HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/396/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/396/help/man/man1/gcloud_alpha_compute_security-policies_update.1
.TH "GCLOUD_ALPHA_COMPUTE_SECURITY\-POLICIES_UPDATE" 1



.SH "NAME"
.HP
gcloud alpha compute security\-policies update \- update a Compute Engine security policy



.SH "SYNOPSIS"
.HP
\f5gcloud alpha compute security\-policies update\fR \fINAME\fR [\fB\-\-ddos\-protection\fR=\fIDDOS_PROTECTION\fR] [\fB\-\-description\fR=\fIDESCRIPTION\fR] [\fB\-\-enable\-layer7\-ddos\-defense\fR] [\fB\-\-enable\-ml\fR] [\fB\-\-json\-custom\-content\-types\fR=[\fICONTENT_TYPE\fR,...]] [\fB\-\-json\-parsing\fR=\fIJSON_PARSING\fR] [\fB\-\-layer7\-ddos\-defense\-auto\-deploy\-confidence\-threshold\fR=\fILAYER7_DDOS_DEFENSE_AUTO_DEPLOY_CONFIDENCE_THRESHOLD\fR] [\fB\-\-layer7\-ddos\-defense\-auto\-deploy\-expiration\-sec\fR=\fILAYER7_DDOS_DEFENSE_AUTO_DEPLOY_EXPIRATION_SEC\fR] [\fB\-\-layer7\-ddos\-defense\-auto\-deploy\-impacted\-baseline\-threshold\fR=\fILAYER7_DDOS_DEFENSE_AUTO_DEPLOY_IMPACTED_BASELINE_THRESHOLD\fR] [\fB\-\-layer7\-ddos\-defense\-auto\-deploy\-load\-threshold\fR=\fILAYER7_DDOS_DEFENSE_AUTO_DEPLOY_LOAD_THRESHOLD\fR] [\fB\-\-layer7\-ddos\-defense\-rule\-visibility\fR=\fIVISIBILITY_TYPE\fR] [\fB\-\-log\-level\fR=\fILOG_LEVEL\fR] [\fB\-\-network\-ddos\-adaptive\-protection\fR=\fINETWORK_DDOS_ADAPTIVE_PROTECTION\fR] [\fB\-\-network\-ddos\-protection\fR=\fINETWORK_DDOS_PROTECTION\fR] [\fB\-\-recaptcha\-redirect\-site\-key\fR=\fIRECAPTCHA_REDIRECT_SITE_KEY\fR] [\fB\-\-request\-body\-inspection\-size\fR=\fIREQUEST_BODY_INSPECTION_SIZE\fR] [\fB\-\-user\-ip\-request\-headers\fR=[\fIUSER_IP_REQUEST_HEADER\fR,...]] [\fB\-\-clear\-network\-ddos\-impacted\-baseline\-threshold\fR\ |\ \fB\-\-network\-ddos\-impacted\-baseline\-threshold\fR=\fINETWORK_DDOS_IMPACTED_BASELINE_THRESHOLD\fR] [\fB\-\-global\fR\ |\ \fB\-\-region\fR=\fIREGION\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

\fB(ALPHA)\fR \fBgcloud alpha compute security\-policies update\fR is used to
update security policies.



.SH "EXAMPLES"

To update the description run this:

.RS 2m
$ gcloud alpha compute security\-policies update SECURITY_POLICY \e
    \-\-description='new description'
.RE



.SH "POSITIONAL ARGUMENTS"

.RS 2m
.TP 2m
\fINAME\fR

Name of the security policy to update.


.RE
.sp

.SH "FLAGS"

.RS 2m
.TP 2m
\fB\-\-ddos\-protection\fR=\fIDDOS_PROTECTION\fR

The DDoS protection level for network load balancing and instances with external
IPs. \fIDDOS_PROTECTION\fR must be one of: \fBSTANDARD\fR, \fBADVANCED\fR,
\fBADVANCED_PREVIEW\fR.

.TP 2m
\fB\-\-description\fR=\fIDESCRIPTION\fR

An optional, textual description for the security policy.

.TP 2m
\fB\-\-enable\-layer7\-ddos\-defense\fR

Whether to enable Cloud Armor Layer 7 DDoS Defense Adaptive Protection.

.TP 2m
\fB\-\-enable\-ml\fR

Whether to enable Cloud Armor Adaptive Protection

.TP 2m
\fB\-\-json\-custom\-content\-types\fR=[\fICONTENT_TYPE\fR,...]

A comma\-separated list of custom Content\-Type header values to apply JSON
parsing for preconfigured WAF rules. Only applicable when JSON parsing is
enabled, like \f5\fI\-\-json\-parsing=STANDARD\fR\fR. When configuring a
Content\-Type header value, only the type/subtype needs to be specified, and the
parameters should be excluded.

