Determines the key to enforce the rate_limit_threshold on. Possible
values are: - ALL: A single rate limit threshold is applied to all
the requests matching this rule. This is the default value if
"enforceOnKey" is not configured. - IP: The source IP address of the
request is the key. Each IP has this limit enforced separately. -
HTTP_HEADER: The value of the HTTP header whose name is configured
under "enforceOnKeyName". The key value is truncated to the first
128 bytes of the header value. If no such header is present in the
request, the key type defaults to ALL. - XFF_IP: The first IP
address (i.e. the originating client IP address) specified in the
list of IPs under X-Forwarded-For HTTP header. If no such header is
present or the value is not a valid IP, the key defaults to the
source IP address of the request i.e. key type IP. - HTTP_COOKIE:
The value of the HTTP cookie whose name is configured under
"enforceOnKeyName". The key value is truncated to the first 128
bytes of the cookie value. If no such cookie is present in the
request, the key type defaults to ALL. - HTTP_PATH: The URL path of
the HTTP request. The key value is truncated to the first 128 bytes.
SNI: Server name indication in the TLS session of the HTTPS
request. The key value is truncated to the first 128 bytes. The key
type defaults to ALL on a HTTP session. - REGION_CODE: The
country/region from which the request originates. -
TLS_JA3_FINGERPRINT: JA3 TLS/SSL fingerprint if the client connects
using HTTPS, HTTP/2 or HTTP/3. If not available, the key type
defaults to ALL. - USER_IP: The IP address of the originating
client, which is resolved based on "userIpRequestHeaders" configured
with the security policy. If there is no "userIpRequestHeaders"
configuration or an IP address cannot be resolved from it, the key
type defaults to IP. - TLS_JA4_FINGERPRINT: JA4 TLS/SSL fingerprint
if the client connects using HTTPS, HTTP/2 or HTTP/3. If not
available, the key type defaults to ALL.
Enums
Name
Description
UNDEFINED_ENFORCE_ON_KEY
A value indicating that the enum field is not set.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-11 UTC."],[],[],null,["# Class EnforceOnKey (1.35.0)\n\nVersion latestkeyboard_arrow_down\n\n- [1.35.0 (latest)](/python/docs/reference/compute/latest/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.34.0](/python/docs/reference/compute/1.34.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.33.0](/python/docs/reference/compute/1.33.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.32.0](/python/docs/reference/compute/1.32.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.31.0](/python/docs/reference/compute/1.31.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.30.0](/python/docs/reference/compute/1.30.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.29.0](/python/docs/reference/compute/1.29.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.28.0](/python/docs/reference/compute/1.28.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.27.0](/python/docs/reference/compute/1.27.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.26.0](/python/docs/reference/compute/1.26.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.25.0](/python/docs/reference/compute/1.25.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.24.0](/python/docs/reference/compute/1.24.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.23.0](/python/docs/reference/compute/1.23.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.22.0](/python/docs/reference/compute/1.22.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.21.0](/python/docs/reference/compute/1.21.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.20.1](/python/docs/reference/compute/1.20.1/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.19.2](/python/docs/reference/compute/1.19.2/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.18.0](/python/docs/reference/compute/1.18.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.17.0](/python/docs/reference/compute/1.17.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.16.1](/python/docs/reference/compute/1.16.1/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.15.0](/python/docs/reference/compute/1.15.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.14.1](/python/docs/reference/compute/1.14.1/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.13.0](/python/docs/reference/compute/1.13.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.12.1](/python/docs/reference/compute/1.12.1/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.11.0](/python/docs/reference/compute/1.11.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.10.1](/python/docs/reference/compute/1.10.1/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.9.0](/python/docs/reference/compute/1.9.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.8.0](/python/docs/reference/compute/1.8.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.7.0](/python/docs/reference/compute/1.7.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.6.1](/python/docs/reference/compute/1.6.1/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.5.2](/python/docs/reference/compute/1.5.2/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.4.0](/python/docs/reference/compute/1.4.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.3.2](/python/docs/reference/compute/1.3.2/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.2.0](/python/docs/reference/compute/1.2.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.1.0](/python/docs/reference/compute/1.1.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [1.0.0](/python/docs/reference/compute/1.0.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [0.9.0](/python/docs/reference/compute/0.9.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [0.8.0](/python/docs/reference/compute/0.8.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [0.7.0](/python/docs/reference/compute/0.7.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [0.6.0](/python/docs/reference/compute/0.6.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [0.5.0](/python/docs/reference/compute/0.5.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [0.4.2](/python/docs/reference/compute/0.4.2/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [0.3.0](/python/docs/reference/compute/0.3.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [0.2.1](/python/docs/reference/compute/0.2.1/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey)\n- [0.1.0](/python/docs/reference/compute/0.1.0/google.cloud.compute_v1.types.SecurityPolicyRuleRateLimitOptions.EnforceOnKey) \n\n EnforceOnKey(value)\n\nDetermines the key to enforce the rate_limit_threshold on. Possible\nvalues are: - ALL: A single rate limit threshold is applied to all\nthe requests matching this rule. This is the default value if\n\"enforceOnKey\" is not configured. - IP: The source IP address of the\nrequest is the key. Each IP has this limit enforced separately. -\nHTTP_HEADER: The value of the HTTP header whose name is configured\nunder \"enforceOnKeyName\". The key value is truncated to the first\n128 bytes of the header value. If no such header is present in the\nrequest, the key type defaults to ALL. - XFF_IP: The first IP\naddress (i.e. the originating client IP address) specified in the\nlist of IPs under X-Forwarded-For HTTP header. If no such header is\npresent or the value is not a valid IP, the key defaults to the\nsource IP address of the request i.e. key type IP. - HTTP_COOKIE:\nThe value of the HTTP cookie whose name is configured under\n\"enforceOnKeyName\". The key value is truncated to the first 128\nbytes of the cookie value. If no such cookie is present in the\nrequest, the key type defaults to ALL. - HTTP_PATH: The URL path of\nthe HTTP request. The key value is truncated to the first 128 bytes.\n\n- SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. - REGION_CODE: The country/region from which the request originates. - TLS_JA3_FINGERPRINT: JA3 TLS/SSL fingerprint if the client connects using HTTPS, HTTP/2 or HTTP/3. If not available, the key type defaults to ALL. - USER_IP: The IP address of the originating client, which is resolved based on \"userIpRequestHeaders\" configured with the security policy. If there is no \"userIpRequestHeaders\" configuration or an IP address cannot be resolved from it, the key type defaults to IP. - TLS_JA4_FINGERPRINT: JA4 TLS/SSL fingerprint if the client connects using HTTPS, HTTP/2 or HTTP/3. If not available, the key type defaults to ALL."]]