File: //snap/google-cloud-cli/394/help/man/man1/gcloud_beta_compute_security-policies_update.1
.TH "GCLOUD_BETA_COMPUTE_SECURITY\-POLICIES_UPDATE" 1
.SH "NAME"
.HP
gcloud beta compute security\-policies update \- update a Compute Engine security policy
.SH "SYNOPSIS"
.HP
\f5gcloud beta compute security\-policies update\fR \fINAME\fR [\fB\-\-description\fR=\fIDESCRIPTION\fR] [\fB\-\-enable\-layer7\-ddos\-defense\fR] [\fB\-\-json\-custom\-content\-types\fR=[\fICONTENT_TYPE\fR,...]] [\fB\-\-json\-parsing\fR=\fIJSON_PARSING\fR] [\fB\-\-layer7\-ddos\-defense\-auto\-deploy\-confidence\-threshold\fR=\fILAYER7_DDOS_DEFENSE_AUTO_DEPLOY_CONFIDENCE_THRESHOLD\fR] [\fB\-\-layer7\-ddos\-defense\-auto\-deploy\-expiration\-sec\fR=\fILAYER7_DDOS_DEFENSE_AUTO_DEPLOY_EXPIRATION_SEC\fR] [\fB\-\-layer7\-ddos\-defense\-auto\-deploy\-impacted\-baseline\-threshold\fR=\fILAYER7_DDOS_DEFENSE_AUTO_DEPLOY_IMPACTED_BASELINE_THRESHOLD\fR] [\fB\-\-layer7\-ddos\-defense\-auto\-deploy\-load\-threshold\fR=\fILAYER7_DDOS_DEFENSE_AUTO_DEPLOY_LOAD_THRESHOLD\fR] [\fB\-\-layer7\-ddos\-defense\-rule\-visibility\fR=\fIVISIBILITY_TYPE\fR] [\fB\-\-log\-level\fR=\fILOG_LEVEL\fR] [\fB\-\-network\-ddos\-protection\fR=\fINETWORK_DDOS_PROTECTION\fR] [\fB\-\-recaptcha\-redirect\-site\-key\fR=\fIRECAPTCHA_REDIRECT_SITE_KEY\fR] [\fB\-\-request\-body\-inspection\-size\fR=\fIREQUEST_BODY_INSPECTION_SIZE\fR] [\fB\-\-user\-ip\-request\-headers\fR=[\fIUSER_IP_REQUEST_HEADER\fR,...]] [\fB\-\-global\fR\ |\ \fB\-\-region\fR=\fIREGION\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]
.SH "DESCRIPTION"
\fB(BETA)\fR \fBgcloud beta compute security\-policies update\fR is used to
update security policies.
.SH "EXAMPLES"
To update the description run this:
.RS 2m
$ gcloud beta compute security\-policies update SECURITY_POLICY \e
\-\-description='new description'
.RE
.SH "POSITIONAL ARGUMENTS"
.RS 2m
.TP 2m
\fINAME\fR
Name of the security policy to update.
.RE
.sp
.SH "FLAGS"
.RS 2m
.TP 2m
\fB\-\-description\fR=\fIDESCRIPTION\fR
An optional, textual description for the security policy.
.TP 2m
\fB\-\-enable\-layer7\-ddos\-defense\fR
Whether to enable Cloud Armor Layer 7 DDoS Defense Adaptive Protection.
.TP 2m
\fB\-\-json\-custom\-content\-types\fR=[\fICONTENT_TYPE\fR,...]
A comma\-separated list of custom Content\-Type header values to apply JSON
parsing for preconfigured WAF rules. Only applicable when JSON parsing is
enabled, like \f5\fI\-\-json\-parsing=STANDARD\fR\fR. When configuring a
Content\-Type header value, only the type/subtype needs to be specified, and the
parameters should be excluded.
