Update a Security Rule

put

/secrule/{name}

Disables or enables the specified security rule. You can also update the description of the security rule.

Required Role: To complete this task, you must have the Compute_Operations role. If this role isn't assigned to you or you're not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

Request

Supported Media Types
Path Parameters
  • The three-part name of the object (/Compute-identity_domain/user/object).
Header Parameters
Body ()
The request body contains details of the security rule that you want to update.
Root Schema : SecRule-put-request
Type: object
The request body contains details of the security rule that you want to update.
Show Source
  • Set this parameter to PERMIT.

  • The three-part name of the security application: (/Compute-identity_domain/user/object_name) for user-defined security applications and /oracle/public/object_name for predefined security applications.

  • A description of the security rule.

  • Indicates whether the security rule is enabled (set to false) or disabled (true). The default setting is false.

  • The three-part name (/Compute-identity_domain/user/object_name) of the destination security list or security IP list.

    You must use the prefix seclist: or seciplist: to identify the list type.

    Note: You can specify a security IP list as the destination in a secrule, provided src_list is a security list that has DENY as its outbound policy.

    You cannot specify any of the security IP lists in the /oracle/public container as a destination in a secrule.

  • The three-part name of the object (/Compute-identity_domain/user/object).
  • The three-part name (/Compute-identity_domain/user/object_name) of the source security list or security IP list.

    You must use the prefix seclist: or seciplist: to identify the list type.

Response

Supported Media Types

200 Response

OK. See Status Codes for information about other possible HTTP status codes.
Headers
Body ()
Root Schema : SecRule-response
Type: object
Show Source
  • Set this parameter to PERMIT.

  • The three-part name of the security application: (/Compute-identity_domain/user/object_name) for user-defined security applications and /oracle/public/object_name for predefined security applications.

  • A description of the security rule.

  • Indicates whether the security rule is enabled (set to false) or disabled (true). The default setting is false.

  • The three-part name (/Compute-identity_domain/user/object_name) of the destination security list or security IP list.

    You must use the prefix seclist: or seciplist: to identify the list type.

    Note: You can specify a security IP list as the destination in a secrule, provided src_list is a security list that has DENY as its outbound policy.

    You cannot specify any of the security IP lists in the /oracle/public container as a destination in a secrule.

  • The three-part name of the object (/Compute-identity_domain/user/object).
  • The three-part name (/Compute-identity_domain/user/object_name) of the source security list or security IP list.

    You must use the prefix seclist: or seciplist: to identify the list type.

  • Uniform Resource Identifier

Examples

cURL Command

The following example shows how to update a security rule, /Compute-acme/jack.jones@example.com/es_to_videoservers_stream, by submitting a PUT request on the REST resource using cURL. For more information about cURL, see Use cURL.

Enter the command on a single line. Line breaks are used in this example for readability.

curl -i -X PUT
     -H "Cookie: $COMPUTE_COOKIE"
     -H "Content-Type: application/oracle-compute-v3+json"
     -H "Accept: application/oracle-compute-v3+json"
     -d "@requestbody.json"
        https://api-z999.compute.us0.oraclecloud.com/secrule/Compute-acme/jack.jones@example.com/es_to_videoservers_stream
  • COMPUTE_COOKIE is the name of the variable in which you stored the authentication cookie earlier. For information about retrieving the authentication cookie and storing it in a variable, see Authentication.

  • api-z999.compute.us0.oraclecloud.com is an example REST endpoint URL. Change this value to the REST endpoint URL of your Compute Classic site. For information about finding out REST endpoint URL for your site, see Send Requests.

  • acme and jack.jones@example.com are example values. Replace acme with the identity domain ID of your Compute Classic account, and jack.jones@example.com with your user name.

Example of Request Body

The following shows an example of the request body content in the requestbody.json file to enable a security rule by submitting a PUT request on the REST resource.

{
  "dst_list": "seclist:/Compute-acme/jack.jones@example.com/allowed_video_servers",
  "name": "/Compute-acme/jack.jones@example.com/es_to_videoservers_stream",
  "src_list": "seciplist:/Compute-acme/jack.jones@example.com/es_iplist",
  "application": "/Compute-acme/jack.jones@example.com/video_streaming_udp",
  "action": "PERMIT",
  "disabled": false
}

Example of Response Body

The following example shows the response body in JSON format when you update a security rule.

{
  "dst_list": "seclist:/Compute-acme/jack.jones@example.com/allowed_video_servers",
  "name": "/Compute-acme/jack.jones@example.com/es_to_videoservers_stream",
  "src_list": "seciplist:/Compute-acme/jack.jones@example.com/es_iplist",
  "uri": "https://api-z999.compute.us0.oraclecloud.com/secrule/Compute-acme/jack.jones@example.com/es_to_videoservers_stream",
  "disabled": false,
  "application": "/Compute-acme/jack.jones@example.com/video_streaming_udp",
  "action": "PERMIT"
}