SmartWebSecurity API, gRPC: WafProfileService
A set of methods for managing WafProfile resources.
Call | Description |
---|---|
Get | Returns the specified WafProfile resource. |
List | Retrieves the list of WafProfile resources in the specified folder. |
Create | Creates a WAF profile in the specified folder using the data specified in the request. |
Update | Updates the specified WAF profile. |
Delete | Deletes the specified WAF profile. |
Calls WafProfileService
Get
Returns the specified WafProfile resource.
rpc Get (GetWafProfileRequest) returns (WafProfile)
GetWafProfileRequest
Field | Description |
---|---|
waf_profile_id | string Required. ID of the WafProfile resource to return. |
WafProfile
Field | Description |
---|---|
id | string Required. ID of the WAF profile. |
folder_id | string Required. ID of the folder that the WAF profile belongs to. |
cloud_id | string Required. ID of the cloud that the WAF profile belongs to. |
name | string Required. Name of the WAF profile. The name is unique within the folder. 1-50 characters long. The string length in characters must be 1-50. Value must match the regular expression [a-zA-Z0-9][a-zA-Z0-9-_.]* . |
description | string Optional description of the WAF profile. The maximum string length in characters is 512. |
labels | map<string,string> Labels as key:value pairs. Maximum of 64 per resource. No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]* . The string length in characters for each key must be 1-63. Each key must match the regular expression [a-z][-_0-9a-z]* . |
created_at | google.protobuf.Timestamp Creation timestamp in RFC3339 |
rules[] | WafProfileRule Settings for each rule in rule set. |
exclusion_rules[] | WafProfileExclusionRule List of exclusion rules. See Rules. |
rule_set | oneof: core_rule_set |
core_rule_set | CoreRuleSet Core rule set settings. See Basic rule set for details. |
analyze_request_body | AnalyzeRequestBody Parameters for request body analyzer. |
CoreRuleSet
Field | Description |
---|---|
inbound_anomaly_score | int64 Anomaly score. Enter an integer within the range of 2 and 10000. The higher this value, the more likely it is that the request that satisfies the rule is an attack. See Rules for more details. Acceptable values are 2 to 10000, inclusive. |
paranoia_level | int64 Paranoia level. Enter an integer within the range of 1 and 4. Paranoia level classifies rules according to their aggression. The higher the paranoia level, the better your protection, but also the higher the probability of WAF false positives. See Rules for more details. NOTE: this option has no effect on enabling or disabling rules. it is used only as recommendation for user to enable all rules with paranoia_level <= this value. Value must be equal to 1,2,3,4. |
rule_set | RuleSet Required. Rule set. |
AnalyzeRequestBody
Field | Description |
---|---|
is_enabled | bool Possible to turn analyzer on and turn if off. |
size_limit | int64 Maximum size of body to pass to analyzer. In kilobytes. Value must be equal to 0,8,16,32,64,128,256,512. |
size_limit_action | enum Action Action to perform if maximum size of body exceeded.
|
WafProfileRule
Field | Description |
---|---|
rule_id | string Required. Rule ID. |
is_enabled | bool Determines is it rule enabled or not. |
is_blocking | bool Determines is it rule blocking or not. |
WafProfileExclusionRule
Field | Description |
---|---|
name | string Required. Name of exclusion rule. |
description | string Optional description of the rule. 0-512 characters long. The maximum string length in characters is 512. |
condition | Condition The condition for matching traffic. |
exclude_rules | ExcludeRules Required. Exclude rules. |
log_excluded | bool Records the fact that an exception rule is triggered. |
ExcludeRules
Field | Description |
---|---|
exclude_all | bool Set this option true to exclude all rules. |
rule_ids[] | string List of rules to exclude. |
Condition
Field | Description |
---|---|
authority | AuthorityMatcher Match authority (Host header). |
http_method | HttpMethodMatcher Match HTTP method. |
request_uri | RequestUriMatcher Match Request URI. |
headers[] | HeaderMatcher Match HTTP headers. The maximum number of elements is 20. |
source_ip | IpMatcher Match IP. |
StringMatcher
Field | Description |
---|---|
match | oneof: exact_match , exact_not_match , prefix_match , prefix_not_match , pire_regex_match or pire_regex_not_match |
exact_match | string The string length in characters must be 0-255. |
exact_not_match | string The string length in characters must be 0-255. |
prefix_match | string The string length in characters must be 0-255. |
prefix_not_match | string The string length in characters must be 0-255. |
pire_regex_match | string The string length in characters must be 0-255. |
