1. Packages
  2. AWS
  3. API Docs
  4. wafv2
  5. RuleGroup
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

aws.wafv2.RuleGroup

Explore with Pulumi AI

aws logo
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

    Create RuleGroup Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new RuleGroup(name: string, args: RuleGroupArgs, opts?: CustomResourceOptions);
    @overload
    def RuleGroup(resource_name: str,
                  args: RuleGroupArgs,
                  opts: Optional[ResourceOptions] = None)
    
    @overload
    def RuleGroup(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  capacity: Optional[int] = None,
                  custom_response_bodies: Optional[Sequence[RuleGroupCustomResponseBodyArgs]] = None,
                  description: Optional[str] = None,
                  name: Optional[str] = None,
                  name_prefix: Optional[str] = None,
                  rules: Optional[Sequence[RuleGroupRuleArgs]] = None,
                  scope: Optional[str] = None,
                  tags: Optional[Mapping[str, str]] = None,
                  visibility_config: Optional[RuleGroupVisibilityConfigArgs] = None)
    func NewRuleGroup(ctx *Context, name string, args RuleGroupArgs, opts ...ResourceOption) (*RuleGroup, error)
    public RuleGroup(string name, RuleGroupArgs args, CustomResourceOptions? opts = null)
    public RuleGroup(String name, RuleGroupArgs args)
    public RuleGroup(String name, RuleGroupArgs args, CustomResourceOptions options)
    
    type: aws:wafv2:RuleGroup
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args RuleGroupArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args RuleGroupArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args RuleGroupArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args RuleGroupArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args RuleGroupArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    RuleGroup Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The RuleGroup resource accepts the following input properties:

    Capacity int
    The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
    Scope string
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    VisibilityConfig RuleGroupVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
    CustomResponseBodies List<RuleGroupCustomResponseBody>
    Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
    Description string
    A friendly description of the rule group.
    Name string
    A friendly name of the rule group.
    NamePrefix string
    Rules List<RuleGroupRule>
    The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
    Tags Dictionary<string, string>
    An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    Capacity int
    The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
    Scope string
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    VisibilityConfig RuleGroupVisibilityConfigArgs
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
    CustomResponseBodies []RuleGroupCustomResponseBodyArgs
    Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
    Description string
    A friendly description of the rule group.
    Name string
    A friendly name of the rule group.
    NamePrefix string
    Rules []RuleGroupRuleArgs
    The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
    Tags map[string]string
    An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    capacity Integer
    The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
    scope String
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    visibilityConfig RuleGroupVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
    customResponseBodies List<RuleGroupCustomResponseBody>
    Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
    description String
    A friendly description of the rule group.
    name String
    A friendly name of the rule group.
    namePrefix String
    rules List<RuleGroupRule>
    The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
    tags Map<String,String>
    An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    capacity number
    The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
    scope string
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    visibilityConfig RuleGroupVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
    customResponseBodies RuleGroupCustomResponseBody[]
    Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
    description string
    A friendly description of the rule group.
    name string
    A friendly name of the rule group.
    namePrefix string
    rules RuleGroupRule[]
    The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
    tags {[key: string]: string}
    An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    capacity int
    The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
    scope str
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    visibility_config RuleGroupVisibilityConfigArgs
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
    custom_response_bodies Sequence[RuleGroupCustomResponseBodyArgs]
    Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
    description str
    A friendly description of the rule group.
    name str
    A friendly name of the rule group.
    name_prefix str
    rules Sequence[RuleGroupRuleArgs]
    The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
    tags Mapping[str, str]
    An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    capacity Number
    The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
    scope String
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    visibilityConfig Property Map
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
    customResponseBodies List<Property Map>
    Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
    description String
    A friendly description of the rule group.
    name String
    A friendly name of the rule group.
    namePrefix String
    rules List<Property Map>
    The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
    tags Map<String>
    An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the RuleGroup resource produces the following output properties:

    Arn string
    The ARN of the WAF rule group.
    Id string
    The provider-assigned unique ID for this managed resource.
    LockToken string
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Arn string
    The ARN of the WAF rule group.
    Id string
    The provider-assigned unique ID for this managed resource.
    LockToken string
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn String
    The ARN of the WAF rule group.
    id String
    The provider-assigned unique ID for this managed resource.
    lockToken String
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn string
    The ARN of the WAF rule group.
    id string
    The provider-assigned unique ID for this managed resource.
    lockToken string
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn str
    The ARN of the WAF rule group.
    id str
    The provider-assigned unique ID for this managed resource.
    lock_token str
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn String
    The ARN of the WAF rule group.
    id String
    The provider-assigned unique ID for this managed resource.
    lockToken String
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Look up Existing RuleGroup Resource

    Get an existing RuleGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: RuleGroupState, opts?: CustomResourceOptions): RuleGroup
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            arn: Optional[str] = None,
            capacity: Optional[int] = None,
            custom_response_bodies: Optional[Sequence[RuleGroupCustomResponseBodyArgs]] = None,
            description: Optional[str] = None,
            lock_token: Optional[str] = None,
            name: Optional[str] = None,
            name_prefix: Optional[str] = None,
            rules: Optional[Sequence[RuleGroupRuleArgs]] = None,
            scope: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None,
            visibility_config: Optional[RuleGroupVisibilityConfigArgs] = None) -> RuleGroup
    func GetRuleGroup(ctx *Context, name string, id IDInput, state *RuleGroupState, opts ...ResourceOption) (*RuleGroup, error)
    public static RuleGroup Get(string name, Input<string> id, RuleGroupState? state, CustomResourceOptions? opts = null)
    public static RuleGroup get(String name, Output<String> id, RuleGroupState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Arn string
    The ARN of the WAF rule group.
    Capacity int
    The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
    CustomResponseBodies List<RuleGroupCustomResponseBody>
    Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
    Description string
    A friendly description of the rule group.
    LockToken string
    Name string
    A friendly name of the rule group.
    NamePrefix string
    Rules List<RuleGroupRule>
    The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
    Scope string
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    Tags Dictionary<string, string>
    An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    VisibilityConfig RuleGroupVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
    Arn string
    The ARN of the WAF rule group.
    Capacity int
    The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
    CustomResponseBodies []RuleGroupCustomResponseBodyArgs
    Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
    Description string
    A friendly description of the rule group.
    LockToken string
    Name string
    A friendly name of the rule group.
    NamePrefix string
    Rules []RuleGroupRuleArgs
    The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
    Scope string
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    Tags map[string]string
    An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    VisibilityConfig RuleGroupVisibilityConfigArgs
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
    arn String
    The ARN of the WAF rule group.
    capacity Integer
    The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
    customResponseBodies List<RuleGroupCustomResponseBody>
    Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
    description String
    A friendly description of the rule group.
    lockToken String
    name String
    A friendly name of the rule group.
    namePrefix String
    rules List<RuleGroupRule>
    The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
    scope String
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    tags Map<String,String>
    An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    visibilityConfig RuleGroupVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
    arn string
    The ARN of the WAF rule group.
    capacity number
    The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
    customResponseBodies RuleGroupCustomResponseBody[]
    Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
    description string
    A friendly description of the rule group.
    lockToken string
    name string
    A friendly name of the rule group.
    namePrefix string
    rules RuleGroupRule[]
    The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
    scope string
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    tags {[key: string]: string}
    An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    visibilityConfig RuleGroupVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
    arn str
    The ARN of the WAF rule group.
    capacity int
    The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
    custom_response_bodies Sequence[RuleGroupCustomResponseBodyArgs]
    Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
    description str
    A friendly description of the rule group.
    lock_token str
    name str
    A friendly name of the rule group.
    name_prefix str
    rules Sequence[RuleGroupRuleArgs]
    The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
    scope str
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    tags Mapping[str, str]
    An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    visibility_config RuleGroupVisibilityConfigArgs
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
    arn String
    The ARN of the WAF rule group.
    capacity Number
    The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
    customResponseBodies List<Property Map>
    Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
    description String
    A friendly description of the rule group.
    lockToken String
    name String
    A friendly name of the rule group.
    namePrefix String
    rules List<Property Map>
    The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
    scope String
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    tags Map<String>
    An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    visibilityConfig Property Map
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

    Supporting Types

    Note: There are over 200 nested types for this resource. Only the first 200 types are included in this documentation.