.TP 2m
\fB\-\-json\-parsing\fR=\fIJSON_PARSING\fR
The JSON parsing behavior for this rule. Must be one of the following values:
[DISABLED, STANDARD, STANDARD_WITH_GRAPHQL]. \fIJSON_PARSING\fR must be one of:
\fBDISABLED\fR, \fBSTANDARD\fR, \fBSTANDARD_WITH_GRAPHQL\fR.
.TP 2m
\fB\-\-layer7\-ddos\-defense\-auto\-deploy\-confidence\-threshold\fR=\fILAYER7_DDOS_DEFENSE_AUTO_DEPLOY_CONFIDENCE_THRESHOLD\fR
Confidence threshold above which Adaptive Protection's auto\-deploy takes
actions
.TP 2m
\fB\-\-layer7\-ddos\-defense\-auto\-deploy\-expiration\-sec\fR=\fILAYER7_DDOS_DEFENSE_AUTO_DEPLOY_EXPIRATION_SEC\fR
Duration over which Adaptive Protection's auto\-deployed actions last
.TP 2m
\fB\-\-layer7\-ddos\-defense\-auto\-deploy\-impacted\-baseline\-threshold\fR=\fILAYER7_DDOS_DEFENSE_AUTO_DEPLOY_IMPACTED_BASELINE_THRESHOLD\fR
Impacted baseline threshold below which Adaptive Protection's auto\-deploy takes
actions
.TP 2m
\fB\-\-layer7\-ddos\-defense\-auto\-deploy\-load\-threshold\fR=\fILAYER7_DDOS_DEFENSE_AUTO_DEPLOY_LOAD_THRESHOLD\fR
Load threshold above which Adaptive Protection's auto\-deploy takes actions
.TP 2m
\fB\-\-layer7\-ddos\-defense\-rule\-visibility\fR=\fIVISIBILITY_TYPE\fR
The visibility type indicates whether the rules are opaque or transparent.
\fIVISIBILITY_TYPE\fR must be one of: \fBSTANDARD\fR, \fBPREMIUM\fR.
.TP 2m
\fB\-\-log\-level\fR=\fILOG_LEVEL\fR
The level of detail to display for WAF logging. \fILOG_LEVEL\fR must be one of:
\fBNORMAL\fR, \fBVERBOSE\fR.
.TP 2m
\fB\-\-network\-ddos\-protection\fR=\fINETWORK_DDOS_PROTECTION\fR
The DDoS protection level for network load balancing and instances with external
IPs. \fINETWORK_DDOS_PROTECTION\fR must be one of: \fBSTANDARD\fR,
\fBADVANCED\fR, \fBADVANCED_PREVIEW\fR.
.TP 2m
\fB\-\-recaptcha\-redirect\-site\-key\fR=\fIRECAPTCHA_REDIRECT_SITE_KEY\fR
The reCAPTCHA site key to be used for rules using the \f5\fIredirect\fR\fR
action and the \f5\fIgoogle\-recaptcha\fR\fR redirect type under the security
policy.
.TP 2m
\fB\-\-request\-body\-inspection\-size\fR=\fIREQUEST_BODY_INSPECTION_SIZE\fR
Maximum request body inspection size. \fIREQUEST_BODY_INSPECTION_SIZE\fR must be
one of: \fB8KB\fR, \fB16KB\fR, \fB32KB\fR, \fB48KB\fR, \fB64KB\fR.
.TP 2m
\fB\-\-user\-ip\-request\-headers\fR=[\fIUSER_IP_REQUEST_HEADER\fR,...]
A comma\-separated list of request header names to use for resolving the
caller's user IP address.
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-global\fR
If set, the security policy is global.
.TP 2m
\fB\-\-region\fR=\fIREGION\fR
Region of the security policy to update. Overrides the default
\fBcompute/region\fR property value for this command invocation.
.RE
.RE
.sp
.SH "GCLOUD WIDE FLAGS"
These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.
Run \fB$ gcloud help\fR for details.
.SH "NOTES"
This command is currently in beta and might change without notice. These
variants are also available:
.RS 2m
$ gcloud compute security\-policies update
.RE
.RS 2m
$ gcloud alpha compute security\-policies update
.RE