pire_regex_not_match | string The string length in characters must be 0-255. |
HttpMethodMatcher
Field | Description |
---|---|
http_methods[] | StringMatcher List of HTTP methods. OR semantics implied. The maximum number of elements is 20. |
AuthorityMatcher
Field | Description |
---|---|
authorities[] | StringMatcher List of authorities. OR semantics implied. The maximum number of elements is 20. |
RequestUriMatcher
Field | Description |
---|---|
path | StringMatcher Path of the URI RFC3986 |
queries[] | QueryMatcher List of query matchers. AND semantics implied. The maximum number of elements is 20. |
QueryMatcher
Field | Description |
---|---|
key | string Required. Key of the query parameter. The string length in characters must be 1-255. |
value | StringMatcher Required. Value of the query parameter. |
HeaderMatcher
Field | Description |
---|---|
name | string Required. Name of header (case insensitive). The string length in characters must be 1-255. |
value | StringMatcher Required. Value of the header. |
IpMatcher
Field | Description |
---|---|
ip_ranges_match | IpRangesMatcher |
ip_ranges_not_match | IpRangesMatcher |
geo_ip_match | GeoIpMatcher |
geo_ip_not_match | GeoIpMatcher |
IpRangesMatcher
Field | Description |
---|---|
ip_ranges[] | string List of IP ranges. OR semantics implied. The maximum number of elements is 10000. |
GeoIpMatcher
Field | Description |
---|---|
locations[] | string ISO 3166-1 alpha 2. OR semantics implied. The minimum number of elements is 1. The string length in characters for each value must be equal to 2. |
RuleSet
Field | Description |
---|---|
name | string Required. Name of rule set. |
version | string Required. Version of rule set. |
List
Retrieves the list of WafProfile resources in the specified folder.
rpc List (ListWafProfilesRequest) returns (ListWafProfilesResponse)
ListWafProfilesRequest
Field | Description |
---|---|
folder_id | string Required. ID of the folder that the WAF profile belongs to. Currently page_size, page_token, filter and order_by are not supported and List method will return all WAF profiles in the folder. |
ListWafProfilesResponse
Field | Description |
---|---|
waf_profiles[] | WafProfile List of WafProfile resources. Currently next_page_token is not supported and List method will return all WAF profiles in the folder. |
WafProfile
Field | Description |
---|---|
id | string Required. ID of the WAF profile. |
folder_id | string Required. ID of the folder that the WAF profile belongs to. |
cloud_id | string Required. ID of the cloud that the WAF profile belongs to. |
name | string Required. Name of the WAF profile. The name is unique within the folder. 1-50 characters long. The string length in characters must be 1-50. Value must match the regular expression [a-zA-Z0-9][a-zA-Z0-9-_.]* . |
description | string Optional description of the WAF profile. The maximum string length in characters is 512. |
labels | map<string,string> Labels as key:value pairs. Maximum of 64 per resource. No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]* . The string length in characters for each key must be 1-63. Each key must match the regular expression [a-z][-_0-9a-z]* . |
created_at | google.protobuf.Timestamp Creation timestamp in RFC3339 |
rules[] | WafProfileRule Settings for each rule in rule set. |
exclusion_rules[] | WafProfileExclusionRule List of exclusion rules. See Rules. |
rule_set | oneof: core_rule_set |
core_rule_set | CoreRuleSet Core rule set settings. See Basic rule set for details. |
analyze_request_body | AnalyzeRequestBody Parameters for request body analyzer. |
CoreRuleSet
Field | Description |
---|---|
inbound_anomaly_score | int64 Anomaly score. Enter an integer within the range of 2 and 10000. The higher this value, the more likely it is that the request that satisfies the rule is an attack. See Rules for more details. Acceptable values are 2 to 10000, inclusive. |
paranoia_level | int64 Paranoia level. Enter an integer within the range of 1 and 4. Paranoia level classifies rules according to their aggression. The higher the paranoia level, the better your protection, but also the higher the probability of WAF false positives. See Rules for more details. NOTE: this option has no effect on enabling or disabling rules. it is used only as recommendation for user to enable all rules with paranoia_level <= this value. Value must be equal to 1,2,3,4. |
rule_set | RuleSet Required. Rule set. |
AnalyzeRequestBody
Field | Description |
---|---|
is_enabled | bool Possible to turn analyzer on and turn if off. |
size_limit | int64 Maximum size of body to pass to analyzer. In kilobytes. Value must be equal to 0,8,16,32,64,128,256,512. |
size_limit_action | enum Action Action to perform if maximum size of body exceeded.