    RuleGroupCustomResponseBody, RuleGroupCustomResponseBodyArgs

    Content string
    The payload of the custom response.
    ContentType string
    The type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
    Key string
    A unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the Custom Response block.
    Content string
    The payload of the custom response.
    ContentType string
    The type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
    Key string
    A unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the Custom Response block.
    content String
    The payload of the custom response.
    contentType String
    The type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
    key String
    A unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the Custom Response block.
    content string
    The payload of the custom response.
    contentType string
    The type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
    key string
    A unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the Custom Response block.
    content str
    The payload of the custom response.
    content_type str
    The type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
    key str
    A unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the Custom Response block.
    content String
    The payload of the custom response.
    contentType String
    The type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
    key String
    A unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the Custom Response block.

    RuleGroupRule, RuleGroupRuleArgs

    Action RuleGroupRuleAction
    The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the aws.wafv2.WebAcl level can override the rule action setting. See Action below for details.
    Name string
    A friendly name of the rule.
    Priority int
    If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
    Statement RuleGroupRuleStatement
    The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See Statement below for details.
    VisibilityConfig RuleGroupRuleVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
    CaptchaConfig RuleGroupRuleCaptchaConfig
    Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
    RuleLabels List<RuleGroupRuleRuleLabel>
    Labels to apply to web requests that match the rule match statement. See Rule Label below for details.
    Action RuleGroupRuleAction
    The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the aws.wafv2.WebAcl level can override the rule action setting. See Action below for details.
    Name string
    A friendly name of the rule.
    Priority int
    If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
    Statement RuleGroupRuleStatement
    The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See Statement below for details.
    VisibilityConfig RuleGroupRuleVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
    CaptchaConfig RuleGroupRuleCaptchaConfig
    Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
    RuleLabels []RuleGroupRuleRuleLabel
    Labels to apply to web requests that match the rule match statement. See Rule Label below for details.
    action RuleGroupRuleAction
    The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the aws.wafv2.WebAcl level can override the rule action setting. See Action below for details.
    name String
    A friendly name of the rule.
    priority Integer
    If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
    statement RuleGroupRuleStatement
    The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See Statement below for details.
    visibilityConfig RuleGroupRuleVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
    captchaConfig RuleGroupRuleCaptchaConfig
    Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
    ruleLabels List<RuleGroupRuleRuleLabel>
    Labels to apply to web requests that match the rule match statement. See Rule Label below for details.
    action RuleGroupRuleAction
    The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the aws.wafv2.WebAcl level can override the rule action setting. See Action below for details.
    name string
    A friendly name of the rule.
    priority number
    If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
    statement RuleGroupRuleStatement
    The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See Statement below for details.
    visibilityConfig RuleGroupRuleVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
    captchaConfig RuleGroupRuleCaptchaConfig
    Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
    ruleLabels RuleGroupRuleRuleLabel[]
    Labels to apply to web requests that match the rule match statement. See Rule Label below for details.
    action RuleGroupRuleAction
    The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the aws.wafv2.WebAcl level can override the rule action setting. See Action below for details.
    name str
    A friendly name of the rule.
    priority int
    If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
    statement RuleGroupRuleStatement
    The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See Statement below for details.
    visibility_config RuleGroupRuleVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
    captcha_config RuleGroupRuleCaptchaConfig
    Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
    rule_labels Sequence[RuleGroupRuleRuleLabel]
    Labels to apply to web requests that match the rule match statement. See Rule Label below for details.
    action Property Map
    The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the aws.wafv2.WebAcl level can override the rule action setting. See Action below for details.
    name String
    A friendly name of the rule.
    priority Number
    If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
    statement Property Map
    The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See Statement below for details.
    visibilityConfig Property Map
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
    captchaConfig Property Map
    Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
    ruleLabels List<Property Map>
    Labels to apply to web requests that match the rule match statement. See Rule Label below for details.

    RuleGroupRuleAction, RuleGroupRuleActionArgs

    Allow RuleGroupRuleActionAllow
    Instructs AWS WAF to allow the web request. See Allow below for details.
    Block RuleGroupRuleActionBlock
    Instructs AWS WAF to block the web request. See Block below for details.
    Captcha RuleGroupRuleActionCaptcha
    Instructs AWS WAF to run a CAPTCHA check against the web request. See Captcha below for details.
    Challenge RuleGroupRuleActionChallenge
    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details.
    Count RuleGroupRuleActionCount
    Instructs AWS WAF to count the web request and allow it. See Count below for details.
    Allow RuleGroupRuleActionAllow
    Instructs AWS WAF to allow the web request. See Allow below for details.
    Block RuleGroupRuleActionBlock
    Instructs AWS WAF to block the web request. See Block below for details.
    Captcha RuleGroupRuleActionCaptcha
    Instructs AWS WAF to run a CAPTCHA check against the web request. See Captcha below for details.
    Challenge RuleGroupRuleActionChallenge
    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details.
    Count RuleGroupRuleActionCount
    Instructs AWS WAF to count the web request and allow it. See Count below for details.
    allow RuleGroupRuleActionAllow
    Instructs AWS WAF to allow the web request. See Allow below for details.
    block RuleGroupRuleActionBlock
    Instructs AWS WAF to block the web request. See Block below for details.
    captcha RuleGroupRuleActionCaptcha
    Instructs AWS WAF to run a CAPTCHA check against the web request. See Captcha below for details.
    challenge RuleGroupRuleActionChallenge
    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details.
    count RuleGroupRuleActionCount
    Instructs AWS WAF to count the web request and allow it. See Count below for details.
    allow RuleGroupRuleActionAllow
    Instructs AWS WAF to allow the web request. See Allow below for details.
    block RuleGroupRuleActionBlock
    Instructs AWS WAF to block the web request. See Block below for details.
    captcha RuleGroupRuleActionCaptcha
    Instructs AWS WAF to run a CAPTCHA check against the web request. See Captcha below for details.
    challenge RuleGroupRuleActionChallenge
    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details.
    count RuleGroupRuleActionCount
    Instructs AWS WAF to count the web request and allow it. See Count below for details.
    allow RuleGroupRuleActionAllow
    Instructs AWS WAF to allow the web request. See Allow below for details.
    block RuleGroupRuleActionBlock
    Instructs AWS WAF to block the web request. See Block below for details.
    captcha RuleGroupRuleActionCaptcha
    Instructs AWS WAF to run a CAPTCHA check against the web request. See Captcha below for details.
    challenge RuleGroupRuleActionChallenge
    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details.
    count RuleGroupRuleActionCount
    Instructs AWS WAF to count the web request and allow it. See Count below for details.
    allow Property Map
    Instructs AWS WAF to allow the web request. See Allow below for details.
    block Property Map
    Instructs AWS WAF to block the web request. See Block below for details.
    captcha Property Map
    Instructs AWS WAF to run a CAPTCHA check against the web request. See Captcha below for details.
    challenge Property Map
    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details.
    count Property Map
    Instructs AWS WAF to count the web request and allow it. See Count below for details.

    RuleGroupRuleActionAllow, RuleGroupRuleActionAllowArgs

    CustomRequestHandling RuleGroupRuleActionAllowCustomRequestHandling
    Defines custom handling for the web request. See Custom Request Handling below for details.
    CustomRequestHandling RuleGroupRuleActionAllowCustomRequestHandling
    Defines custom handling for the web request. See Custom Request Handling below for details.
    customRequestHandling RuleGroupRuleActionAllowCustomRequestHandling
    Defines custom handling for the web request. See Custom Request Handling below for details.
    customRequestHandling RuleGroupRuleActionAllowCustomRequestHandling
    Defines custom handling for the web request. See Custom Request Handling below for details.
    custom_request_handling RuleGroupRuleActionAllowCustomRequestHandling
    Defines custom handling for the web request. See Custom Request Handling below for details.
    customRequestHandling Property Map
    Defines custom handling for the web request. See Custom Request Handling below for details.

    RuleGroupRuleActionAllowCustomRequestHandling, RuleGroupRuleActionAllowCustomRequestHandlingArgs

    InsertHeaders List<RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
    InsertHeaders []RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
    insertHeaders List<RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
    insertHeaders RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader[]
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
    insert_headers Sequence[RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader]
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
    insertHeaders List<Property Map>
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

    RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader, RuleGroupRuleActionAllowCustomRequestHandlingInsertHeaderArgs

    Name string
    A friendly name of the rule group.
    Value string
    The value of the custom header.
    Name string
    A friendly name of the rule group.
    Value string
    The value of the custom header.
    name String
    A friendly name of the rule group.
    value String
    The value of the custom header.
    name string
    A friendly name of the rule group.
    value string
    The value of the custom header.
    name str
    A friendly name of the rule group.
    value str
    The value of the custom header.
    name String
    A friendly name of the rule group.
    value String
    The value of the custom header.

    RuleGroupRuleActionBlock, RuleGroupRuleActionBlockArgs

    CustomResponse RuleGroupRuleActionBlockCustomResponse
    Defines a custom response for the web request. See Custom Response below for details.
    CustomResponse RuleGroupRuleActionBlockCustomResponse
    Defines a custom response for the web request. See Custom Response below for details.
    customResponse RuleGroupRuleActionBlockCustomResponse
    Defines a custom response for the web request. See Custom Response below for details.
    customResponse RuleGroupRuleActionBlockCustomResponse
    Defines a custom response for the web request. See Custom Response below for details.
    custom_response RuleGroupRuleActionBlockCustomResponse
    Defines a custom response for the web request. See Custom Response below for details.
    customResponse Property Map
    Defines a custom response for the web request. See Custom Response below for details.

    RuleGroupRuleActionBlockCustomResponse, RuleGroupRuleActionBlockCustomResponseArgs

    ResponseCode int
    The HTTP status code to return to the client.
    CustomResponseBodyKey string
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    ResponseHeaders List<RuleGroupRuleActionBlockCustomResponseResponseHeader>
    The response_header blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.
    ResponseCode int
    The HTTP status code to return to the client.
    CustomResponseBodyKey string
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    ResponseHeaders []RuleGroupRuleActionBlockCustomResponseResponseHeader
    The response_header blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.
    responseCode Integer
    The HTTP status code to return to the client.
    customResponseBodyKey String
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    responseHeaders List<RuleGroupRuleActionBlockCustomResponseResponseHeader>
    The response_header blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.
    responseCode number
    The HTTP status code to return to the client.
    customResponseBodyKey string
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    responseHeaders RuleGroupRuleActionBlockCustomResponseResponseHeader[]
    The response_header blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.
    response_code int
    The HTTP status code to return to the client.
    custom_response_body_key str
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    response_headers Sequence[RuleGroupRuleActionBlockCustomResponseResponseHeader]
    The response_header blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.
    responseCode Number
    The HTTP status code to return to the client.
    customResponseBodyKey String
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    responseHeaders List<Property Map>
    The response_header blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.

    RuleGroupRuleActionBlockCustomResponseResponseHeader, RuleGroupRuleActionBlockCustomResponseResponseHeaderArgs

    Name string
    A friendly name of the rule group.
    Value string
    The value of the custom header.
    Name string
    A friendly name of the rule group.
    Value string
    The value of the custom header.
    name String
    A friendly name of the rule group.
    value String
    The value of the custom header.
    name string
    A friendly name of the rule group.
    value string
    The value of the custom header.
    name str
    A friendly name of the rule group.
    value str
    The value of the custom header.
    name String
    A friendly name of the rule group.
    value String
    The value of the custom header.

    RuleGroupRuleActionCaptcha, RuleGroupRuleActionCaptchaArgs

    CustomRequestHandling RuleGroupRuleActionCaptchaCustomRequestHandling
    Defines custom handling for the web request. See Custom Request Handling below for details.
    CustomRequestHandling RuleGroupRuleActionCaptchaCustomRequestHandling
    Defines custom handling for the web request. See Custom Request Handling below for details.
    customRequestHandling RuleGroupRuleActionCaptchaCustomRequestHandling
    Defines custom handling for the web request. See Custom Request Handling below for details.
    customRequestHandling RuleGroupRuleActionCaptchaCustomRequestHandling
    Defines custom handling for the web request. See Custom Request Handling below for details.
    custom_request_handling RuleGroupRuleActionCaptchaCustomRequestHandling
    Defines custom handling for the web request. See Custom Request Handling below for details.
    customRequestHandling Property Map
    Defines custom handling for the web request. See Custom Request Handling below for details.

    RuleGroupRuleActionCaptchaCustomRequestHandling, RuleGroupRuleActionCaptchaCustomRequestHandlingArgs

    InsertHeaders List<RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
    InsertHeaders []RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
    insertHeaders List<RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
    insertHeaders RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader[]
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
    insert_headers Sequence[RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader]
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
    insertHeaders List<Property Map>
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

    RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader, RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeaderArgs

    Name string
    A friendly name of the rule group.
    Value string
    The value of the custom header.
    Name string
    A friendly name of the rule group.
    Value string
    The value of the custom header.
    name String
    A friendly name of the rule group.
    value String
    The value of the custom header.
    name string
    A friendly name of the rule group.
    value string
    The value of the custom header.
    name str
    A friendly name of the rule group.
    value str
    The value of the custom header.
    name String
    A friendly name of the rule group.
    value String
    The value of the custom header.

    RuleGroupRuleActionChallenge, RuleGroupRuleActionChallengeArgs

    CustomRequestHandling RuleGroupRuleActionChallengeCustomRequestHandling
    Defines custom handling for the web request. See Custom Request Handling below for details.
    CustomRequestHandling RuleGroupRuleActionChallengeCustomRequestHandling
    Defines custom handling for the web request. See Custom Request Handling below for details.
    customRequestHandling RuleGroupRuleActionChallengeCustomRequestHandling
    Defines custom handling for the web request. See Custom Request Handling below for details.
    customRequestHandling RuleGroupRuleActionChallengeCustomRequestHandling
    Defines custom handling for the web request. See Custom Request Handling below for details.
    custom_request_handling RuleGroupRuleActionChallengeCustomRequestHandling
    Defines custom handling for the web request. See Custom Request Handling below for details.
    customRequestHandling Property Map
    Defines custom handling for the web request. See Custom Request Handling below for details.

    RuleGroupRuleActionChallengeCustomRequestHandling, RuleGroupRuleActionChallengeCustomRequestHandlingArgs

    InsertHeaders List<RuleGroupRuleActionChallengeCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
    InsertHeaders []RuleGroupRuleActionChallengeCustomRequestHandlingInsertHeader
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
    insertHeaders List<RuleGroupRuleActionChallengeCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
    insertHeaders RuleGroupRuleActionChallengeCustomRequestHandlingInsertHeader[]
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
    insert_headers Sequence[RuleGroupRuleActionChallengeCustomRequestHandlingInsertHeader]
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
    insertHeaders List<Property Map>
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

    RuleGroupRuleActionChallengeCustomRequestHandlingInsertHeader, RuleGroupRuleActionChallengeCustomRequestHandlingInsertHeaderArgs

    Name string
    A friendly name of the rule group.
    Value string
    The value of the custom header.
    Name string
    A friendly name of the rule group.
    Value string
    The value of the custom header.
    name String
    A friendly name of the rule group.
    value String
    The value of the custom header.
    name string
    A friendly name of the rule group.
    value string
    The value of the custom header.
    name str
    A friendly name of the rule group.
    value str
    The value of the custom header.
    name String
    A friendly name of the rule group.
    value String
    The value of the custom header.

    RuleGroupRuleActionCount, RuleGroupRuleActionCountArgs

    CustomRequestHandling RuleGroupRuleActionCountCustomRequestHandling
    Defines custom handling for the web request. See Custom Request Handling below for details.
    CustomRequestHandling RuleGroupRuleActionCountCustomRequestHandling
    Defines custom handling for the web request. See Custom Request Handling below for details.
    customRequestHandling RuleGroupRuleActionCountCustomRequestHandling
    Defines custom handling for the web request. See Custom Request Handling below for details.
    customRequestHandling RuleGroupRuleActionCountCustomRequestHandling
    Defines custom handling for the web request. See Custom Request Handling below for details.
    custom_request_handling RuleGroupRuleActionCountCustomRequestHandling
    Defines custom handling for the web request. See Custom Request Handling below for details.
    customRequestHandling Property Map
    Defines custom handling for the web request. See Custom Request Handling below for details.

    RuleGroupRuleActionCountCustomRequestHandling, RuleGroupRuleActionCountCustomRequestHandlingArgs

    InsertHeaders List<RuleGroupRuleActionCountCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
    InsertHeaders []RuleGroupRuleActionCountCustomRequestHandlingInsertHeader
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
    insertHeaders List<RuleGroupRuleActionCountCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
    insertHeaders RuleGroupRuleActionCountCustomRequestHandlingInsertHeader[]
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
    insert_headers Sequence[RuleGroupRuleActionCountCustomRequestHandlingInsertHeader]
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
    insertHeaders List<Property Map>
    The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

    RuleGroupRuleActionCountCustomRequestHandlingInsertHeader, RuleGroupRuleActionCountCustomRequestHandlingInsertHeaderArgs

    Name string
    A friendly name of the rule group.
    Value string
    The value of the custom header.
    Name string
    A friendly name of the rule group.
    Value string
    The value of the custom header.
    name String
    A friendly name of the rule group.
    value String
    The value of the custom header.
    name string
    A friendly name of the rule group.
    value string
    The value of the custom header.
    name str
    A friendly name of the rule group.
    value str
    The value of the custom header.
    name String
    A friendly name of the rule group.
    value String
    The value of the custom header.

    RuleGroupRuleCaptchaConfig, RuleGroupRuleCaptchaConfigArgs

    ImmunityTimeProperty RuleGroupRuleCaptchaConfigImmunityTimeProperty
    Defines custom immunity time. See Immunity Time Property below for details.
    ImmunityTimeProperty RuleGroupRuleCaptchaConfigImmunityTimeProperty
    Defines custom immunity time. See Immunity Time Property below for details.
    immunityTimeProperty RuleGroupRuleCaptchaConfigImmunityTimeProperty
    Defines custom immunity time. See Immunity Time Property below for details.
    immunityTimeProperty RuleGroupRuleCaptchaConfigImmunityTimeProperty
    Defines custom immunity time. See Immunity Time Property below for details.
    immunity_time_property RuleGroupRuleCaptchaConfigImmunityTimeProperty
    Defines custom immunity time. See Immunity Time Property below for details.
    immunityTimeProperty Property Map
    Defines custom immunity time. See Immunity Time Property below for details.

    RuleGroupRuleCaptchaConfigImmunityTimeProperty, RuleGroupRuleCaptchaConfigImmunityTimePropertyArgs

    ImmunityTime int
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
    ImmunityTime int
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
    immunityTime Integer
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
    immunityTime number
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
    immunity_time int
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
    immunityTime Number
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

    RuleGroupRuleRuleLabel, RuleGroupRuleRuleLabelArgs

    Name string
    The label string.
    Name string
    The label string.
    name String
    The label string.
    name string
    The label string.
    name str
    The label string.
    name String
    The label string.

    RuleGroupRuleStatement, RuleGroupRuleStatementArgs

    AndStatement RuleGroupRuleStatementAndStatement
    A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
    ByteMatchStatement RuleGroupRuleStatementByteMatchStatement
    A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
    GeoMatchStatement RuleGroupRuleStatementGeoMatchStatement
    A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
    IpSetReferenceStatement RuleGroupRuleStatementIpSetReferenceStatement
    A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
    LabelMatchStatement RuleGroupRuleStatementLabelMatchStatement
    A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
    NotStatement RuleGroupRuleStatementNotStatement
    A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
    OrStatement RuleGroupRuleStatementOrStatement
    A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
    RateBasedStatement RuleGroupRuleStatementRateBasedStatement
    A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See Rate Based Statement below for details.
    RegexMatchStatement RuleGroupRuleStatementRegexMatchStatement
    A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
    RegexPatternSetReferenceStatement RuleGroupRuleStatementRegexPatternSetReferenceStatement
    A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
    SizeConstraintStatement RuleGroupRuleStatementSizeConstraintStatement
    A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
    SqliMatchStatement RuleGroupRuleStatementSqliMatchStatement
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
    XssMatchStatement RuleGroupRuleStatementXssMatchStatement
    A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
    AndStatement RuleGroupRuleStatementAndStatement
    A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
    ByteMatchStatement RuleGroupRuleStatementByteMatchStatement
    A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
    GeoMatchStatement RuleGroupRuleStatementGeoMatchStatement
    A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
    IpSetReferenceStatement RuleGroupRuleStatementIpSetReferenceStatement
    A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
    LabelMatchStatement RuleGroupRuleStatementLabelMatchStatement
    A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
    NotStatement RuleGroupRuleStatementNotStatement
    A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
    OrStatement RuleGroupRuleStatementOrStatement
    A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
    RateBasedStatement RuleGroupRuleStatementRateBasedStatement
    A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See Rate Based Statement below for details.
    RegexMatchStatement RuleGroupRuleStatementRegexMatchStatement
    A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
    RegexPatternSetReferenceStatement RuleGroupRuleStatementRegexPatternSetReferenceStatement
    A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
    SizeConstraintStatement RuleGroupRuleStatementSizeConstraintStatement
    A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
    SqliMatchStatement RuleGroupRuleStatementSqliMatchStatement
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
    XssMatchStatement RuleGroupRuleStatementXssMatchStatement
    A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
    andStatement RuleGroupRuleStatementAndStatement
    A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
    byteMatchStatement RuleGroupRuleStatementByteMatchStatement
    A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
    geoMatchStatement RuleGroupRuleStatementGeoMatchStatement
    A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
    ipSetReferenceStatement RuleGroupRuleStatementIpSetReferenceStatement
    A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
    labelMatchStatement RuleGroupRuleStatementLabelMatchStatement
    A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
    notStatement RuleGroupRuleStatementNotStatement
    A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
    orStatement RuleGroupRuleStatementOrStatement
    A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
    rateBasedStatement RuleGroupRuleStatementRateBasedStatement
    A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See Rate Based Statement below for details.
    regexMatchStatement RuleGroupRuleStatementRegexMatchStatement
    A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
    regexPatternSetReferenceStatement RuleGroupRuleStatementRegexPatternSetReferenceStatement
    A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
    sizeConstraintStatement RuleGroupRuleStatementSizeConstraintStatement
    A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
    sqliMatchStatement RuleGroupRuleStatementSqliMatchStatement
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
    xssMatchStatement RuleGroupRuleStatementXssMatchStatement
    A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
    andStatement RuleGroupRuleStatementAndStatement
    A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
    byteMatchStatement RuleGroupRuleStatementByteMatchStatement
    A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
    geoMatchStatement RuleGroupRuleStatementGeoMatchStatement
    A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
    ipSetReferenceStatement RuleGroupRuleStatementIpSetReferenceStatement
    A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
    labelMatchStatement RuleGroupRuleStatementLabelMatchStatement
    A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
    notStatement RuleGroupRuleStatementNotStatement
    A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
    orStatement RuleGroupRuleStatementOrStatement
    A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
    rateBasedStatement RuleGroupRuleStatementRateBasedStatement
    A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See Rate Based Statement below for details.
    regexMatchStatement RuleGroupRuleStatementRegexMatchStatement
    A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
    regexPatternSetReferenceStatement RuleGroupRuleStatementRegexPatternSetReferenceStatement
    A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
    sizeConstraintStatement RuleGroupRuleStatementSizeConstraintStatement
    A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
    sqliMatchStatement RuleGroupRuleStatementSqliMatchStatement
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
    xssMatchStatement RuleGroupRuleStatementXssMatchStatement
    A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
    and_statement RuleGroupRuleStatementAndStatement
    A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
    byte_match_statement RuleGroupRuleStatementByteMatchStatement
    A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
    geo_match_statement RuleGroupRuleStatementGeoMatchStatement
    A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
    ip_set_reference_statement RuleGroupRuleStatementIpSetReferenceStatement
    A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
    label_match_statement RuleGroupRuleStatementLabelMatchStatement
    A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
    not_statement RuleGroupRuleStatementNotStatement
    A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
    or_statement RuleGroupRuleStatementOrStatement
    A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
    rate_based_statement RuleGroupRuleStatementRateBasedStatement
    A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See Rate Based Statement below for details.
    regex_match_statement RuleGroupRuleStatementRegexMatchStatement
    A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
    regex_pattern_set_reference_statement RuleGroupRuleStatementRegexPatternSetReferenceStatement
    A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
    size_constraint_statement RuleGroupRuleStatementSizeConstraintStatement
    A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
    sqli_match_statement RuleGroupRuleStatementSqliMatchStatement
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
    xss_match_statement RuleGroupRuleStatementXssMatchStatement
    A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
    andStatement Property Map
    A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
    byteMatchStatement Property Map
    A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
    geoMatchStatement Property Map
    A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
    ipSetReferenceStatement Property Map
    A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
    labelMatchStatement Property Map
    A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
    notStatement Property Map
    A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
    orStatement Property Map
    A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
    rateBasedStatement Property Map
    A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See Rate Based Statement below for details.
    regexMatchStatement Property Map
    A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
    regexPatternSetReferenceStatement Property Map
    A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
    sizeConstraintStatement Property Map
    A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
    sqliMatchStatement Property Map
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
    xssMatchStatement Property Map
    A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

    RuleGroupRuleStatementAndStatement, RuleGroupRuleStatementAndStatementArgs

    Statements List<RuleGroupRuleStatement>
    The statements to combine.
    Statements []RuleGroupRuleStatement
    The statements to combine.
    statements List<RuleGroupRuleStatement>
    The statements to combine.
    statements RuleGroupRuleStatement[]
    The statements to combine.
    statements List<Property Map>
    The statements to combine.

    RuleGroupRuleStatementByteMatchStatement, RuleGroupRuleStatementByteMatchStatementArgs

    PositionalConstraint string
    The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    SearchString string
    A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    TextTransformations List<RuleGroupRuleStatementByteMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementByteMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    PositionalConstraint string
    The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    SearchString string
    A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    TextTransformations []RuleGroupRuleStatementByteMatchStatementTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementByteMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    positionalConstraint String
    The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    searchString String
    A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    textTransformations List<RuleGroupRuleStatementByteMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementByteMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    positionalConstraint string
    The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    searchString string
    A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    textTransformations RuleGroupRuleStatementByteMatchStatementTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementByteMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    positional_constraint str
    The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    search_string str
    A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    text_transformations Sequence[RuleGroupRuleStatementByteMatchStatementTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    field_to_match RuleGroupRuleStatementByteMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    positionalConstraint String
    The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    searchString String
    A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch Property Map
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

    RuleGroupRuleStatementByteMatchStatementFieldToMatch, RuleGroupRuleStatementByteMatchStatementFieldToMatchArgs

    AllQueryArguments RuleGroupRuleStatementByteMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementByteMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementByteMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders List<RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    Headers List<RuleGroupRuleStatementByteMatchStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementByteMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementByteMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementByteMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    AllQueryArguments RuleGroupRuleStatementByteMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementByteMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementByteMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders []RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderOrder
    Inspect the request headers. See Header Order below for details.
    Headers []RuleGroupRuleStatementByteMatchStatementFieldToMatchHeader
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementByteMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementByteMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementByteMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementByteMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementByteMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementByteMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    headers List<RuleGroupRuleStatementByteMatchStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementByteMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementByteMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementByteMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementByteMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementByteMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementByteMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderOrder[]
    Inspect the request headers. See Header Order below for details.
    headers RuleGroupRuleStatementByteMatchStatementFieldToMatchHeader[]
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementByteMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementByteMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementByteMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    all_query_arguments RuleGroupRuleStatementByteMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementByteMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementByteMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    header_orders Sequence[RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderOrder]
    Inspect the request headers. See Header Order below for details.
    headers Sequence[RuleGroupRuleStatementByteMatchStatementFieldToMatchHeader]
    Inspect the request headers. See Headers below for details.
    ja3_fingerprint RuleGroupRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint
    json_body RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementByteMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    query_string RuleGroupRuleStatementByteMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    single_header RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    single_query_argument RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uri_path RuleGroupRuleStatementByteMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments Property Map
    Inspect all query arguments.
    body Property Map
    Inspect the request body, which immediately follows the request headers.
    cookies Property Map
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<Property Map>
    Inspect the request headers. See Header Order below for details.
    headers List<Property Map>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint Property Map
    jsonBody Property Map
    Inspect the request body as JSON. See JSON Body for details.
    method Property Map
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString Property Map
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader Property Map
    Inspect a single header. See Single Header below for details.
    singleQueryArgument Property Map
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath Property Map
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    RuleGroupRuleStatementByteMatchStatementFieldToMatchBody, RuleGroupRuleStatementByteMatchStatementFieldToMatchBodyArgs

    RuleGroupRuleStatementByteMatchStatementFieldToMatchCookies, RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesArgs

    MatchPatterns List<RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    MatchPatterns []RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern[]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    match_patterns Sequence[RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    match_scope str
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversize_handling str
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<Property Map>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

    RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs

    All RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedCookies List<string>
    IncludedCookies List<string>
    All RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedCookies []string
    IncludedCookies []string
    all RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>
    all RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedCookies string[]
    includedCookies string[]
    all RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_cookies Sequence[str]
    included_cookies Sequence[str]
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>

    RuleGroupRuleStatementByteMatchStatementFieldToMatchHeader, RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderArgs

    MatchPattern RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    MatchPattern RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    match_pattern RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    match_scope str
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern Property Map
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs

    All RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders List<string>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders List<string>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    All RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders []string
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders []string
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders string[]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders string[]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_headers Sequence[str]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    included_headers Sequence[str]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderOrderArgs

    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementByteMatchStatementFieldToMatchJa3FingerprintArgs

    RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBody, RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyArgs

    MatchPattern RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    MatchPattern RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    match_pattern RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    match_scope str
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalid_fallback_behavior str
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversize_handling str
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern Property Map
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs

    All RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    IncludedPaths List<string>
    All RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    IncludedPaths []string
    all RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>
    all RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    includedPaths string[]
    all RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    included_paths Sequence[str]
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>

    RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeader, RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeaderArgs

    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.

    RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs

    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.

    RuleGroupRuleStatementByteMatchStatementTextTransformation, RuleGroupRuleStatementByteMatchStatementTextTransformationArgs

    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.

    RuleGroupRuleStatementGeoMatchStatement, RuleGroupRuleStatementGeoMatchStatementArgs

    CountryCodes List<string>
    An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    ForwardedIpConfig RuleGroupRuleStatementGeoMatchStatementForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
    CountryCodes []string
    An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    ForwardedIpConfig RuleGroupRuleStatementGeoMatchStatementForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
    countryCodes List<String>
    An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    forwardedIpConfig RuleGroupRuleStatementGeoMatchStatementForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
    countryCodes string[]
    An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    forwardedIpConfig RuleGroupRuleStatementGeoMatchStatementForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
    country_codes Sequence[str]
    An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    forwarded_ip_config RuleGroupRuleStatementGeoMatchStatementForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
    countryCodes List<String>
    An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    forwardedIpConfig Property Map
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.

    RuleGroupRuleStatementGeoMatchStatementForwardedIpConfig, RuleGroupRuleStatementGeoMatchStatementForwardedIpConfigArgs

    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    HeaderName string
    The name of the HTTP header to use for the IP address.
    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    HeaderName string
    The name of the HTTP header to use for the IP address.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName String
    The name of the HTTP header to use for the IP address.
    fallbackBehavior string
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName string
    The name of the HTTP header to use for the IP address.
    fallback_behavior str
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    header_name str
    The name of the HTTP header to use for the IP address.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName String
    The name of the HTTP header to use for the IP address.

    RuleGroupRuleStatementIpSetReferenceStatement, RuleGroupRuleStatementIpSetReferenceStatementArgs

    Arn string
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    IpSetForwardedIpConfig RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
    Arn string
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    IpSetForwardedIpConfig RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
    arn String
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    ipSetForwardedIpConfig RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
    arn string
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    ipSetForwardedIpConfig RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
    arn str
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    ip_set_forwarded_ip_config RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
    arn String
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    ipSetForwardedIpConfig Property Map
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.

    RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig, RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs

    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    HeaderName string
    The name of the HTTP header to use for the IP address.
    Position string
    The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    HeaderName string
    The name of the HTTP header to use for the IP address.
    Position string
    The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName String
    The name of the HTTP header to use for the IP address.
    position String
    The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
    fallbackBehavior string
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName string
    The name of the HTTP header to use for the IP address.
    position string
    The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
    fallback_behavior str
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    header_name str
    The name of the HTTP header to use for the IP address.
    position str
    The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName String
    The name of the HTTP header to use for the IP address.
    position String
    The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

    RuleGroupRuleStatementLabelMatchStatement, RuleGroupRuleStatementLabelMatchStatementArgs

    Key string
    The string to match against.
    Scope string
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.
    Key string
    The string to match against.
    Scope string
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.
    key String
    The string to match against.
    scope String
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.
    key string
    The string to match against.
    scope string
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.
    key str
    The string to match against.
    scope str
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.
    key String
    The string to match against.
    scope String
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

    RuleGroupRuleStatementNotStatement, RuleGroupRuleStatementNotStatementArgs

    Statements List<RuleGroupRuleStatement>
    The statements to combine.
    Statements []RuleGroupRuleStatement
    The statements to combine.
    statements List<RuleGroupRuleStatement>
    The statements to combine.
    statements RuleGroupRuleStatement[]
    The statements to combine.
    statements List<Property Map>
    The statements to combine.

    RuleGroupRuleStatementOrStatement, RuleGroupRuleStatementOrStatementArgs

    Statements List<RuleGroupRuleStatement>
    The statements to combine.
    Statements []RuleGroupRuleStatement
    The statements to combine.
    statements List<RuleGroupRuleStatement>
    The statements to combine.
    statements RuleGroupRuleStatement[]
    The statements to combine.
    statements List<Property Map>
    The statements to combine.

    RuleGroupRuleStatementRateBasedStatement, RuleGroupRuleStatementRateBasedStatementArgs

    Limit int
    The limit on requests per 5-minute period for a single originating IP address.
    AggregateKeyType string
    Setting that indicates how to aggregate the request counts. Valid values include: CONSTANT, CUSTOM_KEYS, FORWARDED_IP or IP. Default: IP.
    CustomKeys List<RuleGroupRuleStatementRateBasedStatementCustomKey>
    Aggregate the request counts using one or more web request components as the aggregate keys. See custom_key below for details.
    EvaluationWindowSec int

    The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are 60, 120, 300, and 600. Defaults to 300 (5 minutes).

    NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.

    ForwardedIpConfig RuleGroupRuleStatementRateBasedStatementForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If aggregate_key_type is set to FORWARDED_IP, this block is required. See Forwarded IP Config below for details.
    ScopeDownStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatement
    An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See Statement above for details. If aggregate_key_type is set to CONSTANT, this block is required.
    Limit int
    The limit on requests per 5-minute period for a single originating IP address.
    AggregateKeyType string
    Setting that indicates how to aggregate the request counts. Valid values include: CONSTANT, CUSTOM_KEYS, FORWARDED_IP or IP. Default: IP.
    CustomKeys []RuleGroupRuleStatementRateBasedStatementCustomKey
    Aggregate the request counts using one or more web request components as the aggregate keys. See custom_key below for details.
    EvaluationWindowSec int

    The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are 60, 120, 300, and 600. Defaults to 300 (5 minutes).

    NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.

    ForwardedIpConfig RuleGroupRuleStatementRateBasedStatementForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If aggregate_key_type is set to FORWARDED_IP, this block is required. See Forwarded IP Config below for details.
    ScopeDownStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatement
    An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See Statement above for details. If aggregate_key_type is set to CONSTANT, this block is required.
    limit Integer
    The limit on requests per 5-minute period for a single originating IP address.
    aggregateKeyType String
    Setting that indicates how to aggregate the request counts. Valid values include: CONSTANT, CUSTOM_KEYS, FORWARDED_IP or IP. Default: IP.
    customKeys List<RuleGroupRuleStatementRateBasedStatementCustomKey>
    Aggregate the request counts using one or more web request components as the aggregate keys. See custom_key below for details.
    evaluationWindowSec Integer

    The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are 60, 120, 300, and 600. Defaults to 300 (5 minutes).

    NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.

    forwardedIpConfig RuleGroupRuleStatementRateBasedStatementForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If aggregate_key_type is set to FORWARDED_IP, this block is required. See Forwarded IP Config below for details.
    scopeDownStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatement
    An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See Statement above for details. If aggregate_key_type is set to CONSTANT, this block is required.
    limit number
    The limit on requests per 5-minute period for a single originating IP address.
    aggregateKeyType string
    Setting that indicates how to aggregate the request counts. Valid values include: CONSTANT, CUSTOM_KEYS, FORWARDED_IP or IP. Default: IP.
    customKeys RuleGroupRuleStatementRateBasedStatementCustomKey[]
    Aggregate the request counts using one or more web request components as the aggregate keys. See custom_key below for details.
    evaluationWindowSec number

    The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are 60, 120, 300, and 600. Defaults to 300 (5 minutes).

    NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.

    forwardedIpConfig RuleGroupRuleStatementRateBasedStatementForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If aggregate_key_type is set to FORWARDED_IP, this block is required. See Forwarded IP Config below for details.
    scopeDownStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatement
    An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See Statement above for details. If aggregate_key_type is set to CONSTANT, this block is required.
    limit int
    The limit on requests per 5-minute period for a single originating IP address.
    aggregate_key_type str
    Setting that indicates how to aggregate the request counts. Valid values include: CONSTANT, CUSTOM_KEYS, FORWARDED_IP or IP. Default: IP.
    custom_keys Sequence[RuleGroupRuleStatementRateBasedStatementCustomKey]
    Aggregate the request counts using one or more web request components as the aggregate keys. See custom_key below for details.
    evaluation_window_sec int

    The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are 60, 120, 300, and 600. Defaults to 300 (5 minutes).

    NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.

    forwarded_ip_config RuleGroupRuleStatementRateBasedStatementForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If aggregate_key_type is set to FORWARDED_IP, this block is required. See Forwarded IP Config below for details.
    scope_down_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatement
    An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See Statement above for details. If aggregate_key_type is set to CONSTANT, this block is required.
    limit Number
    The limit on requests per 5-minute period for a single originating IP address.
    aggregateKeyType String
    Setting that indicates how to aggregate the request counts. Valid values include: CONSTANT, CUSTOM_KEYS, FORWARDED_IP or IP. Default: IP.
    customKeys List<Property Map>
    Aggregate the request counts using one or more web request components as the aggregate keys. See custom_key below for details.
    evaluationWindowSec Number

    The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are 60, 120, 300, and 600. Defaults to 300 (5 minutes).

    NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.

    forwardedIpConfig Property Map
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If aggregate_key_type is set to FORWARDED_IP, this block is required. See Forwarded IP Config below for details.
    scopeDownStatement Property Map
    An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See Statement above for details. If aggregate_key_type is set to CONSTANT, this block is required.

    RuleGroupRuleStatementRateBasedStatementCustomKey, RuleGroupRuleStatementRateBasedStatementCustomKeyArgs

    Cookie RuleGroupRuleStatementRateBasedStatementCustomKeyCookie
    (Optional) Use the value of a cookie in the request as an aggregate key. See RateLimit cookie below for details.
    ForwardedIp RuleGroupRuleStatementRateBasedStatementCustomKeyForwardedIp
    (Optional) Use the first IP address in an HTTP header as an aggregate key. See forwarded_ip below for details.
    Header RuleGroupRuleStatementRateBasedStatementCustomKeyHeader
    (Optional) Use the value of a header in the request as an aggregate key. See RateLimit header below for details.
    HttpMethod RuleGroupRuleStatementRateBasedStatementCustomKeyHttpMethod
    (Optional) Use the request's HTTP method as an aggregate key. See RateLimit http_method below for details.
    Ip RuleGroupRuleStatementRateBasedStatementCustomKeyIp
    (Optional) Use the request's originating IP address as an aggregate key. See RateLimit ip below for details.
    LabelNamespace RuleGroupRuleStatementRateBasedStatementCustomKeyLabelNamespace
    (Optional) Use the specified label namespace as an aggregate key. See RateLimit label_namespace below for details.
    QueryArgument RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgument
    (Optional) Use the specified query argument as an aggregate key. See RateLimit query_argument below for details.
    QueryString RuleGroupRuleStatementRateBasedStatementCustomKeyQueryString
    (Optional) Use the request's query string as an aggregate key. See RateLimit query_string below for details.
    UriPath RuleGroupRuleStatementRateBasedStatementCustomKeyUriPath
    (Optional) Use the request's URI path as an aggregate key. See RateLimit uri_path below for details.
    Cookie RuleGroupRuleStatementRateBasedStatementCustomKeyCookie
    (Optional) Use the value of a cookie in the request as an aggregate key. See RateLimit cookie below for details.
    ForwardedIp RuleGroupRuleStatementRateBasedStatementCustomKeyForwardedIp
    (Optional) Use the first IP address in an HTTP header as an aggregate key. See forwarded_ip below for details.
    Header RuleGroupRuleStatementRateBasedStatementCustomKeyHeader
    (Optional) Use the value of a header in the request as an aggregate key. See RateLimit header below for details.
    HttpMethod RuleGroupRuleStatementRateBasedStatementCustomKeyHttpMethod
    (Optional) Use the request's HTTP method as an aggregate key. See RateLimit http_method below for details.
    Ip RuleGroupRuleStatementRateBasedStatementCustomKeyIp
    (Optional) Use the request's originating IP address as an aggregate key. See RateLimit ip below for details.
    LabelNamespace RuleGroupRuleStatementRateBasedStatementCustomKeyLabelNamespace
    (Optional) Use the specified label namespace as an aggregate key. See RateLimit label_namespace below for details.
    QueryArgument RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgument
    (Optional) Use the specified query argument as an aggregate key. See RateLimit query_argument below for details.
    QueryString RuleGroupRuleStatementRateBasedStatementCustomKeyQueryString
    (Optional) Use the request's query string as an aggregate key. See RateLimit query_string below for details.
    UriPath RuleGroupRuleStatementRateBasedStatementCustomKeyUriPath
    (Optional) Use the request's URI path as an aggregate key. See RateLimit uri_path below for details.
    cookie RuleGroupRuleStatementRateBasedStatementCustomKeyCookie
    (Optional) Use the value of a cookie in the request as an aggregate key. See RateLimit cookie below for details.
    forwardedIp RuleGroupRuleStatementRateBasedStatementCustomKeyForwardedIp
    (Optional) Use the first IP address in an HTTP header as an aggregate key. See forwarded_ip below for details.
    header RuleGroupRuleStatementRateBasedStatementCustomKeyHeader
    (Optional) Use the value of a header in the request as an aggregate key. See RateLimit header below for details.
    httpMethod RuleGroupRuleStatementRateBasedStatementCustomKeyHttpMethod
    (Optional) Use the request's HTTP method as an aggregate key. See RateLimit http_method below for details.
    ip RuleGroupRuleStatementRateBasedStatementCustomKeyIp
    (Optional) Use the request's originating IP address as an aggregate key. See RateLimit ip below for details.
    labelNamespace RuleGroupRuleStatementRateBasedStatementCustomKeyLabelNamespace
    (Optional) Use the specified label namespace as an aggregate key. See RateLimit label_namespace below for details.
    queryArgument RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgument
    (Optional) Use the specified query argument as an aggregate key. See RateLimit query_argument below for details.
    queryString RuleGroupRuleStatementRateBasedStatementCustomKeyQueryString
    (Optional) Use the request's query string as an aggregate key. See RateLimit query_string below for details.
    uriPath RuleGroupRuleStatementRateBasedStatementCustomKeyUriPath
    (Optional) Use the request's URI path as an aggregate key. See RateLimit uri_path below for details.
    cookie RuleGroupRuleStatementRateBasedStatementCustomKeyCookie
    (Optional) Use the value of a cookie in the request as an aggregate key. See RateLimit cookie below for details.
    forwardedIp RuleGroupRuleStatementRateBasedStatementCustomKeyForwardedIp
    (Optional) Use the first IP address in an HTTP header as an aggregate key. See forwarded_ip below for details.
    header RuleGroupRuleStatementRateBasedStatementCustomKeyHeader
    (Optional) Use the value of a header in the request as an aggregate key. See RateLimit header below for details.
    httpMethod RuleGroupRuleStatementRateBasedStatementCustomKeyHttpMethod
    (Optional) Use the request's HTTP method as an aggregate key. See RateLimit http_method below for details.
    ip RuleGroupRuleStatementRateBasedStatementCustomKeyIp
    (Optional) Use the request's originating IP address as an aggregate key. See RateLimit ip below for details.
    labelNamespace RuleGroupRuleStatementRateBasedStatementCustomKeyLabelNamespace
    (Optional) Use the specified label namespace as an aggregate key. See RateLimit label_namespace below for details.
    queryArgument RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgument
    (Optional) Use the specified query argument as an aggregate key. See RateLimit query_argument below for details.
    queryString RuleGroupRuleStatementRateBasedStatementCustomKeyQueryString
    (Optional) Use the request's query string as an aggregate key. See RateLimit query_string below for details.
    uriPath RuleGroupRuleStatementRateBasedStatementCustomKeyUriPath
    (Optional) Use the request's URI path as an aggregate key. See RateLimit uri_path below for details.
    cookie RuleGroupRuleStatementRateBasedStatementCustomKeyCookie
    (Optional) Use the value of a cookie in the request as an aggregate key. See RateLimit cookie below for details.
    forwarded_ip RuleGroupRuleStatementRateBasedStatementCustomKeyForwardedIp
    (Optional) Use the first IP address in an HTTP header as an aggregate key. See forwarded_ip below for details.
    header RuleGroupRuleStatementRateBasedStatementCustomKeyHeader
    (Optional) Use the value of a header in the request as an aggregate key. See RateLimit header below for details.
    http_method RuleGroupRuleStatementRateBasedStatementCustomKeyHttpMethod
    (Optional) Use the request's HTTP method as an aggregate key. See RateLimit http_method below for details.
    ip RuleGroupRuleStatementRateBasedStatementCustomKeyIp
    (Optional) Use the request's originating IP address as an aggregate key. See RateLimit ip below for details.
    label_namespace RuleGroupRuleStatementRateBasedStatementCustomKeyLabelNamespace
    (Optional) Use the specified label namespace as an aggregate key. See RateLimit label_namespace below for details.
    query_argument RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgument
    (Optional) Use the specified query argument as an aggregate key. See RateLimit query_argument below for details.
    query_string RuleGroupRuleStatementRateBasedStatementCustomKeyQueryString
    (Optional) Use the request's query string as an aggregate key. See RateLimit query_string below for details.
    uri_path RuleGroupRuleStatementRateBasedStatementCustomKeyUriPath
    (Optional) Use the request's URI path as an aggregate key. See RateLimit uri_path below for details.
    cookie Property Map
    (Optional) Use the value of a cookie in the request as an aggregate key. See RateLimit cookie below for details.
    forwardedIp Property Map
    (Optional) Use the first IP address in an HTTP header as an aggregate key. See forwarded_ip below for details.
    header Property Map
    (Optional) Use the value of a header in the request as an aggregate key. See RateLimit header below for details.
    httpMethod Property Map
    (Optional) Use the request's HTTP method as an aggregate key. See RateLimit http_method below for details.
    ip Property Map
    (Optional) Use the request's originating IP address as an aggregate key. See RateLimit ip below for details.
    labelNamespace Property Map
    (Optional) Use the specified label namespace as an aggregate key. See RateLimit label_namespace below for details.
    queryArgument Property Map
    (Optional) Use the specified query argument as an aggregate key. See RateLimit query_argument below for details.
    queryString Property Map
    (Optional) Use the request's query string as an aggregate key. See RateLimit query_string below for details.
    uriPath Property Map
    (Optional) Use the request's URI path as an aggregate key. See RateLimit uri_path below for details.

    RuleGroupRuleStatementRateBasedStatementCustomKeyCookie, RuleGroupRuleStatementRateBasedStatementCustomKeyCookieArgs

    Name string
    A friendly name of the rule group.
    TextTransformations List<RuleGroupRuleStatementRateBasedStatementCustomKeyCookieTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    Name string
    A friendly name of the rule group.
    TextTransformations []RuleGroupRuleStatementRateBasedStatementCustomKeyCookieTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    name String
    A friendly name of the rule group.
    textTransformations List<RuleGroupRuleStatementRateBasedStatementCustomKeyCookieTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    name string
    A friendly name of the rule group.
    textTransformations RuleGroupRuleStatementRateBasedStatementCustomKeyCookieTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    name str
    A friendly name of the rule group.
    text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementCustomKeyCookieTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    name String
    A friendly name of the rule group.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

    RuleGroupRuleStatementRateBasedStatementCustomKeyCookieTextTransformation, RuleGroupRuleStatementRateBasedStatementCustomKeyCookieTextTransformationArgs

    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.

    RuleGroupRuleStatementRateBasedStatementCustomKeyHeader, RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderArgs

    Name string
    A friendly name of the rule group.
    TextTransformations List<RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    Name string
    A friendly name of the rule group.
    TextTransformations []RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    name String
    A friendly name of the rule group.
    textTransformations List<RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    name string
    A friendly name of the rule group.
    textTransformations RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    name str
    A friendly name of the rule group.
    text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    name String
    A friendly name of the rule group.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

    RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderTextTransformation, RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderTextTransformationArgs

    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.

    RuleGroupRuleStatementRateBasedStatementCustomKeyLabelNamespace, RuleGroupRuleStatementRateBasedStatementCustomKeyLabelNamespaceArgs

    Namespace string
    The namespace to use for aggregation
    Namespace string
    The namespace to use for aggregation
    namespace String
    The namespace to use for aggregation
    namespace string
    The namespace to use for aggregation
    namespace str
    The namespace to use for aggregation
    namespace String
    The namespace to use for aggregation

    RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgument, RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentArgs

    Name string
    A friendly name of the rule group.
    TextTransformations List<RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    Name string
    A friendly name of the rule group.
    TextTransformations []RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    name String
    A friendly name of the rule group.
    textTransformations List<RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    name string
    A friendly name of the rule group.
    textTransformations RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    name str
    A friendly name of the rule group.
    text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    name String
    A friendly name of the rule group.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

    RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformation, RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformationArgs

    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.

    RuleGroupRuleStatementRateBasedStatementCustomKeyQueryString, RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringArgs

    TextTransformations List<RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    TextTransformations []RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    textTransformations List<RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    textTransformations RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

    RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformation, RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformationArgs

    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.

    RuleGroupRuleStatementRateBