- NAME
- 
- gcloud beta compute org-security-policies rules add-preconfig-waf-exclusion - add an exclusion configuration for preconfigured WAF evaluation into a security policy rule
 
- SYNOPSIS
- 
- 
gcloud beta compute org-security-policies rules add-preconfig-waf-exclusionPRIORITY--security-policy=SECURITY_POLICY--target-rule-set=TARGET_RULE_SET[--organization=ORGANIZATION] [--request-cookie-to-exclude=[op=OP],[val=VAL]] [--request-header-to-exclude=[op=OP],[val=VAL]] [--request-query-param-to-exclude=[op=OP],[val=VAL]] [--request-uri-to-exclude=[op=OP],[val=VAL]] [--target-rule-ids=[RULE_ID,…]] [GCLOUD_WIDE_FLAG …]
 
- 
- DESCRIPTION
- 
(BETA)gcloud beta compute org-security-policies rules add-preconfig-waf-exclusionis used to add an exclusion configuration for preconfigured WAF evaluation into a security policy rule.Note that request field exclusions are associated with a target, which can be a single rule set, or a rule set plus a list of rule IDs under the rule set. 
- EXAMPLES
- 
To add specific request field exclusions that are associated with the target of
'sqli-stable': ['owasp-crs-v030001-id942110-sqli',
'owasp-crs-v030001-id942120-sqli'], run:
gcloud beta compute org-security-policies rules add-preconfig-waf-exclusion 1000 --security-policy=1234567890 --target-rule-set=sqli-stable --target-rule-ids=owasp-crs-v030001-id942110-sqli,owasp-crs-v030001-id942120-sqli --request-header-to-exclude='op=EQUALS,val=abc' --request-header-to-exclude='op=STARTS_WITH,val=xyz' --request-uri-to-exclude='op=EQUALS_ANY'To add specific request field exclusions that are associated with the target of 'sqli-stable': [], run: gcloud beta compute org-security-policies rules add-preconfig-waf-exclusion 1000 --security-policy=1234567890 --target-rule-set=sqli-stable --request-cookie-to-exclude='op=EQUALS_ANY'
- POSITIONAL ARGUMENTS
- 
- PRIORITY
- Priority of the security policy rule to add preconfig WAF exclusion.
 
- REQUIRED FLAGS
- 
- --security-policy=- SECURITY_POLICY
- short name of the security policy into which the rule should be updated.
- --target-rule-set=- TARGET_RULE_SET
- 
Target WAF rule set where the request field exclusions being added would apply.
This, together with the target rule IDs (if given), determines the target for associating request field exclusions. See --target-rule-ids.
 
- OPTIONAL FLAGS
- 
- --organization=- ORGANIZATION
- Organization which the organization security policy belongs to. Must be set if SECURITY_POLICY is short name.
- 
Adds a request cookie to the request field exclusions associated with the rule
set and rule IDs (if given). This specifies a request cookie whose value will be
excluded from inspection during preconfigured WAF evaluation.
You can specify an exact match or a partial match by using a field operator and a field value. Available field operators are: - 
EQUALS
- 
STARTS_WITH
- 
ENDS_WITH
- 
CONTAINS
- 
EQUALS_ANY
 A field value must be given if the field operator is not EQUALS_ANYEQUALS_ANY--request-header-to-exclude op=EQUALS,val=abcor--request-header-to-exclude op=EQUALS_ANY.This flag can be repeated to specify multiple request headers to exclude. For example, --request-header-to-exclude op=EQUALS,val=abc --request-header-to-exclude op=STARTS_WITH,val=xyz.
- 
- --request-header-to-exclude=[- op=- OP],[- val=- VAL]
- 
Adds a request header to the request field exclusions associated with the rule
set and rule IDs (if given). This specifies a request header whose value will be
excluded from inspection during preconfigured WAF evaluation.
Refer to the syntax under --request-cookie-to-exclude.This flag can be repeated to specify multiple request headers. 
- --request-query-param-to-exclude=[- op=- OP],[- val=- VAL]
- 
Adds a request query parameter to the request field exclusions associated with
the rule set and rule IDs (if given). This specifies a request query parameter
in the query string or in the POST body whose value will be excluded from
inspection during preconfigured WAF evaluation.
Refer to the syntax under --request-cookie-to-exclude.This flag can be repeated to specify multiple request query parameters. 
- --request-uri-to-exclude=[- op=- OP],[- val=- VAL]
- 
Adds a request URI to the request field exclusions associated with the rule set
and rule IDs (if given). This specifies a request URI from the request line to
be excluded from inspection during preconfigured WAF evaluation.
Refer to the syntax under --request-cookie-to-exclude.This flag can be repeated to specify multiple request URIs. 
- --target-rule-ids=[- RULE_ID,…]
- A comma-separated list of target rule IDs under the WAF rule set where the request field exclusions being added would apply. If omitted, the added request field exclusions will be associated with the rule set only, which would apply to all the rule IDs under the rule set.
 
- GCLOUD WIDE FLAGS
- 
These flags are available to all commands: --access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run $ gcloud helpfor details.
- NOTES
- 
This command is currently in beta and might change without notice. These
variants are also available:
gcloud compute org-security-policies rules add-preconfig-waf-exclusiongcloud alpha compute org-security-policies rules add-preconfig-waf-exclusion
      gcloud beta compute org-security-policies rules add-preconfig-waf-exclusion
  
  
  Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-10-14 UTC.