|
WafProfileRule
Field | Description |
---|---|
rule_id | string Required. Rule ID. |
is_enabled | bool Determines is it rule enabled or not. |
is_blocking | bool Determines is it rule blocking or not. |
WafProfileExclusionRule
Field | Description |
---|---|
name | string Required. Name of exclusion rule. |
description | string Optional description of the rule. 0-512 characters long. The maximum string length in characters is 512. |
condition | Condition The condition for matching traffic. |
exclude_rules | ExcludeRules Required. Exclude rules. |
log_excluded | bool Records the fact that an exception rule is triggered. |
ExcludeRules
Field | Description |
---|---|
exclude_all | bool Set this option true to exclude all rules. |
rule_ids[] | string List of rules to exclude. |
Condition
Field | Description |
---|---|
authority | AuthorityMatcher Match authority (Host header). |
http_method | HttpMethodMatcher Match HTTP method. |
request_uri | RequestUriMatcher Match Request URI. |
headers[] | HeaderMatcher Match HTTP headers. The maximum number of elements is 20. |
source_ip | IpMatcher Match IP. |
StringMatcher
Field | Description |
---|---|
match | oneof: exact_match , exact_not_match , prefix_match , prefix_not_match , pire_regex_match or pire_regex_not_match |
exact_match | string The string length in characters must be 0-255. |
exact_not_match | string The string length in characters must be 0-255. |
prefix_match | string The string length in characters must be 0-255. |
prefix_not_match | string The string length in characters must be 0-255. |
pire_regex_match | string The string length in characters must be 0-255. |
pire_regex_not_match | string The string length in characters must be 0-255. |
HttpMethodMatcher
Field | Description |
---|---|
http_methods[] | StringMatcher List of HTTP methods. OR semantics implied. The maximum number of elements is 20. |
AuthorityMatcher
Field | Description |
---|---|
authorities[] | StringMatcher List of authorities. OR semantics implied. The maximum number of elements is 20. |
RequestUriMatcher
Field | Description |
---|---|
path | StringMatcher Path of the URI RFC3986 |
queries[] | QueryMatcher List of query matchers. AND semantics implied. The maximum number of elements is 20. |
QueryMatcher
Field | Description |
---|---|
key | string Required. Key of the query parameter. The string length in characters must be 1-255. |
value | StringMatcher Required. Value of the query parameter. |
HeaderMatcher
Field | Description |
---|---|
name | string Required. Name of header (case insensitive). The string length in characters must be 1-255. |
value | StringMatcher Required. Value of the header. |
IpMatcher
Field | Description |
---|---|
ip_ranges_match | IpRangesMatcher |
ip_ranges_not_match | IpRangesMatcher |
geo_ip_match | GeoIpMatcher |
geo_ip_not_match | GeoIpMatcher |
IpRangesMatcher
Field | Description |
---|---|
ip_ranges[] | string List of IP ranges. OR semantics implied. The maximum number of elements is 10000. |
GeoIpMatcher
Field | Description |
---|---|
locations[] | string ISO 3166-1 alpha 2. OR semantics implied. The minimum number of elements is 1. The string length in characters for each value must be equal to 2. |
RuleSet
Field | Description |
---|---|
name | string Required. Name of rule set. |
version | string Required. Version of rule set. |
Create
Creates a WAF profile in the specified folder using the data specified in the request.