.TP 2m
\fB\-\-json\-parsing\fR=\fIJSON_PARSING\fR

The JSON parsing behavior for this rule. Must be one of the following values:
[DISABLED, STANDARD, STANDARD_WITH_GRAPHQL]. \fIJSON_PARSING\fR must be one of:
\fBDISABLED\fR, \fBSTANDARD\fR, \fBSTANDARD_WITH_GRAPHQL\fR.

.TP 2m
\fB\-\-layer7\-ddos\-defense\-auto\-deploy\-confidence\-threshold\fR=\fILAYER7_DDOS_DEFENSE_AUTO_DEPLOY_CONFIDENCE_THRESHOLD\fR

Confidence threshold above which Adaptive Protection's auto\-deploy takes
actions

.TP 2m
\fB\-\-layer7\-ddos\-defense\-auto\-deploy\-expiration\-sec\fR=\fILAYER7_DDOS_DEFENSE_AUTO_DEPLOY_EXPIRATION_SEC\fR

Duration over which Adaptive Protection's auto\-deployed actions last

.TP 2m
\fB\-\-layer7\-ddos\-defense\-auto\-deploy\-impacted\-baseline\-threshold\fR=\fILAYER7_DDOS_DEFENSE_AUTO_DEPLOY_IMPACTED_BASELINE_THRESHOLD\fR

Impacted baseline threshold below which Adaptive Protection's auto\-deploy takes
actions

.TP 2m
\fB\-\-layer7\-ddos\-defense\-auto\-deploy\-load\-threshold\fR=\fILAYER7_DDOS_DEFENSE_AUTO_DEPLOY_LOAD_THRESHOLD\fR

Load threshold above which Adaptive Protection's auto\-deploy takes actions

.TP 2m
\fB\-\-layer7\-ddos\-defense\-rule\-visibility\fR=\fIVISIBILITY_TYPE\fR

The visibility type indicates whether the rules are opaque or transparent.
\fIVISIBILITY_TYPE\fR must be one of: \fBSTANDARD\fR, \fBPREMIUM\fR.

.TP 2m
\fB\-\-log\-level\fR=\fILOG_LEVEL\fR

The level of detail to display for WAF logging. \fILOG_LEVEL\fR must be one of:
\fBNORMAL\fR, \fBVERBOSE\fR.

.TP 2m
\fB\-\-network\-ddos\-adaptive\-protection\fR=\fINETWORK_DDOS_ADAPTIVE_PROTECTION\fR

The DDoS adaptive protection level for network load balancing and instances with
external IPs. \fINETWORK_DDOS_ADAPTIVE_PROTECTION\fR must be one of:
\fBDISABLED\fR, \fBENABLED\fR, \fBPREVIEW\fR.

.TP 2m
\fB\-\-network\-ddos\-protection\fR=\fINETWORK_DDOS_PROTECTION\fR

The DDoS protection level for network load balancing and instances with external
IPs. \fINETWORK_DDOS_PROTECTION\fR must be one of: \fBSTANDARD\fR,
\fBADVANCED\fR, \fBADVANCED_PREVIEW\fR.

.TP 2m
\fB\-\-recaptcha\-redirect\-site\-key\fR=\fIRECAPTCHA_REDIRECT_SITE_KEY\fR

The reCAPTCHA site key to be used for rules using the \f5\fIredirect\fR\fR
action and the \f5\fIgoogle\-recaptcha\fR\fR redirect type under the security
policy.

.TP 2m
\fB\-\-request\-body\-inspection\-size\fR=\fIREQUEST_BODY_INSPECTION_SIZE\fR

Maximum request body inspection size. \fIREQUEST_BODY_INSPECTION_SIZE\fR must be
one of: \fB8KB\fR, \fB16KB\fR, \fB32KB\fR, \fB48KB\fR, \fB64KB\fR.

.TP 2m
\fB\-\-user\-ip\-request\-headers\fR=[\fIUSER_IP_REQUEST_HEADER\fR,...]

A comma\-separated list of request header names to use for resolving the
caller's user IP address.

.TP 2m

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-clear\-network\-ddos\-impacted\-baseline\-threshold\fR

If provided, clears the Network DDoS impacted baseline threshold from the
security policy.

.TP 2m
\fB\-\-network\-ddos\-impacted\-baseline\-threshold\fR=\fINETWORK_DDOS_IMPACTED_BASELINE_THRESHOLD\fR

Threshold below which rules with collateral damage below this value will be
deployed

.RE
.sp
.TP 2m

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-global\fR

If set, the security policy is global.

.TP 2m
\fB\-\-region\fR=\fIREGION\fR

Region of the security policy to update. Overrides the default
\fBcompute/region\fR property value for this command invocation.


.RE
.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.



.SH "NOTES"

This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation\-only early access
allowlist. These variants are also available:

.RS 2m
$ gcloud compute security\-policies update
.RE

.RS 2m
$ gcloud beta compute security\-policies update
.RE
@ Telegram