Class: Google::Cloud::Compute::V1::SecurityPolicyRuleRateLimitOptions

Inherits:

Object

• Object
• Google::Cloud::Compute::V1::SecurityPolicyRuleRateLimitOptions

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/compute/v1/compute.rb

Defined Under Namespace

Modules: EnforceOnKey

Instance Attribute Summary

• #ban_duration_sec ⇒ ::Integer

  Can only be specified if the action for the rule is "rate_based_ban".

• #ban_threshold ⇒ ::Google::Cloud::Compute::V1::SecurityPolicyRuleRateLimitOptionsThreshold

  Can only be specified if the action for the rule is "rate_based_ban".

• #conform_action ⇒ ::String

  Action to take for requests that are under the configured rate limit threshold.

• #enforce_on_key ⇒ ::String

  Determines the key to enforce the rate_limit_threshold on.

• #enforce_on_key_name ⇒ ::String

  Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value.

• #exceed_action ⇒ ::String

  Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint.

• #exceed_redirect_options ⇒ ::Google::Cloud::Compute::V1::SecurityPolicyRuleRedirectOptions

  Parameters defining the redirect action that is used as the exceed action.

• #rate_limit_threshold ⇒ ::Google::Cloud::Compute::V1::SecurityPolicyRuleRateLimitOptionsThreshold

  Threshold at which to begin ratelimiting.

Instance Attribute Details

#ban_duration_sec ⇒ ::Integer

Returns Can only be specified if the action for the rule is "rate_based_ban". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.

Returns:

• (::Integer) —

  Can only be specified if the action for the rule is "rate_based_ban". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.

# File 'proto_docs/google/cloud/compute/v1/compute.rb', line 24712

class SecurityPolicyRuleRateLimitOptions
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Determines the key to enforce the rate_limit_threshold on. Possible values are: - ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if this field 'enforce_on_key' is not configured. - IP: The source IP address of the request is the key. Each IP has this limit enforced separately. - HTTP_HEADER: The value of the HTTP header whose name is configured under "enforce_on_key_name". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. - XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. - HTTP_COOKIE: The value of the HTTP cookie whose name is configured under "enforce_on_key_name". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. - HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. - SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. - REGION_CODE: The country/region from which the request originates.
  module EnforceOnKey
    # A value indicating that the enum field is not set.
    UNDEFINED_ENFORCE_ON_KEY = 0

    ALL = 64897

    HTTP_COOKIE = 494981627

    HTTP_HEADER = 91597348

    HTTP_PATH = 311503228

    IP = 2343

    REGION_CODE = 79559768

    SNI = 82254

    XFF_IP = 438707118
  end
end

#ban_threshold ⇒ ::Google::Cloud::Compute::V1::SecurityPolicyRuleRateLimitOptionsThreshold

Returns Can only be specified if the action for the rule is "rate_based_ban". If specified, the key will be banned for the configured 'ban_duration_sec' when the number of requests that exceed the 'rate_limit_threshold' also exceed this 'ban_threshold'.

Returns:

• (::Google::Cloud::Compute::V1::SecurityPolicyRuleRateLimitOptionsThreshold) —

  Can only be specified if the action for the rule is "rate_based_ban". If specified, the key will be banned for the configured 'ban_duration_sec' when the number of requests that exceed the 'rate_limit_threshold' also exceed this 'ban_threshold'.

# File 'proto_docs/google/cloud/compute/v1/compute.rb', line 24712

class SecurityPolicyRuleRateLimitOptions
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Determines the key to enforce the rate_limit_threshold on. Possible values are: - ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if this field 'enforce_on_key' is not configured. - IP: The source IP address of the request is the key. Each IP has this limit enforced separately. - HTTP_HEADER: The value of the HTTP header whose name is configured under "enforce_on_key_name". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. - XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. - HTTP_COOKIE: The value of the HTTP cookie whose name is configured under "enforce_on_key_name". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. - HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. - SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. - REGION_CODE: The country/region from which the request originates.
  module EnforceOnKey
    # A value indicating that the enum field is not set.
    UNDEFINED_ENFORCE_ON_KEY = 0

    ALL = 64897

    HTTP_COOKIE = 494981627

    HTTP_HEADER = 91597348

    HTTP_PATH = 311503228

    IP = 2343

    REGION_CODE = 79559768

    SNI = 82254

    XFF_IP = 438707118
  end
end

#conform_action ⇒ ::String

Returns Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only.