rpc Create (CreateWafProfileRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:CreateWafProfileMetadata
Operation.response:WafProfile
CreateWafProfileRequest
Field | Description |
---|---|
folder_id | string ID of the folder to create a WAF profile in. |
name | string Name of the WAF profile. The name is unique within the folder. 1-50 characters long. |
description | string Optional description of the WAF profile. |
labels | map<string,string> Labels as key:value pairs. Maximum of 64 per resource. |
rules[] | WafProfileRule Settings for each rule in rule set. |
exclusion_rules[] | WafProfileExclusionRule List of exclusion rules. See Rules. |
rule_set | oneof: core_rule_set |
core_rule_set | WafProfile.CoreRuleSet Core rule set settings. See Basic rule set for details. |
analyze_request_body | WafProfile.AnalyzeRequestBody Parameters for request body analyzer. |
WafProfileRule
Field | Description |
---|---|
rule_id | string Required. Rule ID. |
is_enabled | bool Determines is it rule enabled or not. |
is_blocking | bool Determines is it rule blocking or not. |
WafProfileExclusionRule
Field | Description |
---|---|
name | string Required. Name of exclusion rule. |
description | string Optional description of the rule. 0-512 characters long. The maximum string length in characters is 512. |
condition | Condition The condition for matching traffic. |
exclude_rules | ExcludeRules Required. Exclude rules. |
log_excluded | bool Records the fact that an exception rule is triggered. |
ExcludeRules
Field | Description |
---|---|
exclude_all | bool Set this option true to exclude all rules. |
rule_ids[] | string List of rules to exclude. |
Condition
Field | Description |
---|---|
authority | AuthorityMatcher Match authority (Host header). |
http_method | HttpMethodMatcher Match HTTP method. |
request_uri | RequestUriMatcher Match Request URI. |
headers[] | HeaderMatcher Match HTTP headers. The maximum number of elements is 20. |
source_ip | IpMatcher Match IP. |
StringMatcher
Field | Description |
---|---|
match | oneof: exact_match , exact_not_match , prefix_match , prefix_not_match , pire_regex_match or pire_regex_not_match |
exact_match | string The string length in characters must be 0-255. |
exact_not_match | string The string length in characters must be 0-255. |
prefix_match | string The string length in characters must be 0-255. |
prefix_not_match | string The string length in characters must be 0-255. |
pire_regex_match | string The string length in characters must be 0-255. |
pire_regex_not_match | string The string length in characters must be 0-255. |
HttpMethodMatcher
Field | Description |
---|---|
http_methods[] | StringMatcher List of HTTP methods. OR semantics implied. The maximum number of elements is 20. |
AuthorityMatcher
Field | Description |
---|---|
authorities[] | StringMatcher List of authorities. OR semantics implied. The maximum number of elements is 20. |
RequestUriMatcher
Field | Description |
---|---|
path | StringMatcher Path of the URI RFC3986 |
queries[] | QueryMatcher List of query matchers. AND semantics implied. The maximum number of elements is 20. |
QueryMatcher
Field | Description |
---|---|
key | string Required. Key of the query parameter. The string length in characters must be 1-255. |
value | StringMatcher Required. Value of the query parameter. |
HeaderMatcher
Field | Description |
---|---|
name | string Required. Name of header (case insensitive). The string length in characters must be 1-255. |
value | StringMatcher Required. Value of the header. |
IpMatcher
Field | Description |
---|---|
ip_ranges_match | IpRangesMatcher |
ip_ranges_not_match | IpRangesMatcher |
geo_ip_match | GeoIpMatcher |
geo_ip_not_match | GeoIpMatcher |
IpRangesMatcher
Field | Description |
---|---|
ip_ranges[] | string List of IP ranges. OR semantics implied. The maximum number of elements is 10000. |
GeoIpMatcher
Field | Description |
---|---|
locations[] | string ISO 3166-1 alpha 2. OR semantics implied. The minimum number of elements is 1. The string length in characters for each value must be equal to 2. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
CreateWafProfileMetadata
Field | Description |
---|---|
waf_profile_id | string ID of the WAF profile that is being created. |
WafProfile
Field | Description |
---|---|
id | string Required. ID of the WAF profile. |
folder_id | string Required. ID of the folder that the WAF profile belongs to. |
cloud_id | string Required. ID of the cloud that the WAF profile belongs to. |
name | string Required. Name of the WAF profile. The name is unique within the folder. 1-50 characters long. The string length in characters must be 1-50. Value must match the regular expression [a-zA-Z0-9][a-zA-Z0-9-_.]* . |
