[Yandex Cloud documentation](../../index.md) > [Yandex Smart Web Security](../index.md) > [Step-by-step guides](index.md) > Security profiles > Editing basic profile settings

# Editing basic settings of a security profile

{% list tabs group=instructions %}

- Management console {#console}

  1. In the [management console](https://console.yandex.cloud), select the [folder](../../resource-manager/concepts/resources-hierarchy.md#folder) containing the [security profile](../concepts/profiles.md).
  1. Navigate to **Smart Web Security**.
  1. In the left-hand panel, select ![shield-check](../../_assets/console-icons/shield-check.svg) **Security profiles**.
  1. In the row with the profile you need, click ![options](../../_assets/console-icons/ellipsis.svg) and select **Edit**.
  1. In the window that opens, edit the following parameters:

      * **Name**.
      * **Description**.
      * [**Labels**](../../resource-manager/concepts/labels.md). To add a label, click **Add label**.
      * **Action for the default base rule**: `Deny` or `Allow`.
      * **ARL profile**: Select or create an [ARL profile](../concepts/arl.md).
      * Select or create a [SmartCaptcha](../../smartcaptcha/index.md) to verify suspicious requests.
      * Select or [create](template-create.md) a response template that will be returned to the client whenever any rule triggers in the profile. The standard Yandex Cloud template is used by default.
      * Optionally, configure the **Analyze request body (maximum size: 8 KB)** option by selecting an action after the maximum size is exceeded:
        
        * `Do not analyze body`
        * `Block request`
  1. Enable or disable the use of HTTP request info to improve your machine learning models under **Fine-tuning ML models**.
  1. Click **Save**.

- CLI {#cli}

  If you do not have the Yandex Cloud CLI yet, [install and initialize it](../../cli/quickstart.md#install).

  The folder used by default is the one specified when [creating](../../cli/operations/profile/profile-create.md) the CLI profile. To change the default folder, use the `yc config set folder-id <folder_ID>` command. You can also specify a different folder for any command using `--folder-name` or `--folder-id`. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.

  1. View the description of the [CLI](../../cli/quickstart.md) command for editing [security profile](../concepts/profiles.md) basic settings:

     ```bash
     yc smartwebsecurity security-profile update --help
     ```

  1. To view a list of current security profiles in the default folder, run this command:

     ```bash
     yc smartwebsecurity security-profile list
     ```
     
     Result:
     
     ```text
     +----------------------+-------------------+---------------------+----------------+------------+-------------+
     |          ID          |       NAME        |       CREATED       | DEFAULT ACTION | CAPTCHA ID | RULES COUNT |
     +----------------------+-------------------+---------------------+----------------+------------+-------------+
     | fev3s055oq64******** | my-new-profile    | 2024-08-05 06:57:18 | DENY           |            |           1 |
     | fevlqk8vei9p******** | my-sample-profile | 2024-08-05 06:57:28 | DENY           |            |           2 |
     +----------------------+-------------------+---------------------+----------------+------------+-------------+
     ```

  1. To edit basic settings of a security profile, run this command:

     ```bash
     yc smartwebsecurity security-profile update \
        --name <security_profile_name> \
        --new-name <new_security_profile_name> \
        --description "<profile_description>" \
        --labels <label_1_key>=<label_1_value>,<label_2_key>=<label_2_value>,...,<label_n_key>=<label_n_value> \
        --default-action <action> \
        --captcha-id <captcha_ID> \
        --security-rules-file <path_to_file_with_security_rules>
     ```

     Where:

     * `--name`: Security profile name. This is a required setting. Instead of the security profile name, you can provide its ID in the `--id` parameter.
     * `--new-name`: New name for the security profile. Skip it if the profile name remains unchanged.
     * `--description`: Text description of the security profile. This is an optional setting.
     * `--labels`: List of [labels](../../resource-manager/concepts/labels.md) to add to the profile in `KEY=VALUE` format. This is an optional setting. For example, `--labels foo=baz,bar=baz'`.
     * `--default-action`: Action to apply to traffic that does not match any other rule. This is an optional setting. The default value is `allow`, which allows all requests to Yandex Smart Web Security. To block requests, set the parameter to `deny`.
     * `--captcha-id`: ID of the CAPTCHA in [SmartCaptcha](../../smartcaptcha/index.md) to verify suspicious requests. This is an optional setting.
     * `--security-rules-file`: Path to the [YAML](https://en.wikipedia.org/wiki/YAML) file with security rule description. This is an optional setting. Here is an example:

         {% cut "security-rules.yaml" %}
         
         ```yaml
         - name: rule-condition-deny
           description: My first security rule. This rule it's just example to show possibilities of configuration.
           priority: "11111"
           dry_run: true
           rule_condition:
             action: DENY
             condition:
               authority:
                 authorities:
                   - exact_match: example.com
                   - exact_match: example.net
               http_method:
                 http_methods:
                   - exact_match: GET
                   - exact_match: POST
               request_uri:
                 path:
                   prefix_match: /search
                 queries:
                   - key: firstname
                     value:
                       pire_regex_match: .ivan.
                   - key: lastname
                     value:
                       pire_regex_not_match: .petr.
               headers:
                 - name: User-Agent
                   value:
                     pire_regex_match: .curl.
                 - name: Referer
                   value:
                     pire_regex_not_match: .bot.
               source_ip:
                 ip_ranges_match:
                   ip_ranges:
                     - 1.2.33.44
                     - 2.3.4.56
                 ip_ranges_not_match:
                   ip_ranges:
                     - 8.8.0.0/16
                     - 10::1234:1abc:1/64
                 geo_ip_match:
                   locations:
                     - ru
                     - es
                 geo_ip_not_match:
                   locations:
                     - us
                     - fm
                     - gb
         - name: rule-condition-allow
           description: Let's show how to whitelist IP.
           priority: "2"
           rule_condition:
             action: ALLOW
             condition:
               source_ip:
                 ip_ranges_match:
                   ip_ranges:
                     - 44.44.44.44-44.44.44.45
                     - 44.44.44.77
         - name: smart-protection-full
           description: Enable smart protection. Allow to show captcha on /search prefix.
           priority: "11"
           smart_protection:
             mode: FULL
             condition:
               request_uri:
                 path:
                   prefix_match: /search
         - name: smart-protection-api
           description: Enable smart protection with mode API. We are not expect to see captcha on /api prefix.
           priority: "10"
           smart_protection:
             mode: API
             condition:
               request_uri:
                 path:
                   prefix_match: /api
         ```
         
         Where `priority` is the rule [priority](../concepts/rules.md#rules-order).
         
         {% endcut %}

     Result:

     ```text
     id: fev6q4qqnn2q********
     folder_id: b1g07hj5r6i********
     cloud_id: b1gia87mbaom********
     name: my-sample-profile
     new-name: my-update-profile
     description: "my update description"
     labels: label1=value1,label2=value2
     default_action: DENY
     created_at: "2024-07-25T19:21:05.039610Z"
     ```

  For more information about the `yc smartwebsecurity security-profile update` command, see the [CLI reference](../../cli/cli-ref/smartwebsecurity/cli-ref/security-profile/update.md).


- Terraform {#tf}

  With [Terraform](https://www.terraform.io/), you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
  
  Terraform is distributed under the [Business Source License](https://github.com/hashicorp/terraform/blob/main/LICENSE). The [Yandex Cloud provider for Terraform](https://github.com/yandex-cloud/terraform-provider-yandex) is distributed under the [MPL-2.0](https://www.mozilla.org/en-US/MPL/2.0/) license.
  
  For more information about the provider resources, see the relevant documentation on the [Terraform](https://www.terraform.io/docs/providers/yandex/index.html) website or [its mirror](../../terraform/index.md).

  If you do not have Terraform yet, [install it and configure the Yandex Cloud provider](../../tutorials/infrastructure-management/terraform-quickstart.md#install-terraform).
  
  
  To manage infrastructure using Terraform under a service account or user accounts (a Yandex account, a federated account, or a local user), [authenticate](../../terraform/authentication.md) using the appropriate method.

  To update the settings of a Yandex Smart Web Security profile created with Terraform:

  1. Open the Terraform configuration file and edit the fragment describing the profile.

     {% cut "Example of a security profile description in the Terraform configuration" %}
     
     ```hcl
     resource "yandex_sws_security_profile" "demo-profile-simple" {
       name                             = "<security_profile_name>"
       default_action                   = "DENY"
       captcha_id                       = "<captcha_ID>"
       advanced_rate_limiter_profile_id = "<ARL_profile_ID>"

       # Smart Protection rule
       security_rule {
         name     = "smart-protection"
         priority = 99999

         smart_protection {
           mode = "API"
         }
       }

       #Basic rule
       security_rule {
         name = "base-rule-geo"
         priority = 100000
         rule_condition {
           action = "ALLOW"
           condition {
             source_ip {
               geo_ip_match {
                 locations = ["ru", "kz"]
               }
             }
           }
         }
       }

       # WAF profile rule
       security_rule {
         name     = "waf"
         priority = 88888

         waf {
           mode           = "API"
           waf_profile_id = "<WAF_profile_ID>"
         }
       }
     }
     ```

     {% endcut %}

      For more information about the `yandex_sws_security_profile` properties in Terraform, see [this provider guide](../../terraform/resources/sws_security_profile.md).

  1. Apply the changes:

       1. In the terminal, navigate to the configuration file directory.
       1. Make sure the configuration is correct using this command:
       
          ```bash
          terraform validate
          ```
       
          If the configuration is valid, you will get this message:
       
          ```bash
          Success! The configuration is valid.
          ```
       
       1. Run this command:
       
          ```bash
          terraform plan
          ```
       
          You will see a list of resources and their properties. No changes will be made at this step. Terraform will show any errors in the configuration.
       1. Apply the configuration changes:
       
          ```bash
          terraform apply
          ```
       
       1. Type `yes` and press **Enter** to confirm the changes.

  You can check the update using the [management console](https://console.yandex.cloud) or this [CLI](../../cli/index.md) command:

  ```bash
  yc smartwebsecurity security-profile get <security_profile_ID>
  ```

- API {#api}

  Use the [update](../api-ref/SecurityProfile/update.md) REST API method for the [SecurityProfile](../api-ref/SecurityProfile/index.md) resource or the [SecurityProfileService/Update](../api-ref/grpc/SecurityProfile/update.md) gRPC API call.

{% endlist %}

### See also {#see-also}

* [Adding a rule to a security profile](rule-add.md)
* [Editing a rule in a security profile](rule-update.md)
* [Connecting a security profile to a resource](host-connect.md)
* [Deleting a security profile](profile-delete.md)