SmartWebSecurity API, REST: SecurityProfile.Update

Written by

Updated at November 7, 2024

HTTP request
Path parameters
Body parameters
SecurityRule
RuleCondition
Condition
AuthorityMatcher
StringMatcher
HttpMethodMatcher
RequestUriMatcher
QueryMatcher
HeaderMatcher
IpMatcher
IpRangesMatcher
GeoIpMatcher
SmartProtection
Waf
AnalyzeRequestBody
Response
UpdateSecurityProfileMetadata
Status
SecurityProfile
SecurityRule
RuleCondition
Condition
AuthorityMatcher
StringMatcher
HttpMethodMatcher
RequestUriMatcher
QueryMatcher
HeaderMatcher
IpMatcher
IpRangesMatcher
GeoIpMatcher
SmartProtection
Waf
AnalyzeRequestBody

Updates the specified security profile.

HTTP request

PATCH https://smartwebsecurity.api.cloud.yandex.net/smartwebsecurity/v1/securityProfiles/{securityProfileId}

Path parameters

Field

Description

securityProfileId

string

Required field. ID of the security profile to update.

Body parameters

{
  "updateMask": "string",
  "labels": "string",
  "name": "string",
  "description": "string",
  "defaultAction": "string",
  "securityRules": [
    {
      "name": "string",
      "priority": "string",
      "dryRun": "boolean",
      // Includes only one of the fields `ruleCondition`, `smartProtection`, `waf`
      "ruleCondition": {
        "action": "string",
        "condition": {
          "authority": {
            "authorities": [
              {
                // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                "exactMatch": "string",
                "exactNotMatch": "string",
                "prefixMatch": "string",
                "prefixNotMatch": "string",
                "pireRegexMatch": "string",
                "pireRegexNotMatch": "string"
                // end of the list of possible fields
              }
            ]
          },
          "httpMethod": {
            "httpMethods": [
              {
                // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                "exactMatch": "string",
                "exactNotMatch": "string",
                "prefixMatch": "string",
                "prefixNotMatch": "string",
                "pireRegexMatch": "string",
                "pireRegexNotMatch": "string"
                // end of the list of possible fields
              }
            ]
          },
          "requestUri": {
            "path": {
              // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
              "exactMatch": "string",
              "exactNotMatch": "string",
              "prefixMatch": "string",
              "prefixNotMatch": "string",
              "pireRegexMatch": "string",
              "pireRegexNotMatch": "string"
              // end of the list of possible fields
            },
            "queries": [
              {
                "key": "string",
                "value": {
                  // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                  "exactMatch": "string",
                  "exactNotMatch": "string",
                  "prefixMatch": "string",
                  "prefixNotMatch": "string",
                  "pireRegexMatch": "string",
                  "pireRegexNotMatch": "string"
                  // end of the list of possible fields
                }
              }
            ]
          },
          "headers": [
            {
              "name": "string",
              "value": {
                // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                "exactMatch": "string",
                "exactNotMatch": "string",
                "prefixMatch": "string",
                "prefixNotMatch": "string",
                "pireRegexMatch": "string",
                "pireRegexNotMatch": "string"
                // end of the list of possible fields
              }
            }
          ],
          "sourceIp": {
            "ipRangesMatch": {
              "ipRanges": [
                "string"
              ]
            },
            "ipRangesNotMatch": {
              "ipRanges": [
                "string"
              ]
            },
            "geoIpMatch": {
              "locations": [
                "string"
              ]
            },
            "geoIpNotMatch": {
              "locations": [
                "string"
              ]
            }
          }
        }
      },
      "smartProtection": {
        "mode": "string",
        "condition": {
          "authority": {
            "authorities": [
              {
                // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                "exactMatch": "string",
                "exactNotMatch": "string",
                "prefixMatch": "string",
                "prefixNotMatch": "string",
                "pireRegexMatch": "string",
                "pireRegexNotMatch": "string"
                // end of the list of possible fields
              }
            ]
          },
          "httpMethod": {
            "httpMethods": [
              {
                // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                "exactMatch": "string",
                "exactNotMatch": "string",
                "prefixMatch": "string",
                "prefixNotMatch": "string",
                "pireRegexMatch": "string",
                "pireRegexNotMatch": "string"
                // end of the list of possible fields
              }
            ]
          },