Returns:

• (::String) —

  Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only.

# File 'proto_docs/google/cloud/compute/v1/compute.rb', line 24712

class SecurityPolicyRuleRateLimitOptions
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Determines the key to enforce the rate_limit_threshold on. Possible values are: - ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if this field 'enforce_on_key' is not configured. - IP: The source IP address of the request is the key. Each IP has this limit enforced separately. - HTTP_HEADER: The value of the HTTP header whose name is configured under "enforce_on_key_name". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. - XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. - HTTP_COOKIE: The value of the HTTP cookie whose name is configured under "enforce_on_key_name". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. - HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. - SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. - REGION_CODE: The country/region from which the request originates.
  module EnforceOnKey
    # A value indicating that the enum field is not set.
    UNDEFINED_ENFORCE_ON_KEY = 0

    ALL = 64897

    HTTP_COOKIE = 494981627

    HTTP_HEADER = 91597348

    HTTP_PATH = 311503228

    IP = 2343

    REGION_CODE = 79559768

    SNI = 82254

    XFF_IP = 438707118
  end
end

#enforce_on_key ⇒ ::String

Returns Determines the key to enforce the rate_limit_threshold on. Possible values are: - ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if this field 'enforce_on_key' is not configured. - IP: The source IP address of the request is the key. Each IP has this limit enforced separately. - HTTP_HEADER: The value of the HTTP header whose name is configured under "enforce_on_key_name". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. - XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. - HTTP_COOKIE: The value of the HTTP cookie whose name is configured under "enforce_on_key_name". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. - HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. - SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. - REGION_CODE: The country/region from which the request originates. Check the EnforceOnKey enum for the list of possible values.

Returns:

• (::String) —

  Determines the key to enforce the rate_limit_threshold on. Possible values are: - ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if this field 'enforce_on_key' is not configured. - IP: The source IP address of the request is the key. Each IP has this limit enforced separately. - HTTP_HEADER: The value of the HTTP header whose name is configured under "enforce_on_key_name". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. - XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. - HTTP_COOKIE: The value of the HTTP cookie whose name is configured under "enforce_on_key_name". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. - HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. - SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. - REGION_CODE: The country/region from which the request originates. Check the EnforceOnKey enum for the list of possible values.

# File 'proto_docs/google/cloud/compute/v1/compute.rb', line 24712

class SecurityPolicyRuleRateLimitOptions
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Determines the key to enforce the rate_limit_threshold on. Possible values are: - ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if this field 'enforce_on_key' is not configured. - IP: The source IP address of the request is the key. Each IP has this limit enforced separately. - HTTP_HEADER: The value of the HTTP header whose name is configured under "enforce_on_key_name". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. - XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. - HTTP_COOKIE: The value of the HTTP cookie whose name is configured under "enforce_on_key_name". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. - HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. - SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. - REGION_CODE: The country/region from which the request originates.
  module EnforceOnKey
    # A value indicating that the enum field is not set.
    UNDEFINED_ENFORCE_ON_KEY = 0

    ALL = 64897

    HTTP_COOKIE = 494981627

    HTTP_HEADER = 91597348

    HTTP_PATH = 311503228

    IP = 2343

    REGION_CODE = 79559768

    SNI = 82254

    XFF_IP = 438707118
  end
end

#enforce_on_key_name ⇒ ::String

Returns Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.

Returns:

• (::String) —

  Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.

# File 'proto_docs/google/cloud/compute/v1/compute.rb', line 24712

class SecurityPolicyRuleRateLimitOptions
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Determines the key to enforce the rate_limit_threshold on. Possible values are: - ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if this field 'enforce_on_key' is not configured. - IP: The source IP address of the request is the key. Each IP has this limit enforced separately. - HTTP_HEADER: The value of the HTTP header whose name is configured under "enforce_on_key_name". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. - XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. - HTTP_COOKIE: The value of the HTTP cookie whose name is configured under "enforce_on_key_name". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. - HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. - SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. - REGION_CODE: The country/region from which the request originates.
  module EnforceOnKey
    # A value indicating that the enum field is not set.
    UNDEFINED_ENFORCE_ON_KEY = 0

    ALL = 64897

    HTTP_COOKIE = 494981627

    HTTP_HEADER = 91597348

    HTTP_PATH = 311503228

    IP = 2343

    REGION_CODE = 79559768

    SNI = 82254

    XFF_IP = 438707118
  end
end

#exceed_action ⇒ ::String

Returns Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are "deny(status)", where valid values for status are 403, 404, 429, and 502, and "redirect" where the redirect parameters come from exceedRedirectOptions below.