description | string Optional description of the WAF profile. The maximum string length in characters is 512. |
labels | map<string,string> Labels as key:value pairs. Maximum of 64 per resource. No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]* . The string length in characters for each key must be 1-63. Each key must match the regular expression [a-z][-_0-9a-z]* . |
created_at | google.protobuf.Timestamp Creation timestamp in RFC3339 |
rules[] | WafProfileRule Settings for each rule in rule set. |
exclusion_rules[] | WafProfileExclusionRule List of exclusion rules. See Rules. |
rule_set | oneof: core_rule_set |
core_rule_set | CoreRuleSet Core rule set settings. See Basic rule set for details. |
analyze_request_body | AnalyzeRequestBody Parameters for request body analyzer. |
CoreRuleSet
Field | Description |
---|---|
inbound_anomaly_score | int64 Anomaly score. Enter an integer within the range of 2 and 10000. The higher this value, the more likely it is that the request that satisfies the rule is an attack. See Rules for more details. Acceptable values are 2 to 10000, inclusive. |
paranoia_level | int64 Paranoia level. Enter an integer within the range of 1 and 4. Paranoia level classifies rules according to their aggression. The higher the paranoia level, the better your protection, but also the higher the probability of WAF false positives. See Rules for more details. NOTE: this option has no effect on enabling or disabling rules. it is used only as recommendation for user to enable all rules with paranoia_level <= this value. Value must be equal to 1,2,3,4. |
rule_set | RuleSet Required. Rule set. |
AnalyzeRequestBody
Field | Description |
---|---|
is_enabled | bool Possible to turn analyzer on and turn if off. |
size_limit | int64 Maximum size of body to pass to analyzer. In kilobytes. Value must be equal to 0,8,16,32,64,128,256,512. |
size_limit_action | enum Action Action to perform if maximum size of body exceeded.
|
RuleSet
Field | Description |
---|---|
name | string Required. Name of rule set. |
version | string Required. Version of rule set. |
Update
Updates the specified WAF profile.
rpc Update (UpdateWafProfileRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:UpdateWafProfileMetadata
Operation.response:WafProfile
UpdateWafProfileRequest
Field | Description |
---|---|
waf_profile_id | string Required. ID of the WAF profile to update. |
update_mask | google.protobuf.FieldMask Field mask that specifies which fields of the WafProfile resource are going to be updated. |
name | string Name of the WAF profile. The name is unique within the folder. 1-50 characters long. |
description | string Optional description of the WAF profile. |
labels | map<string,string> Labels as key:value pairs. Maximum of 64 per resource. |
rules[] | WafProfileRule Settings for each rule in rule set. |
exclusion_rules[] | WafProfileExclusionRule List of exclusion rules. See Rules. |
rule_set | oneof: core_rule_set |
core_rule_set | WafProfile.CoreRuleSet Core rule set settings. See Basic rule set for details. |
analyze_request_body | WafProfile.AnalyzeRequestBody Parameters for request body analyzer. |
WafProfileRule
Field | Description |
---|---|
rule_id | string Required. Rule ID. |
is_enabled | bool Determines is it rule enabled or not. |
is_blocking | bool Determines is it rule blocking or not. |
WafProfileExclusionRule
Field | Description |
---|---|
name | string Required. Name of exclusion rule. |
description | string Optional description of the rule. 0-512 characters long. The maximum string length in characters is 512. |
condition | Condition The condition for matching traffic. |
exclude_rules | ExcludeRules Required. Exclude rules. |
log_excluded | bool Records the fact that an exception rule is triggered. |
ExcludeRules
Field | Description |
---|---|
exclude_all | bool Set this option true to exclude all rules. |
rule_ids[] | string List of rules to exclude. |
Condition
Field | Description |
---|---|
authority | AuthorityMatcher Match authority (Host header). |
http_method | HttpMethodMatcher Match HTTP method. |
request_uri | RequestUriMatcher Match Request URI. |
headers[] | HeaderMatcher Match HTTP headers. The maximum number of elements is 20. |
source_ip | IpMatcher Match IP. |
StringMatcher
Field | Description |
---|---|
match | oneof: exact_match , exact_not_match , prefix_match , prefix_not_match , pire_regex_match or pire_regex_not_match |
exact_match | string The string length in characters must be 0-255. |
exact_not_match | string The string length in characters must be 0-255. |
prefix_match | string The string length in characters must be 0-255. |
prefix_not_match | string The string length in characters must be 0-255. |
pire_regex_match | string The string length in characters must be 0-255. |
pire_regex_not_match | string The string length in characters must be 0-255. |
