Contact UsGet started

Disconnecting a security profile from a virtual host

Written by
Updated at December 18, 2024
  1. In the management console, select the folder containing the security profile.
  2. In the list of services, select Smart Web Security.
  3. Select the security profile to disconnect from the Yandex Application Load Balancer virtual host.
  4. Go to the Connected hosts tab.
  5. In the row with the host you need, click and select Disconnect from profile.
  6. Confirm your action.

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. To view a list of HTTP routers in the default folder, run this command:

    yc application-load-balancer http-router list

    Result:

    +----------------------+-------------------+-------------+-------------+
|          ID          |       NAME        | VHOST COUNT | ROUTE COUNT |
+----------------------+-------------------+-------------+-------------+
| ds7e9te73uak******** |  my-first-router  |           1 |           1 |
+----------------------+-------------------+-------------+-------------+

  2. To view a list of virtual hosts for the selected HTTP router, run this command:

    yc application-load-balancer http-router get <HTTP_router_name_or_ID>

    Result:

    id: ds7e9te73uak********
name: my-first-router
folder_id: b1gt6g8ht345********
virtual_hosts:
  - name: test-virtual-host
    routes:
      - name: test-route
        http:
          match:
            path:
              prefix_match: /
          route:
            backend_group_id: ds7e12p7l6j4********
            timeout: 60s
            auto_host_rewrite: false
    route_options:
      security_profile_id: fev3s055oq64********
created_at: "2024-08-05T08:34:03.973000654Z"

    Names of virtual hosts are specified in the virtual_hosts.name parameter. The example above features only one virtual host: test-virtual-host.

  3. To disconnect a security profile from a virtual host, run this command:

    yc application-load-balancer virtual-host update <virtual_host_name> \
   --http-router-name <HTTP_router_name> \
   --security-profile-id ""

    Where:

    • <virtual_host_name>: Virtual host name from the previous step.
    • --http-router-name: HTTP router name. This is a required parameter. Instead of the HTTP router name, you can provide its ID in the http-router-id parameter.
    • --security-profile-id: Security profile ID. This is a required parameter.

    Result:

    done (1s)
name: test-virtual-host
routes:
  - name: test-route
    http:
      match:
        path:
          prefix_match: /
      route:
        backend_group_id: ds7e12p7l6j4********
        timeout: 60s
        auto_host_rewrite: false
route_options: {}

For more information about the yc application-load-balancer virtual-host update command, see the CLI reference.

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the documentation on the Terraform website or mirror website.

If you don't have Terraform, install it and configure the Yandex Cloud provider.

You can disconnect a Yandex Smart Web Security security profile from a load balancer in Yandex Application Load Balancer in the virtual host settings.

  1. In the Terraform configuration file, for the yandex_alb_virtual_host resource, delete the security_profile_id (security profile ID) parameter under route_options

    resource "yandex_alb_virtual_host" "my-virtual-host" {
  name                    = "<virtual_host_name>"
  ...

  route_options {
    security_profile_id   = "<security_profile_ID>"
  }
}

  2. Apply the changes:

    1. In the terminal, change to the folder where you edited the configuration file.

    2. Make sure the configuration file is correct using the command:

      terraform validate

      If the configuration is correct, the following message is returned:

      Success! The configuration is valid.

    3. Run the command:

      terraform plan

      The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.

    4. Apply the configuration changes:

      terraform apply

    5. Confirm the changes: type yes in the terminal and press Enter.

You can check the resources' updates using the management console or this CLI command:

yc alb http-router get <HTTP_router_ID>

Use the update REST API method for the VirtualHost resource or the VirtualHostService/Update gRPC API call of the Application Load Balancer service.

Previous
Connecting a profile to a host
Next
Creating a profile