Returns:

• (::String) —

  Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are "deny(status)", where valid values for status are 403, 404, 429, and 502, and "redirect" where the redirect parameters come from exceedRedirectOptions below.

# File 'proto_docs/google/cloud/compute/v1/compute.rb', line 24712

class SecurityPolicyRuleRateLimitOptions
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Determines the key to enforce the rate_limit_threshold on. Possible values are: - ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if this field 'enforce_on_key' is not configured. - IP: The source IP address of the request is the key. Each IP has this limit enforced separately. - HTTP_HEADER: The value of the HTTP header whose name is configured under "enforce_on_key_name". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. - XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. - HTTP_COOKIE: The value of the HTTP cookie whose name is configured under "enforce_on_key_name". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. - HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. - SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. - REGION_CODE: The country/region from which the request originates.
  module EnforceOnKey
    # A value indicating that the enum field is not set.
    UNDEFINED_ENFORCE_ON_KEY = 0

    ALL = 64897

    HTTP_COOKIE = 494981627

    HTTP_HEADER = 91597348

    HTTP_PATH = 311503228

    IP = 2343

    REGION_CODE = 79559768

    SNI = 82254

    XFF_IP = 438707118
  end
end

#exceed_redirect_options ⇒ ::Google::Cloud::Compute::V1::SecurityPolicyRuleRedirectOptions

Returns Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.

Returns:

• (::Google::Cloud::Compute::V1::SecurityPolicyRuleRedirectOptions) —

  Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.

# File 'proto_docs/google/cloud/compute/v1/compute.rb', line 24712

class SecurityPolicyRuleRateLimitOptions
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Determines the key to enforce the rate_limit_threshold on. Possible values are: - ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if this field 'enforce_on_key' is not configured. - IP: The source IP address of the request is the key. Each IP has this limit enforced separately. - HTTP_HEADER: The value of the HTTP header whose name is configured under "enforce_on_key_name". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. - XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. - HTTP_COOKIE: The value of the HTTP cookie whose name is configured under "enforce_on_key_name". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. - HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. - SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. - REGION_CODE: The country/region from which the request originates.
  module EnforceOnKey
    # A value indicating that the enum field is not set.
    UNDEFINED_ENFORCE_ON_KEY = 0

    ALL = 64897

    HTTP_COOKIE = 494981627

    HTTP_HEADER = 91597348

    HTTP_PATH = 311503228

    IP = 2343

    REGION_CODE = 79559768

    SNI = 82254

    XFF_IP = 438707118
  end
end

#rate_limit_threshold ⇒ ::Google::Cloud::Compute::V1::SecurityPolicyRuleRateLimitOptionsThreshold

Returns Threshold at which to begin ratelimiting.

Returns:

• (::Google::Cloud::Compute::V1::SecurityPolicyRuleRateLimitOptionsThreshold) —

  Threshold at which to begin ratelimiting.

# File 'proto_docs/google/cloud/compute/v1/compute.rb', line 24712

class SecurityPolicyRuleRateLimitOptions
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Determines the key to enforce the rate_limit_threshold on. Possible values are: - ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if this field 'enforce_on_key' is not configured. - IP: The source IP address of the request is the key. Each IP has this limit enforced separately. - HTTP_HEADER: The value of the HTTP header whose name is configured under "enforce_on_key_name". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. - XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. - HTTP_COOKIE: The value of the HTTP cookie whose name is configured under "enforce_on_key_name". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. - HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. - SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. - REGION_CODE: The country/region from which the request originates.
  module EnforceOnKey
    # A value indicating that the enum field is not set.
    UNDEFINED_ENFORCE_ON_KEY = 0

    ALL = 64897

    HTTP_COOKIE = 494981627

    HTTP_HEADER = 91597348

    HTTP_PATH = 311503228

    IP = 2343

    REGION_CODE = 79559768

    SNI = 82254

    XFF_IP = 438707118
  end
end