HttpMethodMatcher
Field | Description |
---|---|
http_methods[] | StringMatcher List of HTTP methods. OR semantics implied. The maximum number of elements is 20. |
AuthorityMatcher
Field | Description |
---|---|
authorities[] | StringMatcher List of authorities. OR semantics implied. The maximum number of elements is 20. |
RequestUriMatcher
Field | Description |
---|---|
path | StringMatcher Path of the URI RFC3986 |
queries[] | QueryMatcher List of query matchers. AND semantics implied. The maximum number of elements is 20. |
QueryMatcher
Field | Description |
---|---|
key | string Required. Key of the query parameter. The string length in characters must be 1-255. |
value | StringMatcher Required. Value of the query parameter. |
HeaderMatcher
Field | Description |
---|---|
name | string Required. Name of header (case insensitive). The string length in characters must be 1-255. |
value | StringMatcher Required. Value of the header. |
IpMatcher
Field | Description |
---|---|
ip_ranges_match | IpRangesMatcher |
ip_ranges_not_match | IpRangesMatcher |
geo_ip_match | GeoIpMatcher |
geo_ip_not_match | GeoIpMatcher |
IpRangesMatcher
Field | Description |
---|---|
ip_ranges[] | string List of IP ranges. OR semantics implied. The maximum number of elements is 10000. |
GeoIpMatcher
Field | Description |
---|---|
locations[] | string ISO 3166-1 alpha 2. OR semantics implied. The minimum number of elements is 1. The string length in characters for each value must be equal to 2. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
UpdateWafProfileMetadata
Field | Description |
---|---|
waf_profile_id | string ID of the WafProfile resource that is being updated. |
WafProfile
Field | Description |
---|---|
id | string Required. ID of the WAF profile. |
folder_id | string Required. ID of the folder that the WAF profile belongs to. |
cloud_id | string Required. ID of the cloud that the WAF profile belongs to. |
name | string Required. Name of the WAF profile. The name is unique within the folder. 1-50 characters long. The string length in characters must be 1-50. Value must match the regular expression [a-zA-Z0-9][a-zA-Z0-9-_.]* . |
description | string Optional description of the WAF profile. The maximum string length in characters is 512. |
labels | map<string,string> Labels as key:value pairs. Maximum of 64 per resource. No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]* . The string length in characters for each key must be 1-63. Each key must match the regular expression [a-z][-_0-9a-z]* . |
created_at | google.protobuf.Timestamp Creation timestamp in RFC3339 |
rules[] | WafProfileRule Settings for each rule in rule set. |
exclusion_rules[] | WafProfileExclusionRule List of exclusion rules. See Rules. |
rule_set | oneof: core_rule_set |
core_rule_set | CoreRuleSet Core rule set settings. See Basic rule set for details. |
analyze_request_body | AnalyzeRequestBody Parameters for request body analyzer. |
CoreRuleSet
Field | Description |
---|---|
inbound_anomaly_score | int64 Anomaly score. Enter an integer within the range of 2 and 10000. The higher this value, the more likely it is that the request that satisfies the rule is an attack. See Rules for more details. Acceptable values are 2 to 10000, inclusive. |
paranoia_level | int64 Paranoia level. Enter an integer within the range of 1 and 4. Paranoia level classifies rules according to their aggression. The higher the paranoia level, the better your protection, but also the higher the probability of WAF false positives. See Rules for more details. NOTE: this option has no effect on enabling or disabling rules. it is used only as recommendation for user to enable all rules with paranoia_level <= this value. Value must be equal to 1,2,3,4. |
rule_set | RuleSet Required. Rule set. |
AnalyzeRequestBody
Field | Description |
---|---|
is_enabled | bool Possible to turn analyzer on and turn if off. |
size_limit | int64 Maximum size of body to pass to analyzer. In kilobytes. Value must be equal to 0,8,16,32,64,128,256,512. |
size_limit_action | enum Action Action to perform if maximum size of body exceeded.
|
RuleSet
Field | Description |
---|---|
name | string Required. Name of rule set. |
version | string Required. Version of rule set. |
Delete
Deletes the specified WAF profile.
rpc Delete (DeleteWafProfileRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:DeleteWafProfileMetadata
Operation.response:google.protobuf.Empty
DeleteWafProfileRequest
Field | Description |
---|---|
waf_profile_id | string Required. ID of the WAF profile to delete. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
DeleteWafProfileMetadata
Field | Description |
---|---|
waf_profile_id | string ID of the WafProfile resource that is being deleted. |