aws.wafv2.RuleGroup
Explore with Pulumi AI
Create RuleGroup Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new RuleGroup(name: string, args: RuleGroupArgs, opts?: CustomResourceOptions);
@overload
def RuleGroup(resource_name: str,
args: RuleGroupArgs,
opts: Optional[ResourceOptions] = None)
@overload
def RuleGroup(resource_name: str,
opts: Optional[ResourceOptions] = None,
capacity: Optional[int] = None,
custom_response_bodies: Optional[Sequence[RuleGroupCustomResponseBodyArgs]] = None,
description: Optional[str] = None,
name: Optional[str] = None,
name_prefix: Optional[str] = None,
rules: Optional[Sequence[RuleGroupRuleArgs]] = None,
scope: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
visibility_config: Optional[RuleGroupVisibilityConfigArgs] = None)
func NewRuleGroup(ctx *Context, name string, args RuleGroupArgs, opts ...ResourceOption) (*RuleGroup, error)
public RuleGroup(string name, RuleGroupArgs args, CustomResourceOptions? opts = null)
public RuleGroup(String name, RuleGroupArgs args)
public RuleGroup(String name, RuleGroupArgs args, CustomResourceOptions options)
type: aws:wafv2:RuleGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RuleGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RuleGroupArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RuleGroupArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RuleGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RuleGroupArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
RuleGroup Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The RuleGroup resource accepts the following input properties:
- Capacity int
- The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
- Scope string
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - Visibility
Config RuleGroup Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
- Custom
Response List<RuleBodies Group Custom Response Body> - Defines custom response bodies that can be referenced by
custom_response
actions. See Custom Response Body below for details. - Description string
- A friendly description of the rule group.
- Name string
- A friendly name of the rule group.
- Name
Prefix string - Rules
List<Rule
Group Rule> - The rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. See Rules below for details. - Dictionary<string, string>
- An array of key:value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- Capacity int
- The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
- Scope string
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - Visibility
Config RuleGroup Visibility Config Args - Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
- Custom
Response []RuleBodies Group Custom Response Body Args - Defines custom response bodies that can be referenced by
custom_response
actions. See Custom Response Body below for details. - Description string
- A friendly description of the rule group.
- Name string
- A friendly name of the rule group.
- Name
Prefix string - Rules
[]Rule
Group Rule Args - The rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. See Rules below for details. - map[string]string
- An array of key:value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- capacity Integer
- The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
- scope String
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - visibility
Config RuleGroup Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
- custom
Response List<RuleBodies Group Custom Response Body> - Defines custom response bodies that can be referenced by
custom_response
actions. See Custom Response Body below for details. - description String
- A friendly description of the rule group.
- name String
- A friendly name of the rule group.
- name
Prefix String - rules
List<Rule
Group Rule> - The rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. See Rules below for details. - Map<String,String>
- An array of key:value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- capacity number
- The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
- scope string
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - visibility
Config RuleGroup Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
- custom
Response RuleBodies Group Custom Response Body[] - Defines custom response bodies that can be referenced by
custom_response
actions. See Custom Response Body below for details. - description string
- A friendly description of the rule group.
- name string
- A friendly name of the rule group.
- name
Prefix string - rules
Rule
Group Rule[] - The rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. See Rules below for details. - {[key: string]: string}
- An array of key:value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- capacity int
- The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
- scope str
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - visibility_
config RuleGroup Visibility Config Args - Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
- custom_
response_ Sequence[Rulebodies Group Custom Response Body Args] - Defines custom response bodies that can be referenced by
custom_response
actions. See Custom Response Body below for details. - description str
- A friendly description of the rule group.
- name str
- A friendly name of the rule group.
- name_
prefix str - rules
Sequence[Rule
Group Rule Args] - The rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. See Rules below for details. - Mapping[str, str]
- An array of key:value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- capacity Number
- The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
- scope String
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - visibility
Config Property Map - Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
- custom
Response List<Property Map>Bodies - Defines custom response bodies that can be referenced by
custom_response
actions. See Custom Response Body below for details. - description String
- A friendly description of the rule group.
- name String
- A friendly name of the rule group.
- name
Prefix String - rules List<Property Map>
- The rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. See Rules below for details. - Map<String>
- An array of key:value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
Outputs
All input properties are implicitly available as output properties. Additionally, the RuleGroup resource produces the following output properties:
- arn str
- The ARN of the WAF rule group.
- id str
- The provider-assigned unique ID for this managed resource.
- lock_
token str - Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
Look up Existing RuleGroup Resource
Get an existing RuleGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RuleGroupState, opts?: CustomResourceOptions): RuleGroup
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
capacity: Optional[int] = None,
custom_response_bodies: Optional[Sequence[RuleGroupCustomResponseBodyArgs]] = None,
description: Optional[str] = None,
lock_token: Optional[str] = None,
name: Optional[str] = None,
name_prefix: Optional[str] = None,
rules: Optional[Sequence[RuleGroupRuleArgs]] = None,
scope: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
visibility_config: Optional[RuleGroupVisibilityConfigArgs] = None) -> RuleGroup
func GetRuleGroup(ctx *Context, name string, id IDInput, state *RuleGroupState, opts ...ResourceOption) (*RuleGroup, error)
public static RuleGroup Get(string name, Input<string> id, RuleGroupState? state, CustomResourceOptions? opts = null)
public static RuleGroup get(String name, Output<String> id, RuleGroupState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
- The ARN of the WAF rule group.
- Capacity int
- The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
- Custom
Response List<RuleBodies Group Custom Response Body> - Defines custom response bodies that can be referenced by
custom_response
actions. See Custom Response Body below for details. - Description string
- A friendly description of the rule group.
- Lock
Token string - Name string
- A friendly name of the rule group.
- Name
Prefix string - Rules
List<Rule
Group Rule> - The rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. See Rules below for details. - Scope string
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - Dictionary<string, string>
- An array of key:value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - Visibility
Config RuleGroup Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
- Arn string
- The ARN of the WAF rule group.
- Capacity int
- The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
- Custom
Response []RuleBodies Group Custom Response Body Args - Defines custom response bodies that can be referenced by
custom_response
actions. See Custom Response Body below for details. - Description string
- A friendly description of the rule group.
- Lock
Token string - Name string
- A friendly name of the rule group.
- Name
Prefix string - Rules
[]Rule
Group Rule Args - The rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. See Rules below for details. - Scope string
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - map[string]string
- An array of key:value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - Visibility
Config RuleGroup Visibility Config Args - Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
- arn String
- The ARN of the WAF rule group.
- capacity Integer
- The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
- custom
Response List<RuleBodies Group Custom Response Body> - Defines custom response bodies that can be referenced by
custom_response
actions. See Custom Response Body below for details. - description String
- A friendly description of the rule group.
- lock
Token String - name String
- A friendly name of the rule group.
- name
Prefix String - rules
List<Rule
Group Rule> - The rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. See Rules below for details. - scope String
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - Map<String,String>
- An array of key:value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - visibility
Config RuleGroup Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
- arn string
- The ARN of the WAF rule group.
- capacity number
- The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
- custom
Response RuleBodies Group Custom Response Body[] - Defines custom response bodies that can be referenced by
custom_response
actions. See Custom Response Body below for details. - description string
- A friendly description of the rule group.
- lock
Token string - name string
- A friendly name of the rule group.
- name
Prefix string - rules
Rule
Group Rule[] - The rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. See Rules below for details. - scope string
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - {[key: string]: string}
- An array of key:value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - visibility
Config RuleGroup Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
- arn str
- The ARN of the WAF rule group.
- capacity int
- The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
- custom_
response_ Sequence[Rulebodies Group Custom Response Body Args] - Defines custom response bodies that can be referenced by
custom_response
actions. See Custom Response Body below for details. - description str
- A friendly description of the rule group.
- lock_
token str - name str
- A friendly name of the rule group.
- name_
prefix str - rules
Sequence[Rule
Group Rule Args] - The rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. See Rules below for details. - scope str
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - Mapping[str, str]
- An array of key:value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - visibility_
config RuleGroup Visibility Config Args - Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
- arn String
- The ARN of the WAF rule group.
- capacity Number
- The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
- custom
Response List<Property Map>Bodies - Defines custom response bodies that can be referenced by
custom_response
actions. See Custom Response Body below for details. - description String
- A friendly description of the rule group.
- lock
Token String - name String
- A friendly name of the rule group.
- name
Prefix String - rules List<Property Map>
- The rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. See Rules below for details. - scope String
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - Map<String>
- An array of key:value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - visibility
Config Property Map - Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
Supporting Types
Note: There are over 200 nested types for this resource. Only the first 200 types are included in this documentation.
RuleGroupCustomResponseBody, RuleGroupCustomResponseBodyArgs
- Content string
- The payload of the custom response.
- Content
Type string - The type of content in the payload that you are defining in the
content
argument. Valid values areTEXT_PLAIN
,TEXT_HTML
, orAPPLICATION_JSON
. - Key string
- A unique key identifying the custom response body. This is referenced by the
custom_response_body_key
argument in the Custom Response block.
- Content string
- The payload of the custom response.
- Content
Type string - The type of content in the payload that you are defining in the
content
argument. Valid values areTEXT_PLAIN
,TEXT_HTML
, orAPPLICATION_JSON
. - Key string
- A unique key identifying the custom response body. This is referenced by the
custom_response_body_key
argument in the Custom Response block.
- content String
- The payload of the custom response.
- content
Type String - The type of content in the payload that you are defining in the
content
argument. Valid values areTEXT_PLAIN
,TEXT_HTML
, orAPPLICATION_JSON
. - key String
- A unique key identifying the custom response body. This is referenced by the
custom_response_body_key
argument in the Custom Response block.
- content string
- The payload of the custom response.
- content
Type string - The type of content in the payload that you are defining in the
content
argument. Valid values areTEXT_PLAIN
,TEXT_HTML
, orAPPLICATION_JSON
. - key string
- A unique key identifying the custom response body. This is referenced by the
custom_response_body_key
argument in the Custom Response block.
- content str
- The payload of the custom response.
- content_
type str - The type of content in the payload that you are defining in the
content
argument. Valid values areTEXT_PLAIN
,TEXT_HTML
, orAPPLICATION_JSON
. - key str
- A unique key identifying the custom response body. This is referenced by the
custom_response_body_key
argument in the Custom Response block.
- content String
- The payload of the custom response.
- content
Type String - The type of content in the payload that you are defining in the
content
argument. Valid values areTEXT_PLAIN
,TEXT_HTML
, orAPPLICATION_JSON
. - key String
- A unique key identifying the custom response body. This is referenced by the
custom_response_body_key
argument in the Custom Response block.
RuleGroupRule, RuleGroupRuleArgs
- Action
Rule
Group Rule Action - The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the
aws.wafv2.WebAcl
level can override the rule action setting. See Action below for details. - Name string
- A friendly name of the rule.
- Priority int
- If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the
rules
in order based on the value ofpriority
. AWS WAF processes rules with lower priority first. - Statement
Rule
Group Rule Statement - The AWS WAF processing statement for the rule, for example
byte_match_statement
orgeo_match_statement
. See Statement below for details. - Visibility
Config RuleGroup Rule Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
- Captcha
Config RuleGroup Rule Captcha Config - Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- Rule
Labels List<RuleGroup Rule Rule Label> - Labels to apply to web requests that match the rule match statement. See Rule Label below for details.
- Action
Rule
Group Rule Action - The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the
aws.wafv2.WebAcl
level can override the rule action setting. See Action below for details. - Name string
- A friendly name of the rule.
- Priority int
- If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the
rules
in order based on the value ofpriority
. AWS WAF processes rules with lower priority first. - Statement
Rule
Group Rule Statement - The AWS WAF processing statement for the rule, for example
byte_match_statement
orgeo_match_statement
. See Statement below for details. - Visibility
Config RuleGroup Rule Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
- Captcha
Config RuleGroup Rule Captcha Config - Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- Rule
Labels []RuleGroup Rule Rule Label - Labels to apply to web requests that match the rule match statement. See Rule Label below for details.
- action
Rule
Group Rule Action - The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the
aws.wafv2.WebAcl
level can override the rule action setting. See Action below for details. - name String
- A friendly name of the rule.
- priority Integer
- If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the
rules
in order based on the value ofpriority
. AWS WAF processes rules with lower priority first. - statement
Rule
Group Rule Statement - The AWS WAF processing statement for the rule, for example
byte_match_statement
orgeo_match_statement
. See Statement below for details. - visibility
Config RuleGroup Rule Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
- captcha
Config RuleGroup Rule Captcha Config - Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- rule
Labels List<RuleGroup Rule Rule Label> - Labels to apply to web requests that match the rule match statement. See Rule Label below for details.
- action
Rule
Group Rule Action - The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the
aws.wafv2.WebAcl
level can override the rule action setting. See Action below for details. - name string
- A friendly name of the rule.
- priority number
- If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the
rules
in order based on the value ofpriority
. AWS WAF processes rules with lower priority first. - statement
Rule
Group Rule Statement - The AWS WAF processing statement for the rule, for example
byte_match_statement
orgeo_match_statement
. See Statement below for details. - visibility
Config RuleGroup Rule Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
- captcha
Config RuleGroup Rule Captcha Config - Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- rule
Labels RuleGroup Rule Rule Label[] - Labels to apply to web requests that match the rule match statement. See Rule Label below for details.
- action
Rule
Group Rule Action - The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the
aws.wafv2.WebAcl
level can override the rule action setting. See Action below for details. - name str
- A friendly name of the rule.
- priority int
- If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the
rules
in order based on the value ofpriority
. AWS WAF processes rules with lower priority first. - statement
Rule
Group Rule Statement - The AWS WAF processing statement for the rule, for example
byte_match_statement
orgeo_match_statement
. See Statement below for details. - visibility_
config RuleGroup Rule Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
- captcha_
config RuleGroup Rule Captcha Config - Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- rule_
labels Sequence[RuleGroup Rule Rule Label] - Labels to apply to web requests that match the rule match statement. See Rule Label below for details.