          "requestUri": {
            "path": {
              // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
              "exactMatch": "string",
              "exactNotMatch": "string",
              "prefixMatch": "string",
              "prefixNotMatch": "string",
              "pireRegexMatch": "string",
              "pireRegexNotMatch": "string"
              // end of the list of possible fields
            },
            "queries": [
              {
                "key": "string",
                "value": {
                  // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                  "exactMatch": "string",
                  "exactNotMatch": "string",
                  "prefixMatch": "string",
                  "prefixNotMatch": "string",
                  "pireRegexMatch": "string",
                  "pireRegexNotMatch": "string"
                  // end of the list of possible fields
                }
              }
            ]
          },
          "headers": [
            {
              "name": "string",
              "value": {
                // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                "exactMatch": "string",
                "exactNotMatch": "string",
                "prefixMatch": "string",
                "prefixNotMatch": "string",
                "pireRegexMatch": "string",
                "pireRegexNotMatch": "string"
                // end of the list of possible fields
              }
            }
          ],
          "sourceIp": {
            "ipRangesMatch": {
              "ipRanges": [
                "string"
              ]
            },
            "ipRangesNotMatch": {
              "ipRanges": [
                "string"
              ]
            },
            "geoIpMatch": {
              "locations": [
                "string"
              ]
            },
            "geoIpNotMatch": {
              "locations": [
                "string"
              ]
            }
          }
        }
      },
      "waf": {
        "mode": "string",
        "condition": {
          "authority": {
            "authorities": [
              {
                // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                "exactMatch": "string",
                "exactNotMatch": "string",
                "prefixMatch": "string",
                "prefixNotMatch": "string",
                "pireRegexMatch": "string",
                "pireRegexNotMatch": "string"
                // end of the list of possible fields
              }
            ]
          },
          "httpMethod": {
            "httpMethods": [
              {
                // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                "exactMatch": "string",
                "exactNotMatch": "string",
                "prefixMatch": "string",
                "prefixNotMatch": "string",
                "pireRegexMatch": "string",
                "pireRegexNotMatch": "string"
                // end of the list of possible fields
              }
            ]
          },
          "requestUri": {
            "path": {
              // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
              "exactMatch": "string",
              "exactNotMatch": "string",
              "prefixMatch": "string",
              "prefixNotMatch": "string",
              "pireRegexMatch": "string",
              "pireRegexNotMatch": "string"
              // end of the list of possible fields
            },
            "queries": [
              {
                "key": "string",
                "value": {
                  // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                  "exactMatch": "string",
                  "exactNotMatch": "string",
                  "prefixMatch": "string",
                  "prefixNotMatch": "string",
                  "pireRegexMatch": "string",
                  "pireRegexNotMatch": "string"
                  // end of the list of possible fields
                }
              }
            ]
          },
          "headers": [
            {
              "name": "string",
              "value": {
                // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                "exactMatch": "string",
                "exactNotMatch": "string",
                "prefixMatch": "string",
                "prefixNotMatch": "string",
                "pireRegexMatch": "string",
                "pireRegexNotMatch": "string"
                // end of the list of possible fields
              }
            }
          ],
          "sourceIp": {
            "ipRangesMatch": {
              "ipRanges": [
                "string"
              ]
            },
            "ipRangesNotMatch": {
              "ipRanges": [
                "string"
              ]
            },
            "geoIpMatch": {
              "locations": [
                "string"
              ]
            },
            "geoIpNotMatch": {
              "locations": [
                "string"
              ]
            }
          }
        },
        "wafProfileId": "string"
      },
      // end of the list of possible fields
      "description": "string"
    }
  ],
  "captchaId": "string",
  "advancedRateLimiterProfileId": "string",
  "analyzeRequestBody": {
    "sizeLimit": "string",
    "sizeLimitAction": "string"
  }
}

Field	Description
updateMask	string (field-mask) A comma-separated names off ALL fields to be updated. Only the specified fields will be changed. The others will be left untouched. If the field is specified in `updateMask` and no value for that field was sent in the request, the field's value will be reset to the default. The default value for most fields is null or 0. If `updateMask` is not sent in the request, all fields' values will be updated. Fields specified in the request will be updated to provided values. The rest of the fields will be reset to the default.
labels	string Labels as `key:value` pairs. Maximum of 64 per resource.
name	string Name of the security profile. The name is unique within the folder. 1-50 characters long.
description	string Optional description of the security profile.
defaultAction	enum (DefaultAction) Action to perform if none of rules matched. `DEFAULT_ACTION_UNSPECIFIED` `ALLOW`: Pass request to service. `DENY`: Deny request.
securityRules[]	SecurityRule List of security rules.
captchaId	string Captcha ID to use with this security profile. Set empty to use default.
advancedRateLimiterProfileId	string Advanced rate limiter profile ID to use with this security profile. Set empty to use default.
analyzeRequestBody	AnalyzeRequestBody Parameters for request body analyzer.

SecurityRule

A SecurityRule object, see Rules.

Field	Description
name	string Required field. Name of the rule. The name is unique within the security profile. 1-50 characters long.
priority	string (int64) Determines the priority for checking the incoming traffic. Enter an integer within the range of 1 and 999999. The rule priority must be unique within the entire security profile. A lower numeric value means a higher priority. The default_action has the lowest priority.
dryRun	boolean This mode allows you to test your security profile or a single rule. For example, you can have the number of alarms for a specific rule displayed. Note: if this option is true, no real action affecting your traffic regarding this rule will be taken.
ruleCondition	RuleCondition Rule actions, see Rule actions. Includes only one of the fields `ruleCondition`, `smartProtection`, `waf`.
smartProtection	SmartProtection Smart Protection rule, see Smart Protection rules. Includes only one of the fields `ruleCondition`, `smartProtection`, `waf`.
waf	Waf Web Application Firewall (WAF) rule, see WAF rules. Includes only one of the fields `ruleCondition`, `smartProtection`, `waf`.
description	string Optional description of the rule. 0-512 characters long.

RuleCondition

RuleCondition object.

Field

Description

action

enum (Action)

Action to perform if this rule matched.

ACTION_UNSPECIFIED
ALLOW: Pass request to service.
DENY: Deny request.

condition

Condition

The condition for matching the rule.

Condition

Condition object. AND semantics implied.
See documentation for matchers description.

Field	Description
authority	AuthorityMatcher Match authority (Host header).
httpMethod	HttpMethodMatcher Match HTTP method.
requestUri	RequestUriMatcher Match Request URI.
headers[]	HeaderMatcher Match HTTP headers.
sourceIp	IpMatcher Match IP.

AuthorityMatcher

AuthorityMatcher object.

Field

Description

authorities[]

StringMatcher

List of authorities. OR semantics implied.

StringMatcher

StringMatcher object.

Field	Description
exactMatch	string Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`.
exactNotMatch	string Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`.
prefixMatch	string Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`.
prefixNotMatch	string Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`.
pireRegexMatch	string Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`.
pireRegexNotMatch	string Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`.

HttpMethodMatcher

HttpMethodMatcher object.

Field

Description

httpMethods[]

StringMatcher

List of HTTP methods. OR semantics implied.

RequestUriMatcher

RequestUriMatcher object. AND semantics implied.

Field

Description

path

StringMatcher

Path of the URI RFC3986.

queries[]

QueryMatcher

List of query matchers. AND semantics implied.

QueryMatcher

QueryMatcher object.

Field

Description

key

string

Required field. Key of the query parameter.

value

StringMatcher

Required field. Value of the query parameter.

HeaderMatcher

HeaderMatcher object.

Field

Description

name

string

Required field. Name of header (case insensitive).

value

StringMatcher

Required field. Value of the header.

IpMatcher

IpMatcher object. AND semantics implied.

Field	Description
ipRangesMatch	IpRangesMatcher
ipRangesNotMatch	IpRangesMatcher
geoIpMatch	GeoIpMatcher
geoIpNotMatch	GeoIpMatcher

IpRangesMatcher

IpRangesMatcher object.

Field

Description

ipRanges[]

string

List of IP ranges. OR semantics implied.

GeoIpMatcher

GeoIpMatcher object.

Field

Description

locations[]

string

ISO 3166-1 alpha 2. OR semantics implied.

SmartProtection

SmartProtection object.

Field

Description

mode

enum (Mode)

Mode of protection.

MODE_UNSPECIFIED
FULL: Full protection means that the traffic will be checked based on ML models and behavioral analysis,
with suspicious requests being sent to SmartCaptcha.
API: API protection means checking the traffic based on ML models and behavioral analysis without sending suspicious
requests to SmartCaptcha. The suspicious requests will be blocked.

condition

Condition

The condition for matching the rule.

Waf

Waf object.

Field	Description
mode	enum (Mode) Mode of protection. `MODE_UNSPECIFIED` `FULL`: Full protection means that the traffic will be checked based on ML models and behavioral analysis, with suspicious requests being sent to SmartCaptcha. `API`: API protection means checking the traffic based on ML models and behavioral analysis without sending suspicious requests to SmartCaptcha. The suspicious requests will be blocked.
condition	Condition The condition for matching the rule.
wafProfileId	string Required field. ID of WAF profile to use in this rule.

AnalyzeRequestBody

Field

Description

sizeLimit

string (int64)

Maximum size of body to pass to analyzer. In kilobytes.

sizeLimitAction

enum (Action)

Action to perform if maximum size of body exceeded.

ACTION_UNSPECIFIED
IGNORE: Ignore body.
DENY: Deny request.

Response

HTTP Code: 200 - OK

{
  "id": "string",
  "description": "string",
  "createdAt": "string",
  "createdBy": "string",
  "modifiedAt": "string",
  "done": "boolean",
  "metadata": {
    "securityProfileId": "string"
  },
  // Includes only one of the fields `error`, `response`
  "error": {
    "code": "integer",
    "message": "string",
    "details": [
      "object"
    ]
  },
  "response": {
    "id": "string",
    "folderId": "string",
    "labels": "string",
    "name": "string",
    "description": "string",
    "defaultAction": "string",
    "securityRules": [
      {
        "name": "string",
        "priority": "string",
        "dryRun": "boolean",
        // Includes only one of the fields `ruleCondition`, `smartProtection`, `waf`
        "ruleCondition": {
          "action": "string",
          "condition": {
            "authority": {
              "authorities": [
                {
                  // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                  "exactMatch": "string",
                  "exactNotMatch": "string",
                  "prefixMatch": "string",
                  "prefixNotMatch": "string",
                  "pireRegexMatch": "string",
                  "pireRegexNotMatch": "string"
                  // end of the list of possible fields
                }
              ]
            },
            "httpMethod": {
              "httpMethods": [
                {
                  // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                  "exactMatch": "string",
                  "exactNotMatch": "string",
                  "prefixMatch": "string",
                  "prefixNotMatch": "string",
                  "pireRegexMatch": "string",
                  "pireRegexNotMatch": "string"
                  // end of the list of possible fields
                }
              ]
            },
            "requestUri": {
              "path": {
                // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                "exactMatch": "string",
                "exactNotMatch": "string",
                "prefixMatch": "string",
                "prefixNotMatch": "string",
                "pireRegexMatch": "string",
                "pireRegexNotMatch": "string"
                // end of the list of possible fields
              },
              "queries": [
                {
                  "key": "string",
                  "value": {
                    // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                    "exactMatch": "string",
                    "exactNotMatch": "string",
                    "prefixMatch": "string",
                    "prefixNotMatch": "string",
                    "pireRegexMatch": "string",
                    "pireRegexNotMatch": "string"
                    // end of the list of possible fields
                  }
                }
              ]
            },
            "headers": [
              {
                "name": "string",
                "value": {
                  // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                  "exactMatch": "string",
                  "exactNotMatch": "string",
                  "prefixMatch": "string",
                  "prefixNotMatch": "string",
                  "pireRegexMatch": "string",
                  "pireRegexNotMatch": "string"
                  // end of the list of possible fields
                }
              }
            ],
            "sourceIp": {
              "ipRangesMatch": {
                "ipRanges": [
                  "string"
                ]
              },
              "ipRangesNotMatch": {
                "ipRanges": [
                  "string"
                ]
              },
              "geoIpMatch": {
                "locations": [
                  "string"
                ]
              },
              "geoIpNotMatch": {
                "locations": [
                  "string"
                ]
              }
            }
          }
        },
        "smartProtection": {
          "mode": "string",
          "condition": {
            "authority": {
              "authorities": [
                {
                  // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                  "exactMatch": "string",
                  "exactNotMatch": "string",
                  "prefixMatch": "string",
                  "prefixNotMatch": "string",
                  "pireRegexMatch": "string",
                  "pireRegexNotMatch": "string"
                  // end of the list of possible fields
                }
              ]
            },
            "httpMethod": {
              "httpMethods": [
                {
                  // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                  "exactMatch": "string",
                  "exactNotMatch": "string",
                  "prefixMatch": "string",
                  "prefixNotMatch": "string",
                  "pireRegexMatch": "string",
                  "pireRegexNotMatch": "string"
                  // end of the list of possible fields
                }
              ]
            },
            "requestUri": {
              "path": {
                // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                "exactMatch": "string",
                "exactNotMatch": "string",
                "prefixMatch": "string",
                "prefixNotMatch": "string",
                "pireRegexMatch": "string",
                "pireRegexNotMatch": "string"
                // end of the list of possible fields
              },
              "queries": [
                {
                  "key": "string",
                  "value": {
                    // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                    "exactMatch": "string",
                    "exactNotMatch": "string",
                    "prefixMatch": "string",
                    "prefixNotMatch": "string",
                    "pireRegexMatch": "string",
                    "pireRegexNotMatch": "string"
                    // end of the list of possible fields
                  }
                }
              ]
            },
            "headers": [
              {
                "name": "string",
                "value": {
                  // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                  "exactMatch": "string",
                  "exactNotMatch": "string",
                  "prefixMatch": "string",
                  "prefixNotMatch": "string",
                  "pireRegexMatch": "string",
                  "pireRegexNotMatch": "string"
                  // end of the list of possible fields
                }
              }
            ],
            "sourceIp": {
              "ipRangesMatch": {
                "ipRanges": [
                  "string"
                ]
              },
              "ipRangesNotMatch": {
                "ipRanges": [
                  "string"
                ]
              },
              "geoIpMatch": {
                "locations": [
                  "string"
                ]
              },
              "geoIpNotMatch": {
                "locations": [
                  "string"
                ]
              }
            }
          }
        },
        "waf": {
          "mode": "string",
          "condition": {
            "authority": {
              "authorities": [
                {
                  // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                  "exactMatch": "string",
                  "exactNotMatch": "string",
                  "prefixMatch": "string",
                  "prefixNotMatch": "string",
                  "pireRegexMatch": "string",
                  "pireRegexNotMatch": "string"
                  // end of the list of possible fields
                }
              ]
            },
            "httpMethod": {
              "httpMethods": [
                {
                  // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                  "exactMatch": "string",
                  "exactNotMatch": "string",
                  "prefixMatch": "string",
                  "prefixNotMatch": "string",
                  "pireRegexMatch": "string",
                  "pireRegexNotMatch": "string"
                  // end of the list of possible fields
                }
              ]
            },
            "requestUri": {
              "path": {
                // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                "exactMatch": "string",
                "exactNotMatch": "string",
                "prefixMatch": "string",
                "prefixNotMatch": "string",
                "pireRegexMatch": "string",
                "pireRegexNotMatch": "string"
                // end of the list of possible fields
              },
              "queries": [
                {
                  "key": "string",
                  "value": {
                    // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                    "exactMatch": "string",
                    "exactNotMatch": "string",
                    "prefixMatch": "string",
                    "prefixNotMatch": "string",
                    "pireRegexMatch": "string",
                    "pireRegexNotMatch": "string"
                    // end of the list of possible fields
                  }
                }
              ]
            },
            "headers": [
              {
                "name": "string",
                "value": {
                  // Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`
                  "exactMatch": "string",
                  "exactNotMatch": "string",
                  "prefixMatch": "string",
                  "prefixNotMatch": "string",
                  "pireRegexMatch": "string",
                  "pireRegexNotMatch": "string"
                  // end of the list of possible fields
                }
              }
            ],
            "sourceIp": {
              "ipRangesMatch": {
                "ipRanges": [
                  "string"
                ]
              },
              "ipRangesNotMatch": {
                "ipRanges": [
                  "string"
                ]
              },
              "geoIpMatch": {
                "locations": [
                  "string"
                ]
              },
              "geoIpNotMatch": {
                "locations": [
                  "string"
                ]
              }
            }
          },
          "wafProfileId": "string"
        },
        // end of the list of possible fields
        "description": "string"
      }
    ],
    "createdAt": "string",
    "cloudId": "string",
    "captchaId": "string",
    "advancedRateLimiterProfileId": "string",
    "analyzeRequestBody": {
      "sizeLimit": "string",
      "sizeLimitAction": "string"
    }
  }
  // end of the list of possible fields
}

An Operation resource. For more information, see Operation.

Field	Description
id	string ID of the operation.
description	string Description of the operation. 0-256 characters long.
createdAt	string (date-time) Creation timestamp. String in RFC3339 text format. The range of possible values is from `0001-01-01T00:00:00Z` to `9999-12-31T23:59:59.999999999Z`, i.e. from 0 to 9 digits for fractions of a second. To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).
createdBy	string ID of the user or service account who initiated the operation.
modifiedAt	string (date-time) The time when the Operation resource was last modified. String in RFC3339 text format. The range of possible values is from `0001-01-01T00:00:00Z` to `9999-12-31T23:59:59.999999999Z`, i.e. from 0 to 9 digits for fractions of a second. To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).
done	boolean If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
metadata	UpdateSecurityProfileMetadata Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
error	Status The error result of the operation in case of failure or cancellation. Includes only one of the fields `error`, `response`. The operation result. If `done == false` and there was no failure detected, neither `error` nor `response` is set. If `done == false` and there was a failure detected, `error` is set. If `done == true`, exactly one of `error` or `response` is set.
response	SecurityProfile The normal response of the operation in case of success. If the original method returns no data on success, such as Delete, the response is google.protobuf.Empty. If the original method is the standard Create/Update, the response should be the target resource of the operation. Any method that returns a long-running operation should document the response type, if any. Includes only one of the fields `error`, `response`. The operation result. If `done == false` and there was no failure detected, neither `error` nor `response` is set. If `done == false` and there was a failure detected, `error` is set. If `done == true`, exactly one of `error` or `response` is set.

UpdateSecurityProfileMetadata

Field

Description

securityProfileId

string

ID of the SecurityProfile resource that is being updated.

Status

The error result of the operation in case of failure or cancellation.

Field	Description
code	integer (int32) Error code. An enum value of google.rpc.Code.
message	string An error message.
details[]	object A list of messages that carry the error details.

SecurityProfile

A SecurityProfile resource.

Field	Description
id	string ID of the security profile.
folderId	string ID of the folder that the security profile belongs to.
labels	string Labels as `key:value` pairs. Maximum of 64 per resource.
name	string Required field. Name of the security profile. The name is unique within the folder. 1-50 characters long.
description	string Optional description of the security profile.
defaultAction	enum (DefaultAction) Required field. Action to perform if none of rules matched. `DEFAULT_ACTION_UNSPECIFIED` `ALLOW`: Pass request to service. `DENY`: Deny request.
securityRules[]	SecurityRule List of security rules.
createdAt	string (date-time) Creation timestamp in RFC3339 text format. String in RFC3339 text format. The range of possible values is from `0001-01-01T00:00:00Z` to `9999-12-31T23:59:59.999999999Z`, i.e. from 0 to 9 digits for fractions of a second. To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).
cloudId	string ID of the cloud that the security profile belongs to.
captchaId	string Captcha ID to use with this security profile. Set empty to use default.
advancedRateLimiterProfileId	string Advanced rate limiter profile ID to use with this security profile. Set empty to use default.
analyzeRequestBody	AnalyzeRequestBody Parameters for request body analyzer.

SecurityRule

A SecurityRule object, see Rules.

Field	Description
name	string Required field. Name of the rule. The name is unique within the security profile. 1-50 characters long.
priority	string (int64) Determines the priority for checking the incoming traffic. Enter an integer within the range of 1 and 999999. The rule priority must be unique within the entire security profile. A lower numeric value means a higher priority. The default_action has the lowest priority.
dryRun	boolean This mode allows you to test your security profile or a single rule. For example, you can have the number of alarms for a specific rule displayed. Note: if this option is true, no real action affecting your traffic regarding this rule will be taken.
ruleCondition	RuleCondition Rule actions, see Rule actions. Includes only one of the fields `ruleCondition`, `smartProtection`, `waf`.
smartProtection	SmartProtection Smart Protection rule, see Smart Protection rules. Includes only one of the fields `ruleCondition`, `smartProtection`, `waf`.
waf	Waf Web Application Firewall (WAF) rule, see WAF rules. Includes only one of the fields `ruleCondition`, `smartProtection`, `waf`.
description	string Optional description of the rule. 0-512 characters long.

RuleCondition

RuleCondition object.

Field

Description

action

enum (Action)

Action to perform if this rule matched.

ACTION_UNSPECIFIED
ALLOW: Pass request to service.
DENY: Deny request.

condition

Condition

The condition for matching the rule.

Condition

Condition object. AND semantics implied.
See documentation for matchers description.

Field	Description
authority	AuthorityMatcher Match authority (Host header).
httpMethod	HttpMethodMatcher Match HTTP method.
requestUri	RequestUriMatcher Match Request URI.
headers[]	HeaderMatcher Match HTTP headers.
sourceIp	IpMatcher Match IP.

AuthorityMatcher

AuthorityMatcher object.

Field

Description

authorities[]

StringMatcher

List of authorities. OR semantics implied.

StringMatcher

StringMatcher object.

Field	Description
exactMatch	string Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`.
exactNotMatch	string Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`.
prefixMatch	string Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`.
prefixNotMatch	string Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`.
pireRegexMatch	string Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`.
pireRegexNotMatch	string Includes only one of the fields `exactMatch`, `exactNotMatch`, `prefixMatch`, `prefixNotMatch`, `pireRegexMatch`, `pireRegexNotMatch`.

HttpMethodMatcher

HttpMethodMatcher object.

Field

Description

httpMethods[]

StringMatcher

List of HTTP methods. OR semantics implied.

RequestUriMatcher

RequestUriMatcher object. AND semantics implied.

Field

Description

path

StringMatcher

Path of the URI RFC3986.

queries[]

QueryMatcher

List of query matchers. AND semantics implied.

QueryMatcher

QueryMatcher object.

Field

Description

key

string

Required field. Key of the query parameter.

value

StringMatcher

Required field. Value of the query parameter.

HeaderMatcher

HeaderMatcher object.

Field

Description

name

string

Required field. Name of header (case insensitive).

value

StringMatcher

Required field. Value of the header.

IpMatcher

IpMatcher object. AND semantics implied.

Field	Description
ipRangesMatch	IpRangesMatcher
ipRangesNotMatch	IpRangesMatcher
geoIpMatch	GeoIpMatcher
geoIpNotMatch	GeoIpMatcher

IpRangesMatcher

IpRangesMatcher object.

Field

Description

ipRanges[]

string

List of IP ranges. OR semantics implied.

GeoIpMatcher

GeoIpMatcher object.

Field

Description

locations[]

string

ISO 3166-1 alpha 2. OR semantics implied.

SmartProtection

SmartProtection object.

Field

Description

mode

enum (Mode)

Mode of protection.

MODE_UNSPECIFIED
FULL: Full protection means that the traffic will be checked based on ML models and behavioral analysis,
with suspicious requests being sent to SmartCaptcha.
API: API protection means checking the traffic based on ML models and behavioral analysis without sending suspicious
requests to SmartCaptcha. The suspicious requests will be blocked.

condition

Condition

The condition for matching the rule.

Waf

Waf object.

Field	Description
mode	enum (Mode) Mode of protection. `MODE_UNSPECIFIED` `FULL`: Full protection means that the traffic will be checked based on ML models and behavioral analysis, with suspicious requests being sent to SmartCaptcha. `API`: API protection means checking the traffic based on ML models and behavioral analysis without sending suspicious requests to SmartCaptcha. The suspicious requests will be blocked.
condition	Condition The condition for matching the rule.
wafProfileId	string Required field. ID of WAF profile to use in this rule.

AnalyzeRequestBody

Field

Description

sizeLimit

string (int64)

Maximum size of body to pass to analyzer. In kilobytes.

sizeLimitAction

enum (Action)

Action to perform if maximum size of body exceeded.

ACTION_UNSPECIFIED
IGNORE: Ignore body.
DENY: Deny request.

SmartWebSecurity API, REST: SecurityProfile.Update

HTTP requestHTTP request

Path parametersPath parameters

Body parametersBody parameters

SecurityRuleSecurityRule

RuleConditionRuleCondition

ConditionCondition

AuthorityMatcherAuthorityMatcher

StringMatcherStringMatcher

HttpMethodMatcherHttpMethodMatcher

RequestUriMatcherRequestUriMatcher

QueryMatcherQueryMatcher

HeaderMatcherHeaderMatcher

IpMatcherIpMatcher

IpRangesMatcherIpRangesMatcher

GeoIpMatcherGeoIpMatcher

SmartProtectionSmartProtection

WafWaf

AnalyzeRequestBodyAnalyzeRequestBody

ResponseResponse

UpdateSecurityProfileMetadataUpdateSecurityProfileMetadata

StatusStatus

SecurityProfileSecurityProfile

SecurityRuleSecurityRule

RuleConditionRuleCondition

ConditionCondition

AuthorityMatcherAuthorityMatcher

StringMatcherStringMatcher

HttpMethodMatcherHttpMethodMatcher

RequestUriMatcherRequestUriMatcher

QueryMatcherQueryMatcher

HeaderMatcherHeaderMatcher

IpMatcherIpMatcher

IpRangesMatcherIpRangesMatcher

GeoIpMatcherGeoIpMatcher

SmartProtectionSmartProtection

WafWaf

AnalyzeRequestBodyAnalyzeRequestBody

Was the article helpful?

HTTP request

Path parameters

Body parameters

SecurityRule

RuleCondition

Condition

AuthorityMatcher

StringMatcher

HttpMethodMatcher

RequestUriMatcher

QueryMatcher

HeaderMatcher

IpMatcher

IpRangesMatcher

GeoIpMatcher

SmartProtection

Waf

AnalyzeRequestBody

Response

UpdateSecurityProfileMetadata

Status

SecurityProfile

SecurityRule

RuleCondition

Condition

AuthorityMatcher

StringMatcher

HttpMethodMatcher

RequestUriMatcher

QueryMatcher

HeaderMatcher

IpMatcher

IpRangesMatcher

GeoIpMatcher

SmartProtection

Waf

AnalyzeRequestBody