public sealed class SecurityPolicyRuleMatcher : IMessage<SecurityPolicyRuleMatcher>, IEquatable<SecurityPolicyRuleMatcher>, IDeepCloneable<SecurityPolicyRuleMatcher>, IBufferMessage, IMessage
Reference documentation and code samples for the Compute Engine v1 API class SecurityPolicyRuleMatcher.
Represents a match condition that incoming traffic is evaluated against. Exactly one field must be specified.
public SecurityPolicyRuleMatcherConfig Config { get; set; }
The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.
User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Expressions containing evaluateThreatIntelligence require Cloud Armor Managed Protection Plus tier and are not supported in Edge Policies nor in Regional Policies. Expressions containing evaluatePreconfiguredExpr('sourceiplist-*') require Cloud Armor Managed Protection Plus tier and are only supported in Global Security Policies.
Preconfigured versioned expression. If this field is specified, config must also be specified. Available preconfigured expressions along with their requirements are: SRC_IPS_V1 - must specify the corresponding src_ip_range field in config.
Check the VersionedExpr enum for the list of possible values.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-08 UTC."],[[["\u003cp\u003eThis webpage provides reference documentation for the \u003ccode\u003eSecurityPolicyRuleMatcher\u003c/code\u003e class within the Google Cloud Compute Engine v1 API for .NET.\u003c/p\u003e\n"],["\u003cp\u003eThe latest version of \u003ccode\u003eSecurityPolicyRuleMatcher\u003c/code\u003e is 3.6.0, but documentation for versions ranging from 1.0.0 to 3.6.0 is accessible.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eSecurityPolicyRuleMatcher\u003c/code\u003e is a class used to define match conditions for incoming traffic, which must specify only one of the available fields.\u003c/p\u003e\n"],["\u003cp\u003eThe class includes properties such as \u003ccode\u003eConfig\u003c/code\u003e, \u003ccode\u003eExpr\u003c/code\u003e, \u003ccode\u003eExprOptions\u003c/code\u003e, \u003ccode\u003eHasVersionedExpr\u003c/code\u003e, and \u003ccode\u003eVersionedExpr\u003c/code\u003e to configure the matching criteria, and has several constructors available.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eSecurityPolicyRuleMatcher\u003c/code\u003e implements multiple interfaces, including \u003ccode\u003eIMessage\u003c/code\u003e, \u003ccode\u003eIEquatable\u003c/code\u003e, \u003ccode\u003eIDeepCloneable\u003c/code\u003e, and \u003ccode\u003eIBufferMessage\u003c/code\u003e, and inherits from \u003ccode\u003eobject\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# Compute Engine v1 API - Class SecurityPolicyRuleMatcher (3.13.0)\n\nVersion latestkeyboard_arrow_down\n\n- [3.13.0 (latest)](/dotnet/docs/reference/Google.Cloud.Compute.V1/latest/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [3.12.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/3.12.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [3.11.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/3.11.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [3.10.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/3.10.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [3.9.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/3.9.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [3.8.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/3.8.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [3.7.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/3.7.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [3.6.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/3.6.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [3.5.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/3.5.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [3.4.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/3.4.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [3.3.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/3.3.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [3.2.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/3.2.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [3.1.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/3.1.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [3.0.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/3.0.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [2.17.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/2.17.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [2.16.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/2.16.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [2.15.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/2.15.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [2.14.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/2.14.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [2.13.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/2.13.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [2.12.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/2.12.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [2.11.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/2.11.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [2.10.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/2.10.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [2.9.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/2.9.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [2.8.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/2.8.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [2.7.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/2.7.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [2.6.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/2.6.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [2.5.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/2.5.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [2.4.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/2.4.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [2.3.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/2.3.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [2.2.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/2.2.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [2.1.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/2.1.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [2.0.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/2.0.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [1.4.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/1.4.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [1.3.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/1.3.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [1.2.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/1.2.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [1.1.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/1.1.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher)\n- [1.0.0](/dotnet/docs/reference/Google.Cloud.Compute.V1/1.0.0/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher) \n\n public sealed class SecurityPolicyRuleMatcher : IMessage\u003cSecurityPolicyRuleMatcher\u003e, IEquatable\u003cSecurityPolicyRuleMatcher\u003e, IDeepCloneable\u003cSecurityPolicyRuleMatcher\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Compute Engine v1 API class SecurityPolicyRuleMatcher.\n\nRepresents a match condition that incoming traffic is evaluated against. Exactly one field must be specified. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e SecurityPolicyRuleMatcher \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[SecurityPolicyRuleMatcher](/dotnet/docs/reference/Google.Cloud.Compute.V1/latest/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[SecurityPolicyRuleMatcher](/dotnet/docs/reference/Google.Cloud.Compute.V1/latest/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[SecurityPolicyRuleMatcher](/dotnet/docs/reference/Google.Cloud.Compute.V1/latest/Google.Cloud.Compute.V1.SecurityPolicyRuleMatcher), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Cloud.Compute.V1](/dotnet/docs/reference/Google.Cloud.Compute.V1/latest/Google.Cloud.Compute.V1)\n\nAssembly\n--------\n\nGoogle.Cloud.Compute.V1.dll\n\nConstructors\n------------\n\n### SecurityPolicyRuleMatcher()\n\n public SecurityPolicyRuleMatcher()\n\n### SecurityPolicyRuleMatcher(SecurityPolicyRuleMatcher)\n\n public SecurityPolicyRuleMatcher(SecurityPolicyRuleMatcher other)\n\nProperties\n----------\n\n### Config\n\n public SecurityPolicyRuleMatcherConfig Config { get; set; }\n\nThe configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.\n\n### Expr\n\n public Expr Expr { get; set; }\n\nUser defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Expressions containing `evaluateThreatIntelligence` require Cloud Armor Managed Protection Plus tier and are not supported in Edge Policies nor in Regional Policies. Expressions containing `evaluatePreconfiguredExpr('sourceiplist-*')` require Cloud Armor Managed Protection Plus tier and are only supported in Global Security Policies.\n\n### ExprOptions\n\n public SecurityPolicyRuleMatcherExprOptions ExprOptions { get; set; }\n\nThe configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').\n\n### HasVersionedExpr\n\n public bool HasVersionedExpr { get; }\n\nGets whether the \"versioned_expr\" field is set\n\n### VersionedExpr\n\n public string VersionedExpr { get; set; }\n\nPreconfigured versioned expression. If this field is specified, config must also be specified. Available preconfigured expressions along with their requirements are: SRC_IPS_V1 - must specify the corresponding src_ip_range field in config.\nCheck the VersionedExpr enum for the list of possible values."]]