- action Property Map
- The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the
aws.wafv2.WebAcl
level can override the rule action setting. See Action below for details. - name String
- A friendly name of the rule.
- priority Number
- If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the
rules
in order based on the value ofpriority
. AWS WAF processes rules with lower priority first. - statement Property Map
- The AWS WAF processing statement for the rule, for example
byte_match_statement
orgeo_match_statement
. See Statement below for details. - visibility
Config Property Map - Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
- captcha
Config Property Map - Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- rule
Labels List<Property Map> - Labels to apply to web requests that match the rule match statement. See Rule Label below for details.
RuleGroupRuleAction, RuleGroupRuleActionArgs
- Allow
Rule
Group Rule Action Allow - Instructs AWS WAF to allow the web request. See Allow below for details.
- Block
Rule
Group Rule Action Block - Instructs AWS WAF to block the web request. See Block below for details.
- Captcha
Rule
Group Rule Action Captcha - Instructs AWS WAF to run a
CAPTCHA
check against the web request. See Captcha below for details. - Challenge
Rule
Group Rule Action Challenge - Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details.
- Count
Rule
Group Rule Action Count - Instructs AWS WAF to count the web request and allow it. See Count below for details.
- Allow
Rule
Group Rule Action Allow - Instructs AWS WAF to allow the web request. See Allow below for details.
- Block
Rule
Group Rule Action Block - Instructs AWS WAF to block the web request. See Block below for details.
- Captcha
Rule
Group Rule Action Captcha - Instructs AWS WAF to run a
CAPTCHA
check against the web request. See Captcha below for details. - Challenge
Rule
Group Rule Action Challenge - Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details.
- Count
Rule
Group Rule Action Count - Instructs AWS WAF to count the web request and allow it. See Count below for details.
- allow
Rule
Group Rule Action Allow - Instructs AWS WAF to allow the web request. See Allow below for details.
- block
Rule
Group Rule Action Block - Instructs AWS WAF to block the web request. See Block below for details.
- captcha
Rule
Group Rule Action Captcha - Instructs AWS WAF to run a
CAPTCHA
check against the web request. See Captcha below for details. - challenge
Rule
Group Rule Action Challenge - Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details.
- count
Rule
Group Rule Action Count - Instructs AWS WAF to count the web request and allow it. See Count below for details.
- allow
Rule
Group Rule Action Allow - Instructs AWS WAF to allow the web request. See Allow below for details.
- block
Rule
Group Rule Action Block - Instructs AWS WAF to block the web request. See Block below for details.
- captcha
Rule
Group Rule Action Captcha - Instructs AWS WAF to run a
CAPTCHA
check against the web request. See Captcha below for details. - challenge
Rule
Group Rule Action Challenge - Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details.
- count
Rule
Group Rule Action Count - Instructs AWS WAF to count the web request and allow it. See Count below for details.
- allow
Rule
Group Rule Action Allow - Instructs AWS WAF to allow the web request. See Allow below for details.
- block
Rule
Group Rule Action Block - Instructs AWS WAF to block the web request. See Block below for details.
- captcha
Rule
Group Rule Action Captcha - Instructs AWS WAF to run a
CAPTCHA
check against the web request. See Captcha below for details. - challenge
Rule
Group Rule Action Challenge - Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details.
- count
Rule
Group Rule Action Count - Instructs AWS WAF to count the web request and allow it. See Count below for details.
- allow Property Map
- Instructs AWS WAF to allow the web request. See Allow below for details.
- block Property Map
- Instructs AWS WAF to block the web request. See Block below for details.
- captcha Property Map
- Instructs AWS WAF to run a
CAPTCHA
check against the web request. See Captcha below for details. - challenge Property Map
- Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details.
- count Property Map
- Instructs AWS WAF to count the web request and allow it. See Count below for details.
RuleGroupRuleActionAllow, RuleGroupRuleActionAllowArgs
- Custom
Request RuleHandling Group Rule Action Allow Custom Request Handling - Defines custom handling for the web request. See Custom Request Handling below for details.
- Custom
Request RuleHandling Group Rule Action Allow Custom Request Handling - Defines custom handling for the web request. See Custom Request Handling below for details.
- custom
Request RuleHandling Group Rule Action Allow Custom Request Handling - Defines custom handling for the web request. See Custom Request Handling below for details.
- custom
Request RuleHandling Group Rule Action Allow Custom Request Handling - Defines custom handling for the web request. See Custom Request Handling below for details.
- custom_
request_ Rulehandling Group Rule Action Allow Custom Request Handling - Defines custom handling for the web request. See Custom Request Handling below for details.
- custom
Request Property MapHandling - Defines custom handling for the web request. See Custom Request Handling below for details.
RuleGroupRuleActionAllowCustomRequestHandling, RuleGroupRuleActionAllowCustomRequestHandlingArgs
- Insert
Headers List<RuleGroup Rule Action Allow Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
- Insert
Headers []RuleGroup Rule Action Allow Custom Request Handling Insert Header - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
- insert
Headers List<RuleGroup Rule Action Allow Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
- insert
Headers RuleGroup Rule Action Allow Custom Request Handling Insert Header[] - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
- insert_
headers Sequence[RuleGroup Rule Action Allow Custom Request Handling Insert Header] - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
- insert
Headers List<Property Map> - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader, RuleGroupRuleActionAllowCustomRequestHandlingInsertHeaderArgs
RuleGroupRuleActionBlock, RuleGroupRuleActionBlockArgs
- Custom
Response RuleGroup Rule Action Block Custom Response - Defines a custom response for the web request. See Custom Response below for details.
- Custom
Response RuleGroup Rule Action Block Custom Response - Defines a custom response for the web request. See Custom Response below for details.
- custom
Response RuleGroup Rule Action Block Custom Response - Defines a custom response for the web request. See Custom Response below for details.
- custom
Response RuleGroup Rule Action Block Custom Response - Defines a custom response for the web request. See Custom Response below for details.
- custom_
response RuleGroup Rule Action Block Custom Response - Defines a custom response for the web request. See Custom Response below for details.
- custom
Response Property Map - Defines a custom response for the web request. See Custom Response below for details.
RuleGroupRuleActionBlockCustomResponse, RuleGroupRuleActionBlockCustomResponseArgs
- Response
Code int - The HTTP status code to return to the client.
- Custom
Response stringBody Key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - Response
Headers List<RuleGroup Rule Action Block Custom Response Response Header> - The
response_header
blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.
- Response
Code int - The HTTP status code to return to the client.
- Custom
Response stringBody Key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - Response
Headers []RuleGroup Rule Action Block Custom Response Response Header - The
response_header
blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.
- response
Code Integer - The HTTP status code to return to the client.
- custom
Response StringBody Key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - response
Headers List<RuleGroup Rule Action Block Custom Response Response Header> - The
response_header
blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.
- response
Code number - The HTTP status code to return to the client.
- custom
Response stringBody Key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - response
Headers RuleGroup Rule Action Block Custom Response Response Header[] - The
response_header
blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.
- response_
code int - The HTTP status code to return to the client.
- custom_
response_ strbody_ key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - response_
headers Sequence[RuleGroup Rule Action Block Custom Response Response Header] - The
response_header
blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.
- response
Code Number - The HTTP status code to return to the client.
- custom
Response StringBody Key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - response
Headers List<Property Map> - The
response_header
blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.
RuleGroupRuleActionBlockCustomResponseResponseHeader, RuleGroupRuleActionBlockCustomResponseResponseHeaderArgs
RuleGroupRuleActionCaptcha, RuleGroupRuleActionCaptchaArgs
- Custom
Request RuleHandling Group Rule Action Captcha Custom Request Handling - Defines custom handling for the web request. See Custom Request Handling below for details.
- Custom
Request RuleHandling Group Rule Action Captcha Custom Request Handling - Defines custom handling for the web request. See Custom Request Handling below for details.
- custom
Request RuleHandling Group Rule Action Captcha Custom Request Handling - Defines custom handling for the web request. See Custom Request Handling below for details.
- custom
Request RuleHandling Group Rule Action Captcha Custom Request Handling - Defines custom handling for the web request. See Custom Request Handling below for details.
- custom_
request_ Rulehandling Group Rule Action Captcha Custom Request Handling - Defines custom handling for the web request. See Custom Request Handling below for details.
- custom
Request Property MapHandling - Defines custom handling for the web request. See Custom Request Handling below for details.
RuleGroupRuleActionCaptchaCustomRequestHandling, RuleGroupRuleActionCaptchaCustomRequestHandlingArgs
- Insert
Headers List<RuleGroup Rule Action Captcha Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
- Insert
Headers []RuleGroup Rule Action Captcha Custom Request Handling Insert Header - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
- insert
Headers List<RuleGroup Rule Action Captcha Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
- insert
Headers RuleGroup Rule Action Captcha Custom Request Handling Insert Header[] - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
- insert_
headers Sequence[RuleGroup Rule Action Captcha Custom Request Handling Insert Header] - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
- insert
Headers List<Property Map> - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader, RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeaderArgs
RuleGroupRuleActionChallenge, RuleGroupRuleActionChallengeArgs
- Custom
Request RuleHandling Group Rule Action Challenge Custom Request Handling - Defines custom handling for the web request. See Custom Request Handling below for details.
- Custom
Request RuleHandling Group Rule Action Challenge Custom Request Handling - Defines custom handling for the web request. See Custom Request Handling below for details.
- custom
Request RuleHandling Group Rule Action Challenge Custom Request Handling - Defines custom handling for the web request. See Custom Request Handling below for details.
- custom
Request RuleHandling Group Rule Action Challenge Custom Request Handling - Defines custom handling for the web request. See Custom Request Handling below for details.
- custom_
request_ Rulehandling Group Rule Action Challenge Custom Request Handling - Defines custom handling for the web request. See Custom Request Handling below for details.
- custom
Request Property MapHandling - Defines custom handling for the web request. See Custom Request Handling below for details.
RuleGroupRuleActionChallengeCustomRequestHandling, RuleGroupRuleActionChallengeCustomRequestHandlingArgs
- Insert
Headers List<RuleGroup Rule Action Challenge Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
- Insert
Headers []RuleGroup Rule Action Challenge Custom Request Handling Insert Header - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
- insert
Headers List<RuleGroup Rule Action Challenge Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
- insert
Headers RuleGroup Rule Action Challenge Custom Request Handling Insert Header[] - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
- insert_
headers Sequence[RuleGroup Rule Action Challenge Custom Request Handling Insert Header] - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
- insert
Headers List<Property Map> - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
RuleGroupRuleActionChallengeCustomRequestHandlingInsertHeader, RuleGroupRuleActionChallengeCustomRequestHandlingInsertHeaderArgs
RuleGroupRuleActionCount, RuleGroupRuleActionCountArgs
- Custom
Request RuleHandling Group Rule Action Count Custom Request Handling - Defines custom handling for the web request. See Custom Request Handling below for details.
- Custom
Request RuleHandling Group Rule Action Count Custom Request Handling - Defines custom handling for the web request. See Custom Request Handling below for details.
- custom
Request RuleHandling Group Rule Action Count Custom Request Handling - Defines custom handling for the web request. See Custom Request Handling below for details.
- custom
Request RuleHandling Group Rule Action Count Custom Request Handling - Defines custom handling for the web request. See Custom Request Handling below for details.
- custom_
request_ Rulehandling Group Rule Action Count Custom Request Handling - Defines custom handling for the web request. See Custom Request Handling below for details.
- custom
Request Property MapHandling - Defines custom handling for the web request. See Custom Request Handling below for details.
RuleGroupRuleActionCountCustomRequestHandling, RuleGroupRuleActionCountCustomRequestHandlingArgs
- Insert
Headers List<RuleGroup Rule Action Count Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
- Insert
Headers []RuleGroup Rule Action Count Custom Request Handling Insert Header - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
- insert
Headers List<RuleGroup Rule Action Count Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
- insert
Headers RuleGroup Rule Action Count Custom Request Handling Insert Header[] - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
- insert_
headers Sequence[RuleGroup Rule Action Count Custom Request Handling Insert Header] - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
- insert
Headers List<Property Map> - The
insert_header
blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
RuleGroupRuleActionCountCustomRequestHandlingInsertHeader, RuleGroupRuleActionCountCustomRequestHandlingInsertHeaderArgs
RuleGroupRuleCaptchaConfig, RuleGroupRuleCaptchaConfigArgs
- Immunity
Time RuleProperty Group Rule Captcha Config Immunity Time Property - Defines custom immunity time. See Immunity Time Property below for details.
- Immunity
Time RuleProperty Group Rule Captcha Config Immunity Time Property - Defines custom immunity time. See Immunity Time Property below for details.
- immunity
Time RuleProperty Group Rule Captcha Config Immunity Time Property - Defines custom immunity time. See Immunity Time Property below for details.
- immunity
Time RuleProperty Group Rule Captcha Config Immunity Time Property - Defines custom immunity time. See Immunity Time Property below for details.
- immunity_
time_ Ruleproperty Group Rule Captcha Config Immunity Time Property - Defines custom immunity time. See Immunity Time Property below for details.
- immunity
Time Property MapProperty - Defines custom immunity time. See Immunity Time Property below for details.
RuleGroupRuleCaptchaConfigImmunityTimeProperty, RuleGroupRuleCaptchaConfigImmunityTimePropertyArgs
- Immunity
Time int - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- Immunity
Time int - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity
Time Integer - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity
Time number - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity_
time int - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity
Time Number - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
RuleGroupRuleRuleLabel, RuleGroupRuleRuleLabelArgs
- Name string
- The label string.
- Name string
- The label string.
- name String
- The label string.
- name string
- The label string.
- name str
- The label string.
- name String
- The label string.
RuleGroupRuleStatement, RuleGroupRuleStatementArgs
- And
Statement RuleGroup Rule Statement And Statement - A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
- Byte
Match RuleStatement Group Rule Statement Byte Match Statement - A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
- Geo
Match RuleStatement Group Rule Statement Geo Match Statement - A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
- Ip
Set RuleReference Statement Group Rule Statement Ip Set Reference Statement - A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- Label
Match RuleStatement Group Rule Statement Label Match Statement - A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
- Not
Statement RuleGroup Rule Statement Not Statement - A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
- Or
Statement RuleGroup Rule Statement Or Statement - A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
- Rate
Based RuleStatement Group Rule Statement Rate Based Statement - A rate-based rule tracks the rate of requests for each originating
IP address
, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any5-minute
time span. This statement can not be nested. See Rate Based Statement below for details. - Regex
Match RuleStatement Group Rule Statement Regex Match Statement - A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
- Regex
Pattern RuleSet Reference Statement Group Rule Statement Regex Pattern Set Reference Statement - A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- Size
Constraint RuleStatement Group Rule Statement Size Constraint Statement - A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
- Sqli
Match RuleStatement Group Rule Statement Sqli Match Statement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
- Xss
Match RuleStatement Group Rule Statement Xss Match Statement - A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
- And
Statement RuleGroup Rule Statement And Statement - A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
- Byte
Match RuleStatement Group Rule Statement Byte Match Statement - A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
- Geo
Match RuleStatement Group Rule Statement Geo Match Statement - A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
- Ip
Set RuleReference Statement Group Rule Statement Ip Set Reference Statement - A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- Label
Match RuleStatement Group Rule Statement Label Match Statement - A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
- Not
Statement RuleGroup Rule Statement Not Statement - A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
- Or
Statement RuleGroup Rule Statement Or Statement - A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
- Rate
Based RuleStatement Group Rule Statement Rate Based Statement - A rate-based rule tracks the rate of requests for each originating
IP address
, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any5-minute
time span. This statement can not be nested. See Rate Based Statement below for details. - Regex
Match RuleStatement Group Rule Statement Regex Match Statement - A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
- Regex
Pattern RuleSet Reference Statement Group Rule Statement Regex Pattern Set Reference Statement - A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- Size
Constraint RuleStatement Group Rule Statement Size Constraint Statement - A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
- Sqli
Match RuleStatement Group Rule Statement Sqli Match Statement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
- Xss
Match RuleStatement Group Rule Statement Xss Match Statement - A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
- and
Statement RuleGroup Rule Statement And Statement - A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
- byte
Match RuleStatement Group Rule Statement Byte Match Statement - A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
- geo
Match RuleStatement Group Rule Statement Geo Match Statement - A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
- ip
Set RuleReference Statement Group Rule Statement Ip Set Reference Statement - A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label
Match RuleStatement Group Rule Statement Label Match Statement - A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
- not
Statement RuleGroup Rule Statement Not Statement - A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
- or
Statement RuleGroup Rule Statement Or Statement - A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
- rate
Based RuleStatement Group Rule Statement Rate Based Statement - A rate-based rule tracks the rate of requests for each originating
IP address
, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any5-minute
time span. This statement can not be nested. See Rate Based Statement below for details. - regex
Match RuleStatement Group Rule Statement Regex Match Statement - A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
- regex
Pattern RuleSet Reference Statement Group Rule Statement Regex Pattern Set Reference Statement - A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- size
Constraint RuleStatement Group Rule Statement Size Constraint Statement - A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
- sqli
Match RuleStatement Group Rule Statement Sqli Match Statement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
- xss
Match RuleStatement Group Rule Statement Xss Match Statement - A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
- and
Statement RuleGroup Rule Statement And Statement - A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
- byte
Match RuleStatement Group Rule Statement Byte Match Statement - A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
- geo
Match RuleStatement Group Rule Statement Geo Match Statement - A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
- ip
Set RuleReference Statement Group Rule Statement Ip Set Reference Statement - A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label
Match RuleStatement Group Rule Statement Label Match Statement - A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
- not
Statement RuleGroup Rule Statement Not Statement - A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
- or
Statement RuleGroup Rule Statement Or Statement - A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
- rate
Based RuleStatement Group Rule Statement Rate Based Statement - A rate-based rule tracks the rate of requests for each originating
IP address
, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any5-minute
time span. This statement can not be nested. See Rate Based Statement below for details. - regex
Match RuleStatement Group Rule Statement Regex Match Statement - A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
- regex
Pattern RuleSet Reference Statement Group Rule Statement Regex Pattern Set Reference Statement - A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- size
Constraint RuleStatement Group Rule Statement Size Constraint Statement - A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
- sqli
Match RuleStatement Group Rule Statement Sqli Match Statement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
- xss
Match RuleStatement Group Rule Statement Xss Match Statement - A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
- and_
statement RuleGroup Rule Statement And Statement - A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
- byte_
match_ Rulestatement Group Rule Statement Byte Match Statement - A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
- geo_
match_ Rulestatement Group Rule Statement Geo Match Statement - A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
- ip_
set_ Rulereference_ statement Group Rule Statement Ip Set Reference Statement - A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label_
match_ Rulestatement Group Rule Statement Label Match Statement - A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
- not_
statement RuleGroup Rule Statement Not Statement - A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
- or_
statement RuleGroup Rule Statement Or Statement - A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
- rate_
based_ Rulestatement Group Rule Statement Rate Based Statement - A rate-based rule tracks the rate of requests for each originating
IP address
, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any5-minute
time span. This statement can not be nested. See Rate Based Statement below for details. - regex_
match_ Rulestatement Group Rule Statement Regex Match Statement - A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
- regex_
pattern_ Ruleset_ reference_ statement Group Rule Statement Regex Pattern Set Reference Statement - A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- size_
constraint_ Rulestatement Group Rule Statement Size Constraint Statement - A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
- sqli_
match_ Rulestatement Group Rule Statement Sqli Match Statement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
- xss_
match_ Rulestatement Group Rule Statement Xss Match Statement - A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
- and
Statement Property Map - A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
- byte
Match Property MapStatement - A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
- geo
Match Property MapStatement - A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
- ip
Set Property MapReference Statement - A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label
Match Property MapStatement - A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
- not
Statement Property Map - A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
- or
Statement Property Map - A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
- rate
Based Property MapStatement - A rate-based rule tracks the rate of requests for each originating
IP address
, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any5-minute
time span. This statement can not be nested. See Rate Based Statement below for details. - regex
Match Property MapStatement - A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
- regex
Pattern Property MapSet Reference Statement - A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- size
Constraint Property MapStatement - A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
- sqli
Match Property MapStatement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
- xss
Match Property MapStatement - A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
RuleGroupRuleStatementAndStatement, RuleGroupRuleStatementAndStatementArgs
- Statements
List<Rule
Group Rule Statement> - The statements to combine.
- Statements
[]Rule
Group Rule Statement - The statements to combine.
- statements
List<Rule
Group Rule Statement> - The statements to combine.
- statements
Rule
Group Rule Statement[] - The statements to combine.
- statements
Sequence[Rule
Group Rule Statement] - The statements to combine.
- statements List<Property Map>
- The statements to combine.
RuleGroupRuleStatementByteMatchStatement, RuleGroupRuleStatementByteMatchStatementArgs
- Positional
Constraint string - The area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - Search
String string - A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - Text
Transformations List<RuleGroup Rule Statement Byte Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Byte Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- Positional
Constraint string - The area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - Search
String string - A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - Text
Transformations []RuleGroup Rule Statement Byte Match Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Byte Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- positional
Constraint String - The area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - search
String String - A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - text
Transformations List<RuleGroup Rule Statement Byte Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Byte Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- positional
Constraint string - The area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - search
String string - A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - text
Transformations RuleGroup Rule Statement Byte Match Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Byte Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- positional_
constraint str - The area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - search_
string str - A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - text_
transformations Sequence[RuleGroup Rule Statement Byte Match Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field_
to_ Rulematch Group Rule Statement Byte Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- positional
Constraint String - The area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - search
String String - A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To Property MapMatch - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
RuleGroupRuleStatementByteMatchStatementFieldToMatch, RuleGroupRuleStatementByteMatchStatementFieldToMatchArgs
- All
Query RuleArguments Group Rule Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Byte Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Byte Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders List<RuleGroup Rule Statement Byte Match Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- Headers
List<Rule
Group Rule Statement Byte Match Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Byte Match Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Byte Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Byte Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- All
Query RuleArguments Group Rule Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Byte Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Byte Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders []RuleGroup Rule Statement Byte Match Statement Field To Match Header Order - Inspect the request headers. See Header Order below for details.
- Headers
[]Rule
Group Rule Statement Byte Match Statement Field To Match Header - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Byte Match Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Byte Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Byte Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Byte Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Byte Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<RuleGroup Rule Statement Byte Match Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- headers
List<Rule
Group Rule Statement Byte Match Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Byte Match Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Byte Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Byte Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Byte Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Byte Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders RuleGroup Rule Statement Byte Match Statement Field To Match Header Order[] - Inspect the request headers. See Header Order below for details.
- headers
Rule
Group Rule Statement Byte Match Statement Field To Match Header[] - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Byte Match Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Byte Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Byte Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all_
query_ Rulearguments Group Rule Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Byte Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Byte Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header_
orders Sequence[RuleGroup Rule Statement Byte Match Statement Field To Match Header Order] - Inspect the request headers. See Header Order below for details.
- headers
Sequence[Rule
Group Rule Statement Byte Match Statement Field To Match Header] - Inspect the request headers. See Headers below for details.
- ja3_
fingerprint RuleGroup Rule Statement Byte Match Statement Field To Match Ja3Fingerprint - json_
body RuleGroup Rule Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Byte Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query_
string RuleGroup Rule Statement Byte Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single_
header RuleGroup Rule Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single_
query_ Ruleargument Group Rule Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri_
path RuleGroup Rule Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body, which immediately follows the request headers.
- Property Map
- Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<Property Map> - Inspect the request headers. See Header Order below for details.
- headers List<Property Map>
- Inspect the request headers. See Headers below for details.
- ja3Fingerprint Property Map
- json
Body Property Map - Inspect the request body as JSON. See JSON Body for details.
- method Property Map
- Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String Property Map - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header Property Map - Inspect a single header. See Single Header below for details.
- single
Query Property MapArgument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path Property Map - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
RuleGroupRuleStatementByteMatchStatementFieldToMatchBody, RuleGroupRuleStatementByteMatchStatementFieldToMatchBodyArgs
- Oversize
Handling string
- Oversize
Handling string
- oversize
Handling String
- oversize
Handling string
- oversize
Handling String
RuleGroupRuleStatementByteMatchStatementFieldToMatchCookies, RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesArgs
- Match
Patterns List<RuleGroup Rule Statement Byte Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- Match
Patterns []RuleGroup Rule Statement Byte Match Statement Field To Match Cookies Match Pattern - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<RuleGroup Rule Statement Byte Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns RuleGroup Rule Statement Byte Match Statement Field To Match Cookies Match Pattern[] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match_
patterns Sequence[RuleGroup Rule Statement Byte Match Statement Field To Match Cookies Match Pattern] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match_
scope str - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize_
handling str - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<Property Map> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs
- All
Rule
Group Rule Statement Byte Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<string>
- List<string>
- All
Rule
Group Rule Statement Byte Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- []string
- []string
- all
Rule
Group Rule Statement Byte Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
- all
Rule
Group Rule Statement Byte Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- string[]
- string[]
- all
Rule
Group Rule Statement Byte Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Sequence[str]
- Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
RuleGroupRuleStatementByteMatchStatementFieldToMatchHeader, RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderArgs
- Match
Pattern RuleGroup Rule Statement Byte Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Match
Pattern RuleGroup Rule Statement Byte Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Byte Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Byte Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match_
pattern RuleGroup Rule Statement Byte Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match_
scope str - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern Property Map - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs
- All
Rule
Group Rule Statement Byte Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers List<string> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers List<string> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- All
Rule
Group Rule Statement Byte Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers []string - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers []string - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Byte Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Byte Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers string[] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers string[] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Byte Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded_
headers Sequence[str] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included_
headers Sequence[str] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementByteMatchStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string
- Fallback
Behavior string
- fallback
Behavior String
- fallback
Behavior string
- fallback
Behavior String
RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBody, RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyArgs
- Match
Pattern RuleGroup Rule Statement Byte Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- Match
Pattern RuleGroup Rule Statement Byte Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern RuleGroup Rule Statement Byte Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern RuleGroup Rule Statement Byte Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match_
pattern RuleGroup Rule Statement Byte Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match_
scope str - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid_
fallback_ strbehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize_
handling str - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern Property Map - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Rule
Group Rule Statement Byte Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths List<string>
- All
Rule
Group Rule Statement Byte Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths []string
- all
Rule
Group Rule Statement Byte Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
- all
Rule
Group Rule Statement Byte Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths string[]
- all
Rule
Group Rule Statement Byte Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included_
paths Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeader, RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeaderArgs
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
RuleGroupRuleStatementByteMatchStatementTextTransformation, RuleGroupRuleStatementByteMatchStatementTextTransformationArgs
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
RuleGroupRuleStatementGeoMatchStatement, RuleGroupRuleStatementGeoMatchStatementArgs
- Country
Codes List<string> - An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - Forwarded
Ip RuleConfig Group Rule Statement Geo Match Statement Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
- Country
Codes []string - An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - Forwarded
Ip RuleConfig Group Rule Statement Geo Match Statement Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
- country
Codes List<String> - An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - forwarded
Ip RuleConfig Group Rule Statement Geo Match Statement Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
- country
Codes string[] - An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - forwarded
Ip RuleConfig Group Rule Statement Geo Match Statement Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
- country_
codes Sequence[str] - An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - forwarded_
ip_ Ruleconfig Group Rule Statement Geo Match Statement Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
- country
Codes List<String> - An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - forwarded
Ip Property MapConfig - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
RuleGroupRuleStatementGeoMatchStatementForwardedIpConfig, RuleGroupRuleStatementGeoMatchStatementForwardedIpConfigArgs
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - Header
Name string - The name of the HTTP header to use for the IP address.
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - Header
Name string - The name of the HTTP header to use for the IP address.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name String - The name of the HTTP header to use for the IP address.
- fallback
Behavior string - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name string - The name of the HTTP header to use for the IP address.
- fallback_
behavior str - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header_
name str - The name of the HTTP header to use for the IP address.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name String - The name of the HTTP header to use for the IP address.
RuleGroupRuleStatementIpSetReferenceStatement, RuleGroupRuleStatementIpSetReferenceStatementArgs
- Arn string
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- Ip
Set RuleForwarded Ip Config Group Rule Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
- Arn string
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- Ip
Set RuleForwarded Ip Config Group Rule Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
- arn String
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- ip
Set RuleForwarded Ip Config Group Rule Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
- arn string
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- ip
Set RuleForwarded Ip Config Group Rule Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
- arn str
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- ip_
set_ Ruleforwarded_ ip_ config Group Rule Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
- arn String
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- ip
Set Property MapForwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig, RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - Header
Name string - The name of the HTTP header to use for the IP address.
- Position string
- The position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - Header
Name string - The name of the HTTP header to use for the IP address.
- Position string
- The position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name String - The name of the HTTP header to use for the IP address.
- position String
- The position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- fallback
Behavior string - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name string - The name of the HTTP header to use for the IP address.
- position string
- The position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- fallback_
behavior str - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header_
name str - The name of the HTTP header to use for the IP address.
- position str
- The position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name String - The name of the HTTP header to use for the IP address.
- position String
- The position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
RuleGroupRuleStatementLabelMatchStatement, RuleGroupRuleStatementLabelMatchStatementArgs
RuleGroupRuleStatementNotStatement, RuleGroupRuleStatementNotStatementArgs
- Statements
List<Rule
Group Rule Statement> - The statements to combine.
- Statements
[]Rule
Group Rule Statement - The statements to combine.
- statements
List<Rule
Group Rule Statement> - The statements to combine.
- statements
Rule
Group Rule Statement[] - The statements to combine.
- statements
Sequence[Rule
Group Rule Statement] - The statements to combine.
- statements List<Property Map>
- The statements to combine.
RuleGroupRuleStatementOrStatement, RuleGroupRuleStatementOrStatementArgs
- Statements
List<Rule
Group Rule Statement> - The statements to combine.
- Statements
[]Rule
Group Rule Statement - The statements to combine.
- statements
List<Rule
Group Rule Statement> - The statements to combine.
- statements
Rule
Group Rule Statement[] - The statements to combine.
- statements
Sequence[Rule
Group Rule Statement] - The statements to combine.
- statements List<Property Map>
- The statements to combine.
RuleGroupRuleStatementRateBasedStatement, RuleGroupRuleStatementRateBasedStatementArgs
- Limit int
- The limit on requests per 5-minute period for a single originating IP address.
- Aggregate
Key stringType - Setting that indicates how to aggregate the request counts. Valid values include:
CONSTANT
,CUSTOM_KEYS
,FORWARDED_IP
orIP
. Default:IP
. - Custom
Keys List<RuleGroup Rule Statement Rate Based Statement Custom Key> - Aggregate the request counts using one or more web request components as the aggregate keys. See
custom_key
below for details. - Evaluation
Window intSec The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are
60
,120
,300
, and600
. Defaults to300
(5 minutes).NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.
- Forwarded
Ip RuleConfig Group Rule Statement Rate Based Statement Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If
aggregate_key_type
is set toFORWARDED_IP
, this block is required. See Forwarded IP Config below for details. - Scope
Down RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement - An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See Statement above for details. If
aggregate_key_type
is set toCONSTANT
, this block is required.
- Limit int
- The limit on requests per 5-minute period for a single originating IP address.
- Aggregate
Key stringType - Setting that indicates how to aggregate the request counts. Valid values include:
CONSTANT
,CUSTOM_KEYS
,FORWARDED_IP
orIP
. Default:IP
. - Custom
Keys []RuleGroup Rule Statement Rate Based Statement Custom Key - Aggregate the request counts using one or more web request components as the aggregate keys. See
custom_key
below for details. - Evaluation
Window intSec The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are
60
,120
,300
, and600
. Defaults to300
(5 minutes).NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.
- Forwarded
Ip RuleConfig Group Rule Statement Rate Based Statement Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If
aggregate_key_type
is set toFORWARDED_IP
, this block is required. See Forwarded IP Config below for details. - Scope
Down RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement - An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See Statement above for details. If
aggregate_key_type
is set toCONSTANT
, this block is required.
- limit Integer
- The limit on requests per 5-minute period for a single originating IP address.
- aggregate
Key StringType - Setting that indicates how to aggregate the request counts. Valid values include:
CONSTANT
,CUSTOM_KEYS
,FORWARDED_IP
orIP
. Default:IP
. - custom
Keys List<RuleGroup Rule Statement Rate Based Statement Custom Key> - Aggregate the request counts using one or more web request components as the aggregate keys. See
custom_key
below for details. - evaluation
Window IntegerSec The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are
60
,120
,300
, and600
. Defaults to300
(5 minutes).NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.
- forwarded
Ip RuleConfig Group Rule Statement Rate Based Statement Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If
aggregate_key_type
is set toFORWARDED_IP
, this block is required. See Forwarded IP Config below for details. - scope
Down RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement - An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See Statement above for details. If
aggregate_key_type
is set toCONSTANT
, this block is required.
- limit number
- The limit on requests per 5-minute period for a single originating IP address.
- aggregate
Key stringType - Setting that indicates how to aggregate the request counts. Valid values include:
CONSTANT
,CUSTOM_KEYS
,FORWARDED_IP
orIP
. Default:IP
. - custom
Keys RuleGroup Rule Statement Rate Based Statement Custom Key[] - Aggregate the request counts using one or more web request components as the aggregate keys. See
custom_key
below for details. - evaluation
Window numberSec The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are
60
,120
,300
, and600
. Defaults to300
(5 minutes).NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.
- forwarded
Ip RuleConfig Group Rule Statement Rate Based Statement Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If
aggregate_key_type
is set toFORWARDED_IP
, this block is required. See Forwarded IP Config below for details. - scope
Down RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement - An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See Statement above for details. If
aggregate_key_type
is set toCONSTANT
, this block is required.
- limit int
- The limit on requests per 5-minute period for a single originating IP address.
- aggregate_
key_ strtype - Setting that indicates how to aggregate the request counts. Valid values include:
CONSTANT
,CUSTOM_KEYS
,FORWARDED_IP
orIP
. Default:IP
. - custom_
keys Sequence[RuleGroup Rule Statement Rate Based Statement Custom Key] - Aggregate the request counts using one or more web request components as the aggregate keys. See
custom_key
below for details. - evaluation_
window_ intsec The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are
60
,120
,300
, and600
. Defaults to300
(5 minutes).NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.
- forwarded_
ip_ Ruleconfig Group Rule Statement Rate Based Statement Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If
aggregate_key_type
is set toFORWARDED_IP
, this block is required. See Forwarded IP Config below for details. - scope_
down_ Rulestatement Group Rule Statement Rate Based Statement Scope Down Statement - An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See Statement above for details. If
aggregate_key_type
is set toCONSTANT
, this block is required.
- limit Number
- The limit on requests per 5-minute period for a single originating IP address.
- aggregate
Key StringType - Setting that indicates how to aggregate the request counts. Valid values include:
CONSTANT
,CUSTOM_KEYS
,FORWARDED_IP
orIP
. Default:IP
. - custom
Keys List<Property Map> - Aggregate the request counts using one or more web request components as the aggregate keys. See
custom_key
below for details. - evaluation
Window NumberSec The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are
60
,120
,300
, and600
. Defaults to300
(5 minutes).NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.
- forwarded
Ip Property MapConfig - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If
aggregate_key_type
is set toFORWARDED_IP
, this block is required. See Forwarded IP Config below for details. - scope
Down Property MapStatement - An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See Statement above for details. If
aggregate_key_type
is set toCONSTANT
, this block is required.
RuleGroupRuleStatementRateBasedStatementCustomKey, RuleGroupRuleStatementRateBasedStatementCustomKeyArgs
- Rule
Group Rule Statement Rate Based Statement Custom Key Cookie - (Optional) Use the value of a cookie in the request as an aggregate key. See RateLimit
cookie
below for details. - Forwarded
Ip RuleGroup Rule Statement Rate Based Statement Custom Key Forwarded Ip - (Optional) Use the first IP address in an HTTP header as an aggregate key. See
forwarded_ip
below for details. - Header
Rule
Group Rule Statement Rate Based Statement Custom Key Header - (Optional) Use the value of a header in the request as an aggregate key. See RateLimit
header
below for details. - Http
Method RuleGroup Rule Statement Rate Based Statement Custom Key Http Method - (Optional) Use the request's HTTP method as an aggregate key. See RateLimit
http_method
below for details. - Ip
Rule
Group Rule Statement Rate Based Statement Custom Key Ip - (Optional) Use the request's originating IP address as an aggregate key. See
RateLimit ip
below for details. - Label
Namespace RuleGroup Rule Statement Rate Based Statement Custom Key Label Namespace - (Optional) Use the specified label namespace as an aggregate key. See RateLimit
label_namespace
below for details. - Query
Argument RuleGroup Rule Statement Rate Based Statement Custom Key Query Argument - (Optional) Use the specified query argument as an aggregate key. See RateLimit
query_argument
below for details. - Query
String RuleGroup Rule Statement Rate Based Statement Custom Key Query String - (Optional) Use the request's query string as an aggregate key. See RateLimit
query_string
below for details. - Uri
Path RuleGroup Rule Statement Rate Based Statement Custom Key Uri Path - (Optional) Use the request's URI path as an aggregate key. See RateLimit
uri_path
below for details.
- Rule
Group Rule Statement Rate Based Statement Custom Key Cookie - (Optional) Use the value of a cookie in the request as an aggregate key. See RateLimit
cookie
below for details. - Forwarded
Ip RuleGroup Rule Statement Rate Based Statement Custom Key Forwarded Ip - (Optional) Use the first IP address in an HTTP header as an aggregate key. See
forwarded_ip
below for details. - Header
Rule
Group Rule Statement Rate Based Statement Custom Key Header - (Optional) Use the value of a header in the request as an aggregate key. See RateLimit
header
below for details. - Http
Method RuleGroup Rule Statement Rate Based Statement Custom Key Http Method - (Optional) Use the request's HTTP method as an aggregate key. See RateLimit
http_method
below for details. - Ip
Rule
Group Rule Statement Rate Based Statement Custom Key Ip - (Optional) Use the request's originating IP address as an aggregate key. See
RateLimit ip
below for details. - Label
Namespace RuleGroup Rule Statement Rate Based Statement Custom Key Label Namespace - (Optional) Use the specified label namespace as an aggregate key. See RateLimit
label_namespace
below for details. - Query
Argument RuleGroup Rule Statement Rate Based Statement Custom Key Query Argument - (Optional) Use the specified query argument as an aggregate key. See RateLimit
query_argument
below for details. - Query
String RuleGroup Rule Statement Rate Based Statement Custom Key Query String - (Optional) Use the request's query string as an aggregate key. See RateLimit
query_string
below for details. - Uri
Path RuleGroup Rule Statement Rate Based Statement Custom Key Uri Path - (Optional) Use the request's URI path as an aggregate key. See RateLimit
uri_path
below for details.
- Rule
Group Rule Statement Rate Based Statement Custom Key Cookie - (Optional) Use the value of a cookie in the request as an aggregate key. See RateLimit
cookie
below for details. - forwarded
Ip RuleGroup Rule Statement Rate Based Statement Custom Key Forwarded Ip - (Optional) Use the first IP address in an HTTP header as an aggregate key. See
forwarded_ip
below for details. - header
Rule
Group Rule Statement Rate Based Statement Custom Key Header - (Optional) Use the value of a header in the request as an aggregate key. See RateLimit
header
below for details. - http
Method RuleGroup Rule Statement Rate Based Statement Custom Key Http Method - (Optional) Use the request's HTTP method as an aggregate key. See RateLimit
http_method
below for details. - ip
Rule
Group Rule Statement Rate Based Statement Custom Key Ip - (Optional) Use the request's originating IP address as an aggregate key. See
RateLimit ip
below for details. - label
Namespace RuleGroup Rule Statement Rate Based Statement Custom Key Label Namespace - (Optional) Use the specified label namespace as an aggregate key. See RateLimit
label_namespace
below for details. - query
Argument RuleGroup Rule Statement Rate Based Statement Custom Key Query Argument - (Optional) Use the specified query argument as an aggregate key. See RateLimit
query_argument
below for details. - query
String RuleGroup Rule Statement Rate Based Statement Custom Key Query String - (Optional) Use the request's query string as an aggregate key. See RateLimit
query_string
below for details. - uri
Path RuleGroup Rule Statement Rate Based Statement Custom Key Uri Path - (Optional) Use the request's URI path as an aggregate key. See RateLimit
uri_path
below for details.
- Rule
Group Rule Statement Rate Based Statement Custom Key Cookie - (Optional) Use the value of a cookie in the request as an aggregate key. See RateLimit
cookie
below for details. - forwarded
Ip RuleGroup Rule Statement Rate Based Statement Custom Key Forwarded Ip - (Optional) Use the first IP address in an HTTP header as an aggregate key. See
forwarded_ip
below for details. - header
Rule
Group Rule Statement Rate Based Statement Custom Key Header - (Optional) Use the value of a header in the request as an aggregate key. See RateLimit
header
below for details. - http
Method RuleGroup Rule Statement Rate Based Statement Custom Key Http Method - (Optional) Use the request's HTTP method as an aggregate key. See RateLimit
http_method
below for details. - ip
Rule
Group Rule Statement Rate Based Statement Custom Key Ip - (Optional) Use the request's originating IP address as an aggregate key. See
RateLimit ip
below for details. - label
Namespace RuleGroup Rule Statement Rate Based Statement Custom Key Label Namespace - (Optional) Use the specified label namespace as an aggregate key. See RateLimit
label_namespace
below for details. - query
Argument RuleGroup Rule Statement Rate Based Statement Custom Key Query Argument - (Optional) Use the specified query argument as an aggregate key. See RateLimit
query_argument
below for details. - query
String RuleGroup Rule Statement Rate Based Statement Custom Key Query String - (Optional) Use the request's query string as an aggregate key. See RateLimit
query_string
below for details. - uri
Path RuleGroup Rule Statement Rate Based Statement Custom Key Uri Path - (Optional) Use the request's URI path as an aggregate key. See RateLimit
uri_path
below for details.
- Rule
Group Rule Statement Rate Based Statement Custom Key Cookie - (Optional) Use the value of a cookie in the request as an aggregate key. See RateLimit
cookie
below for details. - forwarded_
ip RuleGroup Rule Statement Rate Based Statement Custom Key Forwarded Ip - (Optional) Use the first IP address in an HTTP header as an aggregate key. See
forwarded_ip
below for details. - header
Rule
Group Rule Statement Rate Based Statement Custom Key Header - (Optional) Use the value of a header in the request as an aggregate key. See RateLimit
header
below for details. - http_
method RuleGroup Rule Statement Rate Based Statement Custom Key Http Method - (Optional) Use the request's HTTP method as an aggregate key. See RateLimit
http_method
below for details. - ip
Rule
Group Rule Statement Rate Based Statement Custom Key Ip - (Optional) Use the request's originating IP address as an aggregate key. See
RateLimit ip
below for details. - label_
namespace RuleGroup Rule Statement Rate Based Statement Custom Key Label Namespace - (Optional) Use the specified label namespace as an aggregate key. See RateLimit
label_namespace
below for details. - query_
argument RuleGroup Rule Statement Rate Based Statement Custom Key Query Argument - (Optional) Use the specified query argument as an aggregate key. See RateLimit
query_argument
below for details. - query_
string RuleGroup Rule Statement Rate Based Statement Custom Key Query String - (Optional) Use the request's query string as an aggregate key. See RateLimit
query_string
below for details. - uri_
path RuleGroup Rule Statement Rate Based Statement Custom Key Uri Path - (Optional) Use the request's URI path as an aggregate key. See RateLimit
uri_path
below for details.
- Property Map
- (Optional) Use the value of a cookie in the request as an aggregate key. See RateLimit
cookie
below for details. - forwarded
Ip Property Map - (Optional) Use the first IP address in an HTTP header as an aggregate key. See
forwarded_ip
below for details. - header Property Map
- (Optional) Use the value of a header in the request as an aggregate key. See RateLimit
header
below for details. - http
Method Property Map - (Optional) Use the request's HTTP method as an aggregate key. See RateLimit
http_method
below for details. - ip Property Map
- (Optional) Use the request's originating IP address as an aggregate key. See
RateLimit ip
below for details. - label
Namespace Property Map - (Optional) Use the specified label namespace as an aggregate key. See RateLimit
label_namespace
below for details. - query
Argument Property Map - (Optional) Use the specified query argument as an aggregate key. See RateLimit
query_argument
below for details. - query
String Property Map - (Optional) Use the request's query string as an aggregate key. See RateLimit
query_string
below for details. - uri
Path Property Map - (Optional) Use the request's URI path as an aggregate key. See RateLimit
uri_path
below for details.
RuleGroupRuleStatementRateBasedStatementCustomKeyCookie, RuleGroupRuleStatementRateBasedStatementCustomKeyCookieArgs
- Name string
- A friendly name of the rule group.
- Text
Transformations List<RuleGroup Rule Statement Rate Based Statement Custom Key Cookie Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- Name string
- A friendly name of the rule group.
- Text
Transformations []RuleGroup Rule Statement Rate Based Statement Custom Key Cookie Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- name String
- A friendly name of the rule group.
- text
Transformations List<RuleGroup Rule Statement Rate Based Statement Custom Key Cookie Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- name string
- A friendly name of the rule group.
- text
Transformations RuleGroup Rule Statement Rate Based Statement Custom Key Cookie Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- name str
- A friendly name of the rule group.
- text_
transformations Sequence[RuleGroup Rule Statement Rate Based Statement Custom Key Cookie Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- name String
- A friendly name of the rule group.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
RuleGroupRuleStatementRateBasedStatementCustomKeyCookieTextTransformation, RuleGroupRuleStatementRateBasedStatementCustomKeyCookieTextTransformationArgs
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
RuleGroupRuleStatementRateBasedStatementCustomKeyHeader, RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderArgs
- Name string
- A friendly name of the rule group.
- Text
Transformations List<RuleGroup Rule Statement Rate Based Statement Custom Key Header Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- Name string
- A friendly name of the rule group.
- Text
Transformations []RuleGroup Rule Statement Rate Based Statement Custom Key Header Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- name String
- A friendly name of the rule group.
- text
Transformations List<RuleGroup Rule Statement Rate Based Statement Custom Key Header Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- name string
- A friendly name of the rule group.
- text
Transformations RuleGroup Rule Statement Rate Based Statement Custom Key Header Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- name str
- A friendly name of the rule group.
- text_
transformations Sequence[RuleGroup Rule Statement Rate Based Statement Custom Key Header Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- name String
- A friendly name of the rule group.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderTextTransformation, RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderTextTransformationArgs
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
RuleGroupRuleStatementRateBasedStatementCustomKeyLabelNamespace, RuleGroupRuleStatementRateBasedStatementCustomKeyLabelNamespaceArgs
- Namespace string
- The namespace to use for aggregation
- Namespace string
- The namespace to use for aggregation
- namespace String
- The namespace to use for aggregation
- namespace string
- The namespace to use for aggregation
- namespace str
- The namespace to use for aggregation
- namespace String
- The namespace to use for aggregation
RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgument, RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentArgs
- Name string
- A friendly name of the rule group.
- Text
Transformations List<RuleGroup Rule Statement Rate Based Statement Custom Key Query Argument Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- Name string
- A friendly name of the rule group.
- Text
Transformations []RuleGroup Rule Statement Rate Based Statement Custom Key Query Argument Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- name String
- A friendly name of the rule group.
- text
Transformations List<RuleGroup Rule Statement Rate Based Statement Custom Key Query Argument Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- name string
- A friendly name of the rule group.
- text
Transformations RuleGroup Rule Statement Rate Based Statement Custom Key Query Argument Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- name str
- A friendly name of the rule group.
- text_
transformations Sequence[RuleGroup Rule Statement Rate Based Statement Custom Key Query Argument Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- name String
- A friendly name of the rule group.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformation, RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformationArgs
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
RuleGroupRuleStatementRateBasedStatementCustomKeyQueryString, RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringArgs
- Text
Transformations List<RuleGroup Rule Statement Rate Based Statement Custom Key Query String Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- Text
Transformations []RuleGroup Rule Statement Rate Based Statement Custom Key Query String Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- text
Transformations List<RuleGroup Rule Statement Rate Based Statement Custom Key Query String Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- text
Transformations RuleGroup Rule Statement Rate Based Statement Custom Key Query String Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- text_
transformations Sequence[RuleGroup Rule Statement Rate Based Statement Custom Key Query String Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformation, RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformationArgs
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
RuleGroupRuleStatementRateBasedStatementCustomKeyUriPath, RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathArgs
- Text
Transformations List<RuleGroup Rule Statement Rate Based Statement Custom Key Uri Path Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- Text
Transformations []RuleGroup Rule Statement Rate Based Statement Custom Key Uri Path Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- text
Transformations List<RuleGroup Rule Statement Rate Based Statement Custom Key Uri Path Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- text
Transformations RuleGroup Rule Statement Rate Based Statement Custom Key Uri Path Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- text_
transformations Sequence[RuleGroup Rule Statement Rate Based Statement Custom Key Uri Path Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathTextTransformation, RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathTextTransformationArgs
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
RuleGroupRuleStatementRateBasedStatementForwardedIpConfig, RuleGroupRuleStatementRateBasedStatementForwardedIpConfigArgs
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - Header
Name string - The name of the HTTP header to use for the IP address.
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - Header
Name string - The name of the HTTP header to use for the IP address.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name String - The name of the HTTP header to use for the IP address.
- fallback
Behavior string - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name string - The name of the HTTP header to use for the IP address.
- fallback_
behavior str - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header_
name str - The name of the HTTP header to use for the IP address.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name String - The name of the HTTP header to use for the IP address.
RuleGroupRuleStatementRateBasedStatementScopeDownStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementArgs
- And
Statement RuleGroup Rule Statement Rate Based Statement Scope Down Statement And Statement - A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
- Byte
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement - A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
- Geo
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Geo Match Statement - A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
- Ip
Set RuleReference Statement Group Rule Statement Rate Based Statement Scope Down Statement Ip Set Reference Statement - A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- Label
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Label Match Statement - A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
- Not
Statement RuleGroup Rule Statement Rate Based Statement Scope Down Statement Not Statement - A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
- Or
Statement RuleGroup Rule Statement Rate Based Statement Scope Down Statement Or Statement - A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
- Regex
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement - A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
- Regex
Pattern RuleSet Reference Statement Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement - A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- Size
Constraint RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement - A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
- Sqli
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
- Xss
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement - A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
- And
Statement RuleGroup Rule Statement Rate Based Statement Scope Down Statement And Statement - A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
- Byte
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement - A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
- Geo
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Geo Match Statement - A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
- Ip
Set RuleReference Statement Group Rule Statement Rate Based Statement Scope Down Statement Ip Set Reference Statement - A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- Label
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Label Match Statement - A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
- Not
Statement RuleGroup Rule Statement Rate Based Statement Scope Down Statement Not Statement - A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
- Or
Statement RuleGroup Rule Statement Rate Based Statement Scope Down Statement Or Statement - A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
- Regex
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement - A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
- Regex
Pattern RuleSet Reference Statement Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement - A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- Size
Constraint RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement - A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
- Sqli
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
- Xss
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement - A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
- and
Statement RuleGroup Rule Statement Rate Based Statement Scope Down Statement And Statement - A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
- byte
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement - A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
- geo
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Geo Match Statement - A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
- ip
Set RuleReference Statement Group Rule Statement Rate Based Statement Scope Down Statement Ip Set Reference Statement - A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Label Match Statement - A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
- not
Statement RuleGroup Rule Statement Rate Based Statement Scope Down Statement Not Statement - A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
- or
Statement RuleGroup Rule Statement Rate Based Statement Scope Down Statement Or Statement - A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
- regex
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement - A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
- regex
Pattern RuleSet Reference Statement Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement - A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- size
Constraint RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement - A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
- sqli
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
- xss
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement - A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
- and
Statement RuleGroup Rule Statement Rate Based Statement Scope Down Statement And Statement - A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
- byte
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement - A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
- geo
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Geo Match Statement - A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
- ip
Set RuleReference Statement Group Rule Statement Rate Based Statement Scope Down Statement Ip Set Reference Statement - A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Label Match Statement - A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
- not
Statement RuleGroup Rule Statement Rate Based Statement Scope Down Statement Not Statement - A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
- or
Statement RuleGroup Rule Statement Rate Based Statement Scope Down Statement Or Statement - A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
- regex
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement - A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
- regex
Pattern RuleSet Reference Statement Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement - A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- size
Constraint RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement - A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
- sqli
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
- xss
Match RuleStatement Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement - A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
- and_
statement RuleGroup Rule Statement Rate Based Statement Scope Down Statement And Statement - A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
- byte_
match_ Rulestatement Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement - A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
- geo_
match_ Rulestatement Group Rule Statement Rate Based Statement Scope Down Statement Geo Match Statement - A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
- ip_
set_ Rulereference_ statement Group Rule Statement Rate Based Statement Scope Down Statement Ip Set Reference Statement - A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label_
match_ Rulestatement Group Rule Statement Rate Based Statement Scope Down Statement Label Match Statement - A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
- not_
statement RuleGroup Rule Statement Rate Based Statement Scope Down Statement Not Statement - A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
- or_
statement RuleGroup Rule Statement Rate Based Statement Scope Down Statement Or Statement - A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
- regex_
match_ Rulestatement Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement - A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
- regex_
pattern_ Ruleset_ reference_ statement Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement - A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- size_
constraint_ Rulestatement Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement - A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
- sqli_
match_ Rulestatement Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
- xss_
match_ Rulestatement Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement - A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
- and
Statement Property Map - A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
- byte
Match Property MapStatement - A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
- geo
Match Property MapStatement - A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
- ip
Set Property MapReference Statement - A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label
Match Property MapStatement - A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
- not
Statement Property Map - A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
- or
Statement Property Map - A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
- regex
Match Property MapStatement - A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
- regex
Pattern Property MapSet Reference Statement - A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- size
Constraint Property MapStatement - A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
- sqli
Match Property MapStatement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
- xss
Match Property MapStatement - A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementAndStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementAndStatementArgs
- Statements
List<Rule
Group Rule Statement> - The statements to combine.
- Statements
[]Rule
Group Rule Statement - The statements to combine.
- statements
List<Rule
Group Rule Statement> - The statements to combine.
- statements
Rule
Group Rule Statement[] - The statements to combine.
- statements
Sequence[Rule
Group Rule Statement] - The statements to combine.
- statements List<Property Map>
- The statements to combine.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementArgs
- Positional
Constraint string - The area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - Search
String string - A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - Text
Transformations List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- Positional
Constraint string - The area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - Search
String string - A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - Text
Transformations []RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- positional
Constraint String - The area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - search
String String - A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - text
Transformations List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- positional
Constraint string - The area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - search
String string - A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - text
Transformations RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- positional_
constraint str - The area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - search_
string str - A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - text_
transformations Sequence[RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field_
to_ Rulematch Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- positional
Constraint String - The area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - search
String String - A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To Property MapMatch - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchArgs
- All
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- Headers
List<Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- All
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders []RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Header Order - Inspect the request headers. See Header Order below for details.
- Headers
[]Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Header - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- headers
List<Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Header Order[] - Inspect the request headers. See Header Order below for details.
- headers
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Header[] - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all_
query_ Rulearguments Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header_
orders Sequence[RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Header Order] - Inspect the request headers. See Header Order below for details.
- headers
Sequence[Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Header] - Inspect the request headers. See Headers below for details.
- ja3_
fingerprint RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Ja3Fingerprint - json_
body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query_
string RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single_
header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single_
query_ Ruleargument Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri_
path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body, which immediately follows the request headers.
- Property Map
- Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<Property Map> - Inspect the request headers. See Header Order below for details.
- headers List<Property Map>
- Inspect the request headers. See Headers below for details.
- ja3Fingerprint Property Map
- json
Body Property Map - Inspect the request body as JSON. See JSON Body for details.
- method Property Map
- Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String Property Map - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header Property Map - Inspect a single header. See Single Header below for details.
- single
Query Property MapArgument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path Property Map - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBodyArgs
- Oversize
Handling string
- Oversize
Handling string
- oversize
Handling String
- oversize
Handling string
- oversize
Handling String
RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookies, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesArgs
- Match
Patterns List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- Match
Patterns []RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern[] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match_
patterns Sequence[RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match_
scope str - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize_
handling str - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<Property Map> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<string>
- List<string>
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- []string
- []string
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- string[]
- string[]
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Sequence[str]
- Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderArgs
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match_
pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match_
scope str - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern Property Map - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers List<string> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers List<string> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers []string - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers []string - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers string[] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers string[] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded_
headers Sequence[str] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included_
headers Sequence[str] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string
- Fallback
Behavior string
- fallback
Behavior String
- fallback
Behavior string
- fallback
Behavior String
RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyArgs
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match_
pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match_
scope str - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid_
fallback_ strbehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize_
handling str - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern Property Map - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths List<string>
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths []string
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths string[]
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included_
paths Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeaderArgs
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformationArgs
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs
- Country
Codes List<string> - An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - Forwarded
Ip RuleConfig Group Rule Statement Rate Based Statement Scope Down Statement Geo Match Statement Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
- Country
Codes []string - An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - Forwarded
Ip RuleConfig Group Rule Statement Rate Based Statement Scope Down Statement Geo Match Statement Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
- country
Codes List<String> - An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - forwarded
Ip RuleConfig Group Rule Statement Rate Based Statement Scope Down Statement Geo Match Statement Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
- country
Codes string[] - An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - forwarded
Ip RuleConfig Group Rule Statement Rate Based Statement Scope Down Statement Geo Match Statement Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
- country_
codes Sequence[str] - An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - forwarded_
ip_ Ruleconfig Group Rule Statement Rate Based Statement Scope Down Statement Geo Match Statement Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
- country
Codes List<String> - An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - forwarded
Ip Property MapConfig - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig, RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfigArgs
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - Header
Name string - The name of the HTTP header to use for the IP address.
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - Header
Name string - The name of the HTTP header to use for the IP address.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name String - The name of the HTTP header to use for the IP address.
- fallback
Behavior string - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name string - The name of the HTTP header to use for the IP address.
- fallback_
behavior str - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header_
name str - The name of the HTTP header to use for the IP address.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name String - The name of the HTTP header to use for the IP address.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementArgs
- Arn string
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- Ip
Set RuleForwarded Ip Config Group Rule Statement Rate Based Statement Scope Down Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
- Arn string
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- Ip
Set RuleForwarded Ip Config Group Rule Statement Rate Based Statement Scope Down Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
- arn String
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- ip
Set RuleForwarded Ip Config Group Rule Statement Rate Based Statement Scope Down Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
- arn string
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- ip
Set RuleForwarded Ip Config Group Rule Statement Rate Based Statement Scope Down Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
- arn str
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- ip_
set_ Ruleforwarded_ ip_ config Group Rule Statement Rate Based Statement Scope Down Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
- arn String
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- ip
Set Property MapForwarded Ip Config - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig, RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - Header
Name string - The name of the HTTP header to use for the IP address.
- Position string
- The position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - Header
Name string - The name of the HTTP header to use for the IP address.
- Position string
- The position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name String - The name of the HTTP header to use for the IP address.
- position String
- The position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- fallback
Behavior string - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name string - The name of the HTTP header to use for the IP address.
- position string
- The position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- fallback_
behavior str - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header_
name str - The name of the HTTP header to use for the IP address.
- position str
- The position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name String - The name of the HTTP header to use for the IP address.
- position String
- The position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatementArgs
RuleGroupRuleStatementRateBasedStatementScopeDownStatementNotStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementNotStatementArgs
- Statements
List<Rule
Group Rule Statement> - The statements to combine.
- Statements
[]Rule
Group Rule Statement - The statements to combine.
- statements
List<Rule
Group Rule Statement> - The statements to combine.
- statements
Rule
Group Rule Statement[] - The statements to combine.
- statements
Sequence[Rule
Group Rule Statement] - The statements to combine.
- statements List<Property Map>
- The statements to combine.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementOrStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementOrStatementArgs
- Statements
List<Rule
Group Rule Statement> - The statements to combine.
- Statements
[]Rule
Group Rule Statement - The statements to combine.
- statements
List<Rule
Group Rule Statement> - The statements to combine.
- statements
Rule
Group Rule Statement[] - The statements to combine.
- statements
Sequence[Rule
Group Rule Statement] - The statements to combine.
- statements List<Property Map>
- The statements to combine.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementArgs
- Regex
String string - The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
- Text
Transformations List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- Regex
String string - The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
- Text
Transformations []RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- regex
String String - The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
- text
Transformations List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- regex
String string - The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
- text
Transformations RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- regex_
string str - The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
- text_
transformations Sequence[RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field_
to_ Rulematch Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- regex
String String - The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To Property MapMatch - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatch, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchArgs
- All
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- Headers
List<Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- All
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders []RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Header Order - Inspect the request headers. See Header Order below for details.
- Headers
[]Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Header - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- headers
List<Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Header Order[] - Inspect the request headers. See Header Order below for details.
- headers
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Header[] - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all_
query_ Rulearguments Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header_
orders Sequence[RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Header Order] - Inspect the request headers. See Header Order below for details.
- headers
Sequence[Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Header] - Inspect the request headers. See Headers below for details.
- ja3_
fingerprint RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Ja3Fingerprint - json_
body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query_
string RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single_
header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single_
query_ Ruleargument Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri_
path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body, which immediately follows the request headers.
- Property Map
- Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<Property Map> - Inspect the request headers. See Header Order below for details.
- headers List<Property Map>
- Inspect the request headers. See Headers below for details.
- ja3Fingerprint Property Map
- json
Body Property Map - Inspect the request body as JSON. See JSON Body for details.
- method Property Map
- Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String Property Map - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header Property Map - Inspect a single header. See Single Header below for details.
- single
Query Property MapArgument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path Property Map - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchBodyArgs
- Oversize
Handling string
- Oversize
Handling string
- oversize
Handling String
- oversize
Handling string
- oversize
Handling String
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesArgs
- Match
Patterns List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- Match
Patterns []RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern[] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match_
patterns Sequence[RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match_
scope str - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize_
handling str - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<Property Map> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternArgs
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<string>
- List<string>
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- []string
- []string
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- string[]
- string[]
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Sequence[str]
- Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderArgs
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match_
pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match_
scope str - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern Property Map - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternArgs
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers List<string> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers List<string> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers []string - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers []string - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers string[] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers string[] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded_
headers Sequence[str] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included_
headers Sequence[str] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string
- Fallback
Behavior string
- fallback
Behavior String
- fallback
Behavior string
- fallback
Behavior String
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyArgs
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match_
pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match_
scope str - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid_
fallback_ strbehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize_
handling str - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern Property Map - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths List<string>
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths []string
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths string[]
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included_
paths Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeaderArgs
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformation, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformationArgs
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementArgs
- Arn string
- The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
- Text
Transformations List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- Arn string
- The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
- Text
Transformations []RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- arn String
- The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
- text
Transformations List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- arn string
- The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
- text
Transformations RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- arn str
- The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
- text_
transformations Sequence[RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field_
to_ Rulematch Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- arn String
- The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To Property MapMatch - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchArgs
- All
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- Headers
List<Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- All
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders []RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Order - Inspect the request headers. See Header Order below for details.
- Headers
[]Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- headers
List<Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Order[] - Inspect the request headers. See Header Order below for details.
- headers
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header[] - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all_
query_ Rulearguments Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header_
orders Sequence[RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Order] - Inspect the request headers. See Header Order below for details.
- headers
Sequence[Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header] - Inspect the request headers. See Headers below for details.
- ja3_
fingerprint RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Ja3Fingerprint - json_
body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query_
string RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single_
header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single_
query_ Ruleargument Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri_
path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body, which immediately follows the request headers.
- Property Map
- Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<Property Map> - Inspect the request headers. See Header Order below for details.
- headers List<Property Map>
- Inspect the request headers. See Headers below for details.
- ja3Fingerprint Property Map
- json
Body Property Map - Inspect the request body as JSON. See JSON Body for details.
- method Property Map
- Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String Property Map - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header Property Map - Inspect a single header. See Single Header below for details.
- single
Query Property MapArgument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path Property Map - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBodyArgs
- Oversize
Handling string
- Oversize
Handling string
- oversize
Handling String
- oversize
Handling string
- oversize
Handling String
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesArgs
- Match
Patterns List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- Match
Patterns []RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern[] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match_
patterns Sequence[RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match_
scope str - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize_
handling str - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<Property Map> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternArgs
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<string>
- List<string>
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- []string
- []string
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- string[]
- string[]
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Sequence[str]
- Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderArgs
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match_
pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match_
scope str - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern Property Map - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternArgs
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers List<string> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers List<string> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers []string - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers []string - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers string[] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers string[] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded_
headers Sequence[str] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included_
headers Sequence[str] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string
- Fallback
Behavior string
- fallback
Behavior String
- fallback
Behavior string
- fallback
Behavior String
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyArgs
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match_
pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match_
scope str - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid_
fallback_ strbehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize_
handling str - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern Property Map - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths List<string>
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths []string
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths string[]
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included_
paths Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeaderArgs
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformationArgs
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementArgs
- Comparison
Operator string - The operator to use to compare the request part to the size setting. Valid values include:
EQ
,NE
,LE
,LT
,GE
, orGT
. - Size int
- The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
- Text
Transformations List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- Comparison
Operator string - The operator to use to compare the request part to the size setting. Valid values include:
EQ
,NE
,LE
,LT
,GE
, orGT
. - Size int
- The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
- Text
Transformations []RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- comparison
Operator String - The operator to use to compare the request part to the size setting. Valid values include:
EQ
,NE
,LE
,LT
,GE
, orGT
. - size Integer
- The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
- text
Transformations List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- comparison
Operator string - The operator to use to compare the request part to the size setting. Valid values include:
EQ
,NE
,LE
,LT
,GE
, orGT
. - size number
- The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
- text
Transformations RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- comparison_
operator str - The operator to use to compare the request part to the size setting. Valid values include:
EQ
,NE
,LE
,LT
,GE
, orGT
. - size int
- The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
- text_
transformations Sequence[RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field_
to_ Rulematch Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- comparison
Operator String - The operator to use to compare the request part to the size setting. Valid values include:
EQ
,NE
,LE
,LT
,GE
, orGT
. - size Number
- The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To Property MapMatch - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchArgs
- All
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- Headers
List<Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- All
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders []RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Header Order - Inspect the request headers. See Header Order below for details.
- Headers
[]Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Header - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- headers
List<Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Header Order[] - Inspect the request headers. See Header Order below for details.
- headers
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Header[] - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all_
query_ Rulearguments Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header_
orders Sequence[RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Header Order] - Inspect the request headers. See Header Order below for details.
- headers
Sequence[Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Header] - Inspect the request headers. See Headers below for details.
- ja3_
fingerprint RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Ja3Fingerprint - json_
body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query_
string RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single_
header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single_
query_ Ruleargument Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri_
path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body, which immediately follows the request headers.
- Property Map
- Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<Property Map> - Inspect the request headers. See Header Order below for details.
- headers List<Property Map>
- Inspect the request headers. See Headers below for details.
- ja3Fingerprint Property Map
- json
Body Property Map - Inspect the request body as JSON. See JSON Body for details.
- method Property Map
- Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String Property Map - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header Property Map - Inspect a single header. See Single Header below for details.
- single
Query Property MapArgument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path Property Map - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBodyArgs
- Oversize
Handling string
- Oversize
Handling string
- oversize
Handling String
- oversize
Handling string
- oversize
Handling String
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesArgs
- Match
Patterns List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- Match
Patterns []RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern[] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match_
patterns Sequence[RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match_
scope str - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize_
handling str - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<Property Map> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternArgs
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<string>
- List<string>
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- []string
- []string
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- string[]
- string[]
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Sequence[str]
- Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderArgs
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match_
pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match_
scope str - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern Property Map - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternArgs
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers List<string> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers List<string> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers []string - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers []string - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers string[] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers string[] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded_
headers Sequence[str] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included_
headers Sequence[str] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string
- Fallback
Behavior string
- fallback
Behavior String
- fallback
Behavior string
- fallback
Behavior String
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyArgs
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match_
pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match_
scope str - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid_
fallback_ strbehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize_
handling str - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern Property Map - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths List<string>
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths []string
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths string[]
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included_
paths Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeaderArgs
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformationArgs
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementArgs
- Text
Transformations List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- Sensitivity
Level string - Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include:
LOW
,HIGH
.
- Text
Transformations []RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- Sensitivity
Level string - Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include:
LOW
,HIGH
.
- text
Transformations List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- sensitivity
Level String - Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include:
LOW
,HIGH
.
- text
Transformations RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- sensitivity
Level string - Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include:
LOW
,HIGH
.
- text_
transformations Sequence[RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field_
to_ Rulematch Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- sensitivity_
level str - Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include:
LOW
,HIGH
.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To Property MapMatch - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- sensitivity
Level String - Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include:
LOW
,HIGH
.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchArgs
- All
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- Headers
List<Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- All
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders []RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Header Order - Inspect the request headers. See Header Order below for details.
- Headers
[]Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Header - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- headers
List<Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Header Order[] - Inspect the request headers. See Header Order below for details.
- headers
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Header[] - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all_
query_ Rulearguments Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header_
orders Sequence[RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Header Order] - Inspect the request headers. See Header Order below for details.
- headers
Sequence[Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Header] - Inspect the request headers. See Headers below for details.
- ja3_
fingerprint RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Ja3Fingerprint - json_
body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query_
string RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single_
header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single_
query_ Ruleargument Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri_
path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body, which immediately follows the request headers.
- Property Map
- Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<Property Map> - Inspect the request headers. See Header Order below for details.
- headers List<Property Map>
- Inspect the request headers. See Headers below for details.
- ja3Fingerprint Property Map
- json
Body Property Map - Inspect the request body as JSON. See JSON Body for details.
- method Property Map
- Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String Property Map - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header Property Map - Inspect a single header. See Single Header below for details.
- single
Query Property MapArgument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path Property Map - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBodyArgs
- Oversize
Handling string
- Oversize
Handling string
- oversize
Handling String
- oversize
Handling string
- oversize
Handling String
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesArgs
- Match
Patterns List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- Match
Patterns []RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern[] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match_
patterns Sequence[RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match_
scope str - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize_
handling str - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<Property Map> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternArgs
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<string>
- List<string>
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- []string
- []string
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- string[]
- string[]
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Sequence[str]
- Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderArgs
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match_
pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match_
scope str - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern Property Map - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternArgs
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers List<string> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers List<string> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers []string - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers []string - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers string[] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers string[] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded_
headers Sequence[str] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included_
headers Sequence[str] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string
- Fallback
Behavior string
- fallback
Behavior String
- fallback
Behavior string
- fallback
Behavior String
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyArgs
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match_
pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match_
scope str - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid_
fallback_ strbehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize_
handling str - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern Property Map - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths List<string>
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths []string
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths string[]
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included_
paths Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeaderArgs
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformationArgs
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementArgs
- Text
Transformations List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- Text
Transformations []RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- text
Transformations List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- text
Transformations RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- text_
transformations Sequence[RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field_
to_ Rulematch Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To Property MapMatch - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchArgs
- All
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- Headers
List<Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- All
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders []RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Header Order - Inspect the request headers. See Header Order below for details.
- Headers
[]Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Header - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- headers
List<Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Header Order[] - Inspect the request headers. See Header Order below for details.
- headers
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Header[] - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all_
query_ Rulearguments Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header_
orders Sequence[RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Header Order] - Inspect the request headers. See Header Order below for details.
- headers
Sequence[Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Header] - Inspect the request headers. See Headers below for details.
- ja3_
fingerprint RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Ja3Fingerprint - json_
body RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query_
string RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single_
header RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single_
query_ Ruleargument Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri_
path RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body, which immediately follows the request headers.
- Property Map
- Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<Property Map> - Inspect the request headers. See Header Order below for details.
- headers List<Property Map>
- Inspect the request headers. See Headers below for details.
- ja3Fingerprint Property Map
- json
Body Property Map - Inspect the request body as JSON. See JSON Body for details.
- method Property Map
- Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String Property Map - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header Property Map - Inspect a single header. See Single Header below for details.
- single
Query Property MapArgument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path Property Map - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBodyArgs
- Oversize
Handling string
- Oversize
Handling string
- oversize
Handling String
- oversize
Handling string
- oversize
Handling String
RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookies, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesArgs
- Match
Patterns List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- Match
Patterns []RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern[] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match_
patterns Sequence[RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match_
scope str - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize_
handling str - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<Property Map> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternArgs
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<string>
- List<string>
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- []string
- []string
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- string[]
- string[]
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Sequence[str]
- Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderArgs
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match_
pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match_
scope str - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern Property Map - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternArgs
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers List<string> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers List<string> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers []string - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers []string - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers string[] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers string[] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded_
headers Sequence[str] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included_
headers Sequence[str] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string
- Fallback
Behavior string
- fallback
Behavior String
- fallback
Behavior string
- fallback
Behavior String
RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyArgs
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- Match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match_
pattern RuleGroup Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match_
scope str - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid_
fallback_ strbehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize_
handling str - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern Property Map - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths List<string>
- All
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths []string
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths string[]
- all
Rule
Group Rule Statement Rate Based Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included_
paths Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeaderArgs
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformationArgs
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
RuleGroupRuleStatementRegexMatchStatement, RuleGroupRuleStatementRegexMatchStatementArgs
- Regex
String string - The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
- Text
Transformations List<RuleGroup Rule Statement Regex Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Regex Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- Regex
String string - The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
- Text
Transformations []RuleGroup Rule Statement Regex Match Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Regex Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- regex
String String - The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
- text
Transformations List<RuleGroup Rule Statement Regex Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Regex Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- regex
String string - The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
- text
Transformations RuleGroup Rule Statement Regex Match Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Regex Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- regex_
string str - The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
- text_
transformations Sequence[RuleGroup Rule Statement Regex Match Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field_
to_ Rulematch Group Rule Statement Regex Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- regex
String String - The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To Property MapMatch - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
RuleGroupRuleStatementRegexMatchStatementFieldToMatch, RuleGroupRuleStatementRegexMatchStatementFieldToMatchArgs
- All
Query RuleArguments Group Rule Statement Regex Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Regex Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Regex Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders List<RuleGroup Rule Statement Regex Match Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- Headers
List<Rule
Group Rule Statement Regex Match Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Regex Match Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Regex Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Regex Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Regex Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Regex Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Regex Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Regex Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- All
Query RuleArguments Group Rule Statement Regex Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Regex Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Regex Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders []RuleGroup Rule Statement Regex Match Statement Field To Match Header Order - Inspect the request headers. See Header Order below for details.
- Headers
[]Rule
Group Rule Statement Regex Match Statement Field To Match Header - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Regex Match Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Regex Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Regex Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Regex Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Regex Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Regex Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Regex Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Regex Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Regex Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Regex Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<RuleGroup Rule Statement Regex Match Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- headers
List<Rule
Group Rule Statement Regex Match Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Regex Match Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Regex Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Regex Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Regex Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Regex Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Regex Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Regex Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Regex Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Regex Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Regex Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders RuleGroup Rule Statement Regex Match Statement Field To Match Header Order[] - Inspect the request headers. See Header Order below for details.
- headers
Rule
Group Rule Statement Regex Match Statement Field To Match Header[] - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Regex Match Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Regex Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Regex Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Regex Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Regex Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Regex Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Regex Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all_
query_ Rulearguments Group Rule Statement Regex Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Regex Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Regex Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header_
orders Sequence[RuleGroup Rule Statement Regex Match Statement Field To Match Header Order] - Inspect the request headers. See Header Order below for details.
- headers
Sequence[Rule
Group Rule Statement Regex Match Statement Field To Match Header] - Inspect the request headers. See Headers below for details.
- ja3_
fingerprint RuleGroup Rule Statement Regex Match Statement Field To Match Ja3Fingerprint - json_
body RuleGroup Rule Statement Regex Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Regex Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query_
string RuleGroup Rule Statement Regex Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single_
header RuleGroup Rule Statement Regex Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single_
query_ Ruleargument Group Rule Statement Regex Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri_
path RuleGroup Rule Statement Regex Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body, which immediately follows the request headers.
- Property Map
- Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<Property Map> - Inspect the request headers. See Header Order below for details.
- headers List<Property Map>
- Inspect the request headers. See Headers below for details.
- ja3Fingerprint Property Map
- json
Body Property Map - Inspect the request body as JSON. See JSON Body for details.
- method Property Map
- Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String Property Map - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header Property Map - Inspect a single header. See Single Header below for details.
- single
Query Property MapArgument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path Property Map - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
RuleGroupRuleStatementRegexMatchStatementFieldToMatchBody, RuleGroupRuleStatementRegexMatchStatementFieldToMatchBodyArgs
- Oversize
Handling string
- Oversize
Handling string
- oversize
Handling String
- oversize
Handling string
- oversize
Handling String
RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookies, RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesArgs
- Match
Patterns List<RuleGroup Rule Statement Regex Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- Match
Patterns []RuleGroup Rule Statement Regex Match Statement Field To Match Cookies Match Pattern - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<RuleGroup Rule Statement Regex Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns RuleGroup Rule Statement Regex Match Statement Field To Match Cookies Match Pattern[] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match_
patterns Sequence[RuleGroup Rule Statement Regex Match Statement Field To Match Cookies Match Pattern] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match_
scope str - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize_
handling str - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<Property Map> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPatternArgs
- All
Rule
Group Rule Statement Regex Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<string>
- List<string>
- All
Rule
Group Rule Statement Regex Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- []string
- []string
- all
Rule
Group Rule Statement Regex Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
- all
Rule
Group Rule Statement Regex Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- string[]
- string[]
- all
Rule
Group Rule Statement Regex Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Sequence[str]
- Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeader, RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderArgs
- Match
Pattern RuleGroup Rule Statement Regex Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Match
Pattern RuleGroup Rule Statement Regex Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Regex Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Regex Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match_
pattern RuleGroup Rule Statement Regex Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match_
scope str - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern Property Map - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPatternArgs
- All
Rule
Group Rule Statement Regex Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers List<string> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers List<string> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- All
Rule
Group Rule Statement Regex Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers []string - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers []string - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Regex Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Regex Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers string[] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers string[] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Regex Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded_
headers Sequence[str] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included_
headers Sequence[str] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string
- Fallback
Behavior string
- fallback
Behavior String
- fallback
Behavior string
- fallback
Behavior String
RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBody, RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyArgs
- Match
Pattern RuleGroup Rule Statement Regex Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- Match
Pattern RuleGroup Rule Statement Regex Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern RuleGroup Rule Statement Regex Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern RuleGroup Rule Statement Regex Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match_
pattern RuleGroup Rule Statement Regex Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match_
scope str - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid_
fallback_ strbehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize_
handling str - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern Property Map - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Rule
Group Rule Statement Regex Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths List<string>
- All
Rule
Group Rule Statement Regex Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths []string
- all
Rule
Group Rule Statement Regex Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
- all
Rule
Group Rule Statement Regex Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths string[]
- all
Rule
Group Rule Statement Regex Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included_
paths Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleHeaderArgs
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
RuleGroupRuleStatementRegexMatchStatementTextTransformation, RuleGroupRuleStatementRegexMatchStatementTextTransformationArgs
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
RuleGroupRuleStatementRegexPatternSetReferenceStatement, RuleGroupRuleStatementRegexPatternSetReferenceStatementArgs
- Arn string
- The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
- Text
Transformations List<RuleGroup Rule Statement Regex Pattern Set Reference Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Regex Pattern Set Reference Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- Arn string
- The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
- Text
Transformations []RuleGroup Rule Statement Regex Pattern Set Reference Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Regex Pattern Set Reference Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- arn String
- The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
- text
Transformations List<RuleGroup Rule Statement Regex Pattern Set Reference Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Regex Pattern Set Reference Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- arn string
- The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
- text
Transformations RuleGroup Rule Statement Regex Pattern Set Reference Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Regex Pattern Set Reference Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- arn str
- The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
- text_
transformations Sequence[RuleGroup Rule Statement Regex Pattern Set Reference Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field_
to_ Rulematch Group Rule Statement Regex Pattern Set Reference Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- arn String
- The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To Property MapMatch - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatch, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchArgs
- All
Query RuleArguments Group Rule Statement Regex Pattern Set Reference Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders List<RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- Headers
List<Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Regex Pattern Set Reference Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- All
Query RuleArguments Group Rule Statement Regex Pattern Set Reference Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders []RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Header Order - Inspect the request headers. See Header Order below for details.
- Headers
[]Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Header - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Regex Pattern Set Reference Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Regex Pattern Set Reference Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- headers
List<Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Regex Pattern Set Reference Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Regex Pattern Set Reference Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Header Order[] - Inspect the request headers. See Header Order below for details.
- headers
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Header[] - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Regex Pattern Set Reference Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all_
query_ Rulearguments Group Rule Statement Regex Pattern Set Reference Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header_
orders Sequence[RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Header Order] - Inspect the request headers. See Header Order below for details.
- headers
Sequence[Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Header] - Inspect the request headers. See Headers below for details.
- ja3_
fingerprint RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Ja3Fingerprint - json_
body RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query_
string RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single_
header RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single_
query_ Ruleargument Group Rule Statement Regex Pattern Set Reference Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri_
path RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body, which immediately follows the request headers.
- Property Map
- Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<Property Map> - Inspect the request headers. See Header Order below for details.
- headers List<Property Map>
- Inspect the request headers. See Headers below for details.
- ja3Fingerprint Property Map
- json
Body Property Map - Inspect the request body as JSON. See JSON Body for details.
- method Property Map
- Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String Property Map - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header Property Map - Inspect a single header. See Single Header below for details.
