfigs GetSecurityPolicyAdvancedOptionsConfigJsonCustomConfig[]: Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.
jsonParsing string: JSON body parsing. Supported values include: "DISABLED", "STANDARD".
logLevel string: Logging level. Supported values include: "NORMAL", "VERBOSE".
userIpRequestHeaders string[]: An optional list of case-insensitive request header names to use for resolving the callers client IP address.

json_custom_configs Sequence[GetSecurityPolicyAdvancedOptionsConfigJsonCustomConfig]: Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.
json_parsing str: JSON body parsing. Supported values include: "DISABLED", "STANDARD".
log_level str: Logging level. Supported values include: "NORMAL", "VERBOSE".
user_ip_request_headers Sequence[str]: An optional list of case-insensitive request header names to use for resolving the callers client IP address.

jsonCustomConfigs List<Property Map>: Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.
jsonParsing String: JSON body parsing. Supported values include: "DISABLED", "STANDARD".
logLevel String: Logging level. Supported values include: "NORMAL", "VERBOSE".
userIpRequestHeaders List<String>: An optional list of case-insensitive request header names to use for resolving the callers client IP address.

GetSecurityPolicyAdvancedOptionsConfigJsonCustomConfig

ContentTypes List<string>: A list of custom Content-Type header values to apply the JSON parsing.

ContentTypes []string: A list of custom Content-Type header values to apply the JSON parsing.

contentTypes List<String>: A list of custom Content-Type header values to apply the JSON parsing.

contentTypes string[]: A list of custom Content-Type header values to apply the JSON parsing.

content_types Sequence[str]: A list of custom Content-Type header values to apply the JSON parsing.

contentTypes List<String>: A list of custom Content-Type header values to apply the JSON parsing.

GetSecurityPolicyRecaptchaOptionsConfig

RedirectSiteKey string: A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.

RedirectSiteKey string: A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.

redirectSiteKey String: A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.

redirectSiteKey string: A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.

redirect_site_key str: A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.

redirectSiteKey String: A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.

GetSecurityPolicyRule

Action string: Action to take when match matches the request.
Description string: An optional description of this rule. Max size is 64.
HeaderActions List<GetSecurityPolicyRuleHeaderAction>: Additional actions that are performed on headers.
Matches List<GetSecurityPolicyRuleMatch>: A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced.
PreconfiguredWafConfigs List<GetSecurityPolicyRulePreconfiguredWafConfig>: Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
Preview bool: When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.
Priority int: An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.
RateLimitOptions List<GetSecurityPolicyRuleRateLimitOption>: Rate limit threshold for this security policy. Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
RedirectOptions List<GetSecurityPolicyRuleRedirectOption>: Parameters defining the redirect action. Cannot be specified for any other actions.

Action string: Action to take when match matches the request.
Description string: An optional description of this rule. Max size is 64.
HeaderActions []GetSecurityPolicyRuleHeaderAction: Additional actions that are performed on headers.
Matches []GetSecurityPolicyRuleMatch: A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced.
PreconfiguredWafConfigs []GetSecurityPolicyRulePreconfiguredWafConfig: Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
Preview bool: When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.
Priority int: An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.
RateLimitOptions []GetSecurityPolicyRuleRateLimitOption: Rate limit threshold for this security policy. Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
RedirectOptions []GetSecurityPolicyRuleRedirectOption: Parameters defining the redirect action. Cannot be specified for any other actions.

action String: Action to take when match matches the request.
description String: An optional description of this rule. Max size is 64.
headerActions List<GetSecurityPolicyRuleHeaderAction>: Additional actions that are performed on headers.
matches List<GetSecurityPolicyRuleMatch>: A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced.
preconfiguredWafConfigs List<GetSecurityPolicyRulePreconfiguredWafConfig>: Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
preview Boolean: When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.
priority Integer: An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.
rateLimitOptions List<GetSecurityPolicyRuleRateLimitOption>: Rate limit threshold for this security policy. Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
redirectOptions List<GetSecurityPolicyRuleRedirectOption>: Parameters defining the redirect action. Cannot be specified for any other actions.

action string: Action to take when match matches the request.
description string: An optional description of this rule. Max size is 64.
headerActions GetSecurityPolicyRuleHeaderAction[]: Additional actions that are performed on headers.
matches GetSecurityPolicyRuleMatch[]: A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced.
preconfiguredWafConfigs GetSecurityPolicyRulePreconfiguredWafConfig[]: Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
preview boolean: When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.
priority number: An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.
rateLimitOptions GetSecurityPolicyRuleRateLimitOption[]: Rate limit threshold for this security policy. Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
redirectOptions GetSecurityPolicyRuleRedirectOption[]: Parameters defining the redirect action. Cannot be specified for any other actions.

action str: Action to take when match matches the request.
description str: An optional description of this rule. Max size is 64.
header_actions Sequence[GetSecurityPolicyRuleHeaderAction]: Additional actions that are performed on headers.
matches Sequence[GetSecurityPolicyRuleMatch]: A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced.
preconfigured_waf_configs Sequence[GetSecurityPolicyRulePreconfiguredWafConfig]: Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
preview bool: When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.
priority int: An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.
rate_limit_options Sequence[GetSecurityPolicyRuleRateLimitOption]: Rate limit threshold for this security policy. Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
redirect_options Sequence[GetSecurityPolicyRuleRedirectOption]: Parameters defining the redirect action. Cannot be specified for any other actions.

action String: Action to take when match matches the request.
description String: An optional description of this rule. Max size is 64.
headerActions List<Property Map>: Additional actions that are performed on headers.
matches List<Property Map>: A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced.
preconfiguredWafConfigs List<Property Map>: Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
preview Boolean: When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.
priority Number: An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.
rateLimitOptions List<Property Map>: Rate limit threshold for this security policy. Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
redirectOptions List<Property Map>: Parameters defining the redirect action. Cannot be specified for any other actions.

GetSecurityPolicyRuleHeaderAction

RequestHeadersToAdds List<GetSecurityPolicyRuleHeaderActionRequestHeadersToAdd>: The list of request headers to add or overwrite if they're already present.

RequestHeadersToAdds []GetSecurityPolicyRuleHeaderActionRequestHeadersToAdd: The list of request headers to add or overwrite if they're already present.

requestHeadersToAdds List<GetSecurityPolicyRuleHeaderActionRequestHeadersToAdd>: The list of request headers to add or overwrite if they're already present.

requestHeadersToAdds GetSecurityPolicyRuleHeaderActionRequestHeadersToAdd[]: The list of request headers to add or overwrite if they're already present.

request_headers_to_adds Sequence[GetSecurityPolicyRuleHeaderActionRequestHeadersToAdd]: The list of request headers to add or overwrite if they're already present.

requestHeadersToAdds List<Property Map>: The list of request headers to add or overwrite if they're already present.

GetSecurityPolicyRuleHeaderActionRequestHeadersToAdd

HeaderName string: The name of the header to set.
HeaderValue string: The value to set the named header to.

HeaderName string: The name of the header to set.
HeaderValue string: The value to set the named header to.

headerName String: The name of the header to set.
headerValue String: The value to set the named header to.

headerName string: The name of the header to set.
headerValue string: The value to set the named header to.

header_name str: The name of the header to set.
header_value str: The value to set the named header to.

headerName String: The name of the header to set.
headerValue String: The value to set the named header to.

GetSecurityPolicyRuleMatch

Configs List<GetSecurityPolicyRuleMatchConfig>: The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.
ExprOptions List<GetSecurityPolicyRuleMatchExprOption>: The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').
Exprs List<GetSecurityPolicyRuleMatchExpr>: User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
VersionedExpr string: Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.

Configs []GetSecurityPolicyRuleMatchConfig: The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.
ExprOptions []GetSecurityPolicyRuleMatchExprOption: The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').
Exprs []GetSecurityPolicyRuleMatchExpr: User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
VersionedExpr string: Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.

configs List<GetSecurityPolicyRuleMatchConfig>: The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.
exprOptions List<GetSecurityPolicyRuleMatchExprOption>: The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').
exprs List<GetSecurityPolicyRuleMatchExpr>: User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
versionedExpr String: Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.

configs GetSecurityPolicyRuleMatchConfig[]: The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.
exprOptions GetSecurityPolicyRuleMatchExprOption[]: The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').
exprs GetSecurityPolicyRuleMatchExpr[]: User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
versionedExpr string: Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.

configs Sequence[GetSecurityPolicyRuleMatchConfig]: The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.
expr_options Sequence[GetSecurityPolicyRuleMatchExprOption]: The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').
exprs Sequence[GetSecurityPolicyRuleMatchExpr]: User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
versioned_expr str: Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.

configs List<Property Map>: The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.
exprOptions List<Property Map>: The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').
exprs List<Property Map>: User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
versionedExpr String: Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.

GetSecurityPolicyRuleMatchConfig

SrcIpRanges List<string>: Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior).

SrcIpRanges []string: Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior).

srcIpRanges List<String>: Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior).

srcIpRanges string[]: Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior).

src_ip_ranges Sequence[str]: Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior).

srcIpRanges List<String>: Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior).

GetSecurityPolicyRuleMatchExpr

Expression string: Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.

Expression string: Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.

expression String: Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.

expression string: Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.

expression str: Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.

expression String: Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.

GetSecurityPolicyRuleMatchExprOption

RecaptchaOptions List<GetSecurityPolicyRuleMatchExprOptionRecaptchaOption>: reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.

RecaptchaOptions []GetSecurityPolicyRuleMatchExprOptionRecaptchaOption: reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.

recaptchaOptions List<GetSecurityPolicyRuleMatchExprOptionRecaptchaOption>: reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.

recaptchaOptions GetSecurityPolicyRuleMatchExprOptionRecaptchaOption[]: reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.

recaptcha_options Sequence[GetSecurityPolicyRuleMatchExprOptionRecaptchaOption]: reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.

recaptchaOptions List<Property Map>: reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.

GetSecurityPolicyRuleMatchExprOptionRecaptchaOption

ActionTokenSiteKeys List<string>: A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created
SessionTokenSiteKeys List<string>: A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.

ActionTokenSiteKeys []string: A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created
SessionTokenSiteKeys []string: A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.

actionTokenSiteKeys List<String>: A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created
sessionTokenSiteKeys List<String>: A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.

actionTokenSiteKeys string[]: A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created
sessionTokenSiteKeys string[]: A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.

action_token_site_keys Sequence[str]: A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created
session_token_site_keys Sequence[str]: A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.

actionTokenSiteKeys List<String>: A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created
sessionTokenSiteKeys List<String>: A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.

GetSecurityPolicyRulePreconfiguredWafConfig

Exclusions List<GetSecurityPolicyRulePreconfiguredWafConfigExclusion>: An exclusion to apply during preconfigured WAF evaluation.

Exclusions []GetSecurityPolicyRulePreconfiguredWafConfigExclusion: An exclusion to apply during preconfigured WAF evaluation.

exclusions List<GetSecurityPolicyRulePreconfiguredWafConfigExclusion>: An exclusion to apply during preconfigured WAF evaluation.

exclusions GetSecurityPolicyRulePreconfiguredWafConfigExclusion[]: An exclusion to apply during preconfigured WAF evaluation.

exclusions Sequence[GetSecurityPolicyRulePreconfiguredWafConfigExclusion]: An exclusion to apply during preconfigured WAF evaluation.

exclusions List<Property Map>: An exclusion to apply during preconfigured WAF evaluation.

GetSecurityPolicyRulePreconfiguredWafConfigExclusion

RequestCookies List<GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCooky>: Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation.
RequestHeaders List<GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader>: Request header whose value will be excluded from inspection during preconfigured WAF evaluation.
RequestQueryParams List<GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam>: Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body.
RequestUris List<GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri>: Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded.
TargetRuleIds List<string>: A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.
TargetRuleSet string: Target WAF rule set to apply the preconfigured WAF exclusion.

RequestCookies []GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCooky: Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation.
RequestHeaders []GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader: Request header whose value will be excluded from inspection during preconfigured WAF evaluation.
RequestQueryParams []GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam: Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body.
RequestUris []GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri: Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded.
TargetRuleIds []string: A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.
TargetRuleSet string: Target WAF rule set to apply the preconfigured WAF exclusion.

requestCookies List<GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCooky>: Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation.
requestHeaders List<GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader>: Request header whose value will be excluded from inspection during preconfigured WAF evaluation.
requestQueryParams List<GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam>: Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body.
requestUris List<GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri>: Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded.
targetRuleIds List<String>: A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.
targetRuleSet String: Target WAF rule set to apply the preconfigured WAF exclusion.

requestCookies GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCooky[]: Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation.
requestHeaders GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader[]: Request header whose value will be excluded from inspection during preconfigured WAF evaluation.
requestQueryParams GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam[]: Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body.
requestUris GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri[]: Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded.
targetRuleIds string[]: A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.
targetRuleSet string: Target WAF rule set to apply the preconfigured WAF exclusion.

request_cookies Sequence[GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCooky]: Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation.
request_headers Sequence[GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader]: Request header whose value will be excluded from inspection during preconfigured WAF evaluation.
request_query_params Sequence[GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam]: Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body.
request_uris Sequence[GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri]: Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded.
target_rule_ids Sequence[str]: A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.
target_rule_set str: Target WAF rule set to apply the preconfigured WAF exclusion.

requestCookies List<Property Map>: Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation.
requestHeaders List<Property Map>: Request header whose value will be excluded from inspection during preconfigured WAF evaluation.
requestQueryParams List<Property Map>: Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body.
requestUris List<Property Map>: Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded.
targetRuleIds List<String>: A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.
targetRuleSet String: Target WAF rule set to apply the preconfigured WAF exclusion.

GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCooky

Operator string: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
Value string: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

Operator string: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
Value string: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

operator String: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
value String: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

operator string: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
value string: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

operator str: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
value str: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

operator String: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
value String: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader

Operator string: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
Value string: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

Operator string: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
Value string: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

operator String: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
value String: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

operator string: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
value string: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

operator str: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
value str: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

operator String: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
value String: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam

Operator string: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
Value string: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

Operator string: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
Value string: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

operator String: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
value String: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

operator string: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
value string: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

operator str: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
value str: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

operator String: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
value String: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri

Operator string: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
Value string: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

Operator string: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
Value string: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

operator String: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
value String: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

operator string: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
value string: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

operator str: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
value str: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

operator String: You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
value String: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.

GetSecurityPolicyRuleRateLimitOption

BanDurationSec int: Can only be specified if the action for the rule is "rate_based_ban". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.
BanThresholds List<GetSecurityPolicyRuleRateLimitOptionBanThreshold>: Can only be specified if the action for the rule is "rate_based_ban". If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.
ConformAction string: Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only.
EnforceOnKey string: Determines the key to enforce the rateLimitThreshold on
EnforceOnKeyConfigs List<GetSecurityPolicyRuleRateLimitOptionEnforceOnKeyConfig>: Enforce On Key Config of this security policy
EnforceOnKeyName string: Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
ExceedAction string: Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are "deny()" where valid values for status are 403, 404, 429, and 502, and "redirect" where the redirect parameters come from exceedRedirectOptions below.
ExceedRedirectOptions List<GetSecurityPolicyRuleRateLimitOptionExceedRedirectOption>: Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.
RateLimitThresholds List<GetSecurityPolicyRuleRateLimitOptionRateLimitThreshold>: Threshold at which to begin ratelimiting.

BanDurationSec int: Can only be specified if the action for the rule is "rate_based_ban". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.
BanThresholds []GetSecurityPolicyRuleRateLimitOptionBanThreshold: Can only be specified if the action for the rule is "rate_based_ban". If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.
ConformAction string: Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only.
EnforceOnKey string: Determines the key to enforce the rateLimitThreshold on
EnforceOnKeyConfigs []GetSecurityPolicyRuleRateLimitOptionEnforceOnKeyConfig: Enforce On Key Config of this security policy
EnforceOnKeyName string: Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
ExceedAction string: Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are "deny()" where valid values for status are 403, 404, 429, and 502, and "redirect" where the redirect parameters come from exceedRedirectOptions below.
ExceedRedirectOptions []GetSecurityPolicyRuleRateLimitOptionExceedRedirectOption: Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.
RateLimitThresholds []GetSecurityPolicyRuleRateLimitOptionRateLimitThreshold: Threshold at which to begin ratelimiting.

banDurationSec Integer: Can only be specified if the action for the rule is "rate_based_ban". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.
banThresholds List<GetSecurityPolicyRuleRateLimitOptionBanThreshold>: Can only be specified if the action for the rule is "rate_based_ban". If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.
conformAction String: Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only.
enforceOnKey String: Determines the key to enforce the rateLimitThreshold on
enforceOnKeyConfigs List<GetSecurityPolicyRuleRateLimitOptionEnforceOnKeyConfig>: Enforce On Key Config of this security policy
enforceOnKeyName String: Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
exceedAction String: Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are "deny()" where valid values for status are 403, 404, 429, and 502, and "redirect" where the redirect parameters come from exceedRedirectOptions below.
exceedRedirectOptions List<GetSecurityPolicyRuleRateLimitOptionExceedRedirectOption>: Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.
rateLimitThresholds List<GetSecurityPolicyRuleRateLimitOptionRateLimitThreshold>: Threshold at which to begin ratelimiting.

banDurationSec number: Can only be specified if the action for the rule is "rate_based_ban". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.
banThresholds GetSecurityPolicyRuleRateLimitOptionBanThreshold[]: Can only be specified if the action for the rule is "rate_based_ban". If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.
conformAction string: Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only.
enforceOnKey string: Determines the key to enforce the rateLimitThreshold on
enforceOnKeyConfigs GetSecurityPolicyRuleRateLimitOptionEnforceOnKeyConfig[]: Enforce On Key Config of this security policy
enforceOnKeyName string: Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
exceedAction string: Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are "deny()" where valid values for status are 403, 404, 429, and 502, and "redirect" where the redirect parameters come from exceedRedirectOptions below.
exceedRedirectOptions GetSecurityPolicyRuleRateLimitOptionExceedRedirectOption[]: Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.
rateLimitThresholds GetSecurityPolicyRuleRateLimitOptionRateLimitThreshold[]: Threshold at which to begin ratelimiting.

ban_duration_sec int: Can only be specified if the action for the rule is "rate_based_ban". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.
ban_thresholds Sequence[GetSecurityPolicyRuleRateLimitOptionBanThreshold]: Can only be specified if the action for the rule is "rate_based_ban". If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.
conform_action str: Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only.
enforce_on_key str: Determines the key to enforce the rateLimitThreshold on
enforce_on_key_configs Sequence[GetSecurityPolicyRuleRateLimitOptionEnforceOnKeyConfig]: Enforce On Key Config of this security policy
enforce_on_key_name str: Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
exceed_action str: Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are "deny()" where valid values for status are 403, 404, 429, and 502, and "redirect" where the redirect parameters come from exceedRedirectOptions below.
exceed_redirect_options Sequence[GetSecurityPolicyRuleRateLimitOptionExceedRedirectOption]: Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.
rate_limit_thresholds Sequence[GetSecurityPolicyRuleRateLimitOptionRateLimitThreshold]: Threshold at which to begin ratelimiting.

banDurationSec Number: Can only be specified if the action for the rule is "rate_based_ban". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.
banThresholds List<Property Map>: Can only be specified if the action for the rule is "rate_based_ban". If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.
conformAction String: Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only.
enforceOnKey String: Determines the key to enforce the rateLimitThreshold on
enforceOnKeyConfigs List<Property Map>: Enforce On Key Config of this security policy
enforceOnKeyName String: Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
exceedAction String: Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are "deny()" where valid values for status are 403, 404, 429, and 502, and "redirect" where the redirect parameters come from exceedRedirectOptions below.
exceedRedirectOptions List<Property Map>: Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.
rateLimitThresholds List<Property Map>: Threshold at which to begin ratelimiting.

GetSecurityPolicyRuleRateLimitOptionBanThreshold

Count int: Number of HTTP(S) requests for calculating the threshold.
IntervalSec int: Interval over which the threshold is computed.

Count int: Number of HTTP(S) requests for calculating the threshold.
IntervalSec int: Interval over which the threshold is computed.

count Integer: Number of HTTP(S) requests for calculating the threshold.
intervalSec Integer: Interval over which the threshold is computed.

count number: Number of HTTP(S) requests for calculating the threshold.
intervalSec number: Interval over which the threshold is computed.

count int: Number of HTTP(S) requests for calculating the threshold.
interval_sec int: Interval over which the threshold is computed.

count Number: Number of HTTP(S) requests for calculating the threshold.
intervalSec Number: Interval over which the threshold is computed.

GetSecurityPolicyRuleRateLimitOptionEnforceOnKeyConfig

EnforceOnKeyName string: Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
EnforceOnKeyType string: Determines the key to enforce the rate_limit_threshold on

EnforceOnKeyName string: Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
EnforceOnKeyType string: Determines the key to enforce the rate_limit_threshold on

enforceOnKeyName String: Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
enforceOnKeyType String: Determines the key to enforce the rate_limit_threshold on

enforceOnKeyName string: Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
enforceOnKeyType string: Determines the key to enforce the rate_limit_threshold on

enforce_on_key_name str: Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
enforce_on_key_type str: Determines the key to enforce the rate_limit_threshold on

enforceOnKeyName String: Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
enforceOnKeyType String: Determines the key to enforce the rate_limit_threshold on

GetSecurityPolicyRuleRateLimitOptionExceedRedirectOption

Target string: Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.
Type string: Type of the redirect action.

Target string: Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.
Type string: Type of the redirect action.

target String: Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.
type String: Type of the redirect action.

target string: Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.
type string: Type of the redirect action.

target str: Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.
type str: Type of the redirect action.

target String: Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.
type String: Type of the redirect action.

GetSecurityPolicyRuleRateLimitOptionRateLimitThreshold

Count int: Number of HTTP(S) requests for calculating the threshold.
IntervalSec int: Interval over which the threshold is computed.

Count int: Number of HTTP(S) requests for calculating the threshold.
IntervalSec int: Interval over which the threshold is computed.

count Integer: Number of HTTP(S) requests for calculating the threshold.
intervalSec Integer: Interval over which the threshold is computed.

count number: Number of HTTP(S) requests for calculating the threshold.
intervalSec number: Interval over which the threshold is computed.

count int: Number of HTTP(S) requests for calculating the threshold.
interval_sec int: Interval over which the threshold is computed.

count Number: Number of HTTP(S) requests for calculating the threshold.
intervalSec Number: Interval over which the threshold is computed.

GetSecurityPolicyRuleRedirectOption

Target string: Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.
Type string: Type of the redirect action. Available options: EXTERNAL_302: Must specify the corresponding target field in config. GOOGLE_RECAPTCHA: Cannot specify target field in config.

Target string: Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.
Type string: Type of the redirect action. Available options: EXTERNAL_302: Must specify the corresponding target field in config. GOOGLE_RECAPTCHA: Cannot specify target field in config.

target String: Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.
type String: Type of the redirect action. Available options: EXTERNAL_302: Must specify the corresponding target field in config. GOOGLE_RECAPTCHA: Cannot specify target field in config.

target string: Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.
type string: Type of the redirect action. Available options: EXTERNAL_302: Must specify the corresponding target field in config. GOOGLE_RECAPTCHA: Cannot specify target field in config.

target str: Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.
type str: Type of the redirect action. Available options: EXTERNAL_302: Must specify the corresponding target field in config. GOOGLE_RECAPTCHA: Cannot specify target field in config.

target String: Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.
type String: Type of the redirect action. Available options: EXTERNAL_302: Must specify the corresponding target field in config. GOOGLE_RECAPTCHA: Cannot specify target field in config.

Package Details

Repository: Google Cloud (GCP) Classic pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.

Google Cloud v8.25.0 published on Thursday, Apr 3, 2025 by Pulumi

pulumi/pulumi-gcp

gcp.compute.getSecurityPolicy

On this page

On this page

Example Usage

Using getSecurityPolicy

getSecurityPolicy Result

Supporting Types

GetSecurityPolicyAdaptiveProtectionConfig

GetSecurityPolicyAdaptiveProtectionConfigAutoDeployConfig

GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig

GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfig

GetSecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfigTrafficGranularityConfig

GetSecurityPolicyAdvancedOptionsConfig

GetSecurityPolicyAdvancedOptionsConfigJsonCustomConfig

GetSecurityPolicyRecaptchaOptionsConfig

GetSecurityPolicyRule

GetSecurityPolicyRuleHeaderAction

GetSecurityPolicyRuleHeaderActionRequestHeadersToAdd

GetSecurityPolicyRuleMatch

GetSecurityPolicyRuleMatchConfig

GetSecurityPolicyRuleMatchExpr

GetSecurityPolicyRuleMatchExprOption

GetSecurityPolicyRuleMatchExprOptionRecaptchaOption

GetSecurityPolicyRulePreconfiguredWafConfig

GetSecurityPolicyRulePreconfiguredWafConfigExclusion

GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCooky

GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader

GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam

GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri

GetSecurityPolicyRuleRateLimitOption

GetSecurityPolicyRuleRateLimitOptionBanThreshold

GetSecurityPolicyRuleRateLimitOptionEnforceOnKeyConfig

GetSecurityPolicyRuleRateLimitOptionExceedRedirectOption

GetSecurityPolicyRuleRateLimitOptionRateLimitThreshold

GetSecurityPolicyRuleRedirectOption

Package Details

On this page

On this page