- single
Query Property MapArgument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path Property Map - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBodyArgs
- Oversize
Handling string
- Oversize
Handling string
- oversize
Handling String
- oversize
Handling string
- oversize
Handling String
RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookies, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesArgs
- Match
Patterns List<RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- Match
Patterns []RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern[] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match_
patterns Sequence[RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match_
scope str - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize_
handling str - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<Property Map> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternArgs
- All
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<string>
- List<string>
- All
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- []string
- []string
- all
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
- all
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- string[]
- string[]
- all
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Sequence[str]
- Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeader, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderArgs
- Match
Pattern RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Match
Pattern RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match_
pattern RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match_
scope str - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern Property Map - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternArgs
- All
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers List<string> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers List<string> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- All
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers []string - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers []string - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers string[] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers string[] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded_
headers Sequence[str] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included_
headers Sequence[str] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string
- Fallback
Behavior string
- fallback
Behavior String
- fallback
Behavior string
- fallback
Behavior String
RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyArgs
- Match
Pattern RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- Match
Pattern RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match_
pattern RuleGroup Rule Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match_
scope str - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid_
fallback_ strbehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize_
handling str - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern Property Map - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths List<string>
- All
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths []string
- all
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
- all
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths string[]
- all
Rule
Group Rule Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included_
paths Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeaderArgs
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformation, RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformationArgs
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
RuleGroupRuleStatementSizeConstraintStatement, RuleGroupRuleStatementSizeConstraintStatementArgs
- Comparison
Operator string - The operator to use to compare the request part to the size setting. Valid values include:
EQ
,NE
,LE
,LT
,GE
, orGT
. - Size int
- The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
- Text
Transformations List<RuleGroup Rule Statement Size Constraint Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Size Constraint Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- Comparison
Operator string - The operator to use to compare the request part to the size setting. Valid values include:
EQ
,NE
,LE
,LT
,GE
, orGT
. - Size int
- The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
- Text
Transformations []RuleGroup Rule Statement Size Constraint Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Size Constraint Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- comparison
Operator String - The operator to use to compare the request part to the size setting. Valid values include:
EQ
,NE
,LE
,LT
,GE
, orGT
. - size Integer
- The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
- text
Transformations List<RuleGroup Rule Statement Size Constraint Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Size Constraint Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- comparison
Operator string - The operator to use to compare the request part to the size setting. Valid values include:
EQ
,NE
,LE
,LT
,GE
, orGT
. - size number
- The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
- text
Transformations RuleGroup Rule Statement Size Constraint Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Size Constraint Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- comparison_
operator str - The operator to use to compare the request part to the size setting. Valid values include:
EQ
,NE
,LE
,LT
,GE
, orGT
. - size int
- The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
- text_
transformations Sequence[RuleGroup Rule Statement Size Constraint Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field_
to_ Rulematch Group Rule Statement Size Constraint Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- comparison
Operator String - The operator to use to compare the request part to the size setting. Valid values include:
EQ
,NE
,LE
,LT
,GE
, orGT
. - size Number
- The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To Property MapMatch - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
RuleGroupRuleStatementSizeConstraintStatementFieldToMatch, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchArgs
- All
Query RuleArguments Group Rule Statement Size Constraint Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Size Constraint Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Size Constraint Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders List<RuleGroup Rule Statement Size Constraint Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- Headers
List<Rule
Group Rule Statement Size Constraint Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Size Constraint Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Size Constraint Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Size Constraint Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Size Constraint Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Size Constraint Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Size Constraint Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Size Constraint Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- All
Query RuleArguments Group Rule Statement Size Constraint Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Size Constraint Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Size Constraint Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders []RuleGroup Rule Statement Size Constraint Statement Field To Match Header Order - Inspect the request headers. See Header Order below for details.
- Headers
[]Rule
Group Rule Statement Size Constraint Statement Field To Match Header - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Size Constraint Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Size Constraint Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Size Constraint Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Size Constraint Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Size Constraint Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Size Constraint Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Size Constraint Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Size Constraint Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Size Constraint Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Size Constraint Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<RuleGroup Rule Statement Size Constraint Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- headers
List<Rule
Group Rule Statement Size Constraint Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Size Constraint Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Size Constraint Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Size Constraint Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Size Constraint Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Size Constraint Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Size Constraint Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Size Constraint Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Size Constraint Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Size Constraint Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Size Constraint Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders RuleGroup Rule Statement Size Constraint Statement Field To Match Header Order[] - Inspect the request headers. See Header Order below for details.
- headers
Rule
Group Rule Statement Size Constraint Statement Field To Match Header[] - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Size Constraint Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Size Constraint Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Size Constraint Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Size Constraint Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Size Constraint Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Size Constraint Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Size Constraint Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all_
query_ Rulearguments Group Rule Statement Size Constraint Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Size Constraint Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Size Constraint Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header_
orders Sequence[RuleGroup Rule Statement Size Constraint Statement Field To Match Header Order] - Inspect the request headers. See Header Order below for details.
- headers
Sequence[Rule
Group Rule Statement Size Constraint Statement Field To Match Header] - Inspect the request headers. See Headers below for details.
- ja3_
fingerprint RuleGroup Rule Statement Size Constraint Statement Field To Match Ja3Fingerprint - json_
body RuleGroup Rule Statement Size Constraint Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Size Constraint Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query_
string RuleGroup Rule Statement Size Constraint Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single_
header RuleGroup Rule Statement Size Constraint Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single_
query_ Ruleargument Group Rule Statement Size Constraint Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri_
path RuleGroup Rule Statement Size Constraint Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body, which immediately follows the request headers.
- Property Map
- Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<Property Map> - Inspect the request headers. See Header Order below for details.
- headers List<Property Map>
- Inspect the request headers. See Headers below for details.
- ja3Fingerprint Property Map
- json
Body Property Map - Inspect the request body as JSON. See JSON Body for details.
- method Property Map
- Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String Property Map - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header Property Map - Inspect a single header. See Single Header below for details.
- single
Query Property MapArgument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path Property Map - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBody, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBodyArgs
- Oversize
Handling string
- Oversize
Handling string
- oversize
Handling String
- oversize
Handling string
- oversize
Handling String
RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookies, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesArgs
- Match
Patterns List<RuleGroup Rule Statement Size Constraint Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- Match
Patterns []RuleGroup Rule Statement Size Constraint Statement Field To Match Cookies Match Pattern - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<RuleGroup Rule Statement Size Constraint Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns RuleGroup Rule Statement Size Constraint Statement Field To Match Cookies Match Pattern[] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match_
patterns Sequence[RuleGroup Rule Statement Size Constraint Statement Field To Match Cookies Match Pattern] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match_
scope str - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize_
handling str - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<Property Map> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternArgs
- All
Rule
Group Rule Statement Size Constraint Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<string>
- List<string>
- All
Rule
Group Rule Statement Size Constraint Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- []string
- []string
- all
Rule
Group Rule Statement Size Constraint Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
- all
Rule
Group Rule Statement Size Constraint Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- string[]
- string[]
- all
Rule
Group Rule Statement Size Constraint Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Sequence[str]
- Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeader, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderArgs
- Match
Pattern RuleGroup Rule Statement Size Constraint Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Match
Pattern RuleGroup Rule Statement Size Constraint Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Size Constraint Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Size Constraint Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match_
pattern RuleGroup Rule Statement Size Constraint Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match_
scope str - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern Property Map - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternArgs
- All
Rule
Group Rule Statement Size Constraint Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers List<string> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers List<string> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- All
Rule
Group Rule Statement Size Constraint Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers []string - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers []string - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Size Constraint Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Size Constraint Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers string[] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers string[] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Size Constraint Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded_
headers Sequence[str] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included_
headers Sequence[str] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string
- Fallback
Behavior string
- fallback
Behavior String
- fallback
Behavior string
- fallback
Behavior String
RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBody, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBodyArgs
- Match
Pattern RuleGroup Rule Statement Size Constraint Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- Match
Pattern RuleGroup Rule Statement Size Constraint Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern RuleGroup Rule Statement Size Constraint Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern RuleGroup Rule Statement Size Constraint Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match_
pattern RuleGroup Rule Statement Size Constraint Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match_
scope str - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid_
fallback_ strbehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize_
handling str - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern Property Map - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Rule
Group Rule Statement Size Constraint Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths List<string>
- All
Rule
Group Rule Statement Size Constraint Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths []string
- all
Rule
Group Rule Statement Size Constraint Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
- all
Rule
Group Rule Statement Size Constraint Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths string[]
- all
Rule
Group Rule Statement Size Constraint Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included_
paths Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleHeader, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleHeaderArgs
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- The name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- The name of the query header to inspect. This setting must be provided as lower case characters.
RuleGroupRuleStatementSizeConstraintStatementTextTransformation, RuleGroupRuleStatementSizeConstraintStatementTextTransformationArgs
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- The transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- The transformation to apply, please refer to the Text Transformation documentation for more details.
RuleGroupRuleStatementSqliMatchStatement, RuleGroupRuleStatementSqliMatchStatementArgs
- Text
Transformations List<RuleGroup Rule Statement Sqli Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Sqli Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- Sensitivity
Level string - Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include:
LOW
,HIGH
.
- Text
Transformations []RuleGroup Rule Statement Sqli Match Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- Field
To RuleMatch Group Rule Statement Sqli Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- Sensitivity
Level string - Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include:
LOW
,HIGH
.
- text
Transformations List<RuleGroup Rule Statement Sqli Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Sqli Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- sensitivity
Level String - Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include:
LOW
,HIGH
.
- text
Transformations RuleGroup Rule Statement Sqli Match Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To RuleMatch Group Rule Statement Sqli Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- sensitivity
Level string - Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include:
LOW
,HIGH
.
- text_
transformations Sequence[RuleGroup Rule Statement Sqli Match Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field_
to_ Rulematch Group Rule Statement Sqli Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- sensitivity_
level str - Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include:
LOW
,HIGH
.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
- field
To Property MapMatch - The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
- sensitivity
Level String - Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include:
LOW
,HIGH
.
RuleGroupRuleStatementSqliMatchStatementFieldToMatch, RuleGroupRuleStatementSqliMatchStatementFieldToMatchArgs
- All
Query RuleArguments Group Rule Statement Sqli Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Sqli Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Sqli Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders List<RuleGroup Rule Statement Sqli Match Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- Headers
List<Rule
Group Rule Statement Sqli Match Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Sqli Match Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Sqli Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Sqli Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Sqli Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Sqli Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Sqli Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Sqli Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- All
Query RuleArguments Group Rule Statement Sqli Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Rule
Group Rule Statement Sqli Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Sqli Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- Header
Orders []RuleGroup Rule Statement Sqli Match Statement Field To Match Header Order - Inspect the request headers. See Header Order below for details.
- Headers
[]Rule
Group Rule Statement Sqli Match Statement Field To Match Header - Inspect the request headers. See Headers below for details.
- Ja3Fingerprint
Rule
Group Rule Statement Sqli Match Statement Field To Match Ja3Fingerprint - Json
Body RuleGroup Rule Statement Sqli Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- Method
Rule
Group Rule Statement Sqli Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String RuleGroup Rule Statement Sqli Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header RuleGroup Rule Statement Sqli Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- Single
Query RuleArgument Group Rule Statement Sqli Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- Uri
Path RuleGroup Rule Statement Sqli Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Sqli Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Sqli Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Sqli Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<RuleGroup Rule Statement Sqli Match Statement Field To Match Header Order> - Inspect the request headers. See Header Order below for details.
- headers
List<Rule
Group Rule Statement Sqli Match Statement Field To Match Header> - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Sqli Match Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Sqli Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Sqli Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Sqli Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Sqli Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Sqli Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Sqli Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query RuleArguments Group Rule Statement Sqli Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Sqli Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Sqli Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header
Orders RuleGroup Rule Statement Sqli Match Statement Field To Match Header Order[] - Inspect the request headers. See Header Order below for details.
- headers
Rule
Group Rule Statement Sqli Match Statement Field To Match Header[] - Inspect the request headers. See Headers below for details.
- ja3Fingerprint
Rule
Group Rule Statement Sqli Match Statement Field To Match Ja3Fingerprint - json
Body RuleGroup Rule Statement Sqli Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Sqli Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String RuleGroup Rule Statement Sqli Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header RuleGroup Rule Statement Sqli Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single
Query RuleArgument Group Rule Statement Sqli Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path RuleGroup Rule Statement Sqli Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all_
query_ Rulearguments Group Rule Statement Sqli Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Rule
Group Rule Statement Sqli Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers.
- Rule
Group Rule Statement Sqli Match Statement Field To Match Cookies - Inspect the cookies in the web request. See Cookies below for details.
- header_
orders Sequence[RuleGroup Rule Statement Sqli Match Statement Field To Match Header Order] - Inspect the request headers. See Header Order below for details.
- headers
Sequence[Rule
Group Rule Statement Sqli Match Statement Field To Match Header] - Inspect the request headers. See Headers below for details.
- ja3_
fingerprint RuleGroup Rule Statement Sqli Match Statement Field To Match Ja3Fingerprint - json_
body RuleGroup Rule Statement Sqli Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body for details.
- method
Rule
Group Rule Statement Sqli Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query_
string RuleGroup Rule Statement Sqli Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single_
header RuleGroup Rule Statement Sqli Match Statement Field To Match Single Header - Inspect a single header. See Single Header below for details.
- single_
query_ Ruleargument Group Rule Statement Sqli Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below for details.
- uri_
path RuleGroup Rule Statement Sqli Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body, which immediately follows the request headers.
- Property Map
- Inspect the cookies in the web request. See Cookies below for details.
- header
Orders List<Property Map> - Inspect the request headers. See Header Order below for details.
- headers List<Property Map>
- Inspect the request headers. See Headers below for details.
- ja3Fingerprint Property Map
- json
Body Property Map - Inspect the request body as JSON. See JSON Body for details.
- method Property Map
- Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String Property Map - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header Property Map - Inspect a single header. See Single Header below for details.
- single
Query Property MapArgument - Inspect a single query argument. See Single Query Argument below for details.
- uri
Path Property Map - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
RuleGroupRuleStatementSqliMatchStatementFieldToMatchBody, RuleGroupRuleStatementSqliMatchStatementFieldToMatchBodyArgs
- Oversize
Handling string
- Oversize
Handling string
- oversize
Handling String
- oversize
Handling string
- oversize
Handling String
RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookies, RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookiesArgs
- Match
Patterns List<RuleGroup Rule Statement Sqli Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- Match
Patterns []RuleGroup Rule Statement Sqli Match Statement Field To Match Cookies Match Pattern - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<RuleGroup Rule Statement Sqli Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns RuleGroup Rule Statement Sqli Match Statement Field To Match Cookies Match Pattern[] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match_
patterns Sequence[RuleGroup Rule Statement Sqli Match Statement Field To Match Cookies Match Pattern] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match_
scope str - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize_
handling str - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
- match
Patterns List<Property Map> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPatternArgs
- All
Rule
Group Rule Statement Sqli Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<string>
- List<string>
- All
Rule
Group Rule Statement Sqli Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- []string
- []string
- all
Rule
Group Rule Statement Sqli Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
- all
Rule
Group Rule Statement Sqli Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- string[]
- string[]
- all
Rule
Group Rule Statement Sqli Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Sequence[str]
- Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeader, RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderArgs
- Match
Pattern RuleGroup Rule Statement Sqli Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Match
Pattern RuleGroup Rule Statement Sqli Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Sqli Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern RuleGroup Rule Statement Sqli Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match_
pattern RuleGroup Rule Statement Sqli Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match_
scope str - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern Property Map - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPatternArgs
- All
Rule
Group Rule Statement Sqli Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers List<string> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers List<string> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- All
Rule
Group Rule Statement Sqli Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers []string - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers []string - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Sqli Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Sqli Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers string[] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers string[] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Rule
Group Rule Statement Sqli Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded_
headers Sequence[str] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included_
headers Sequence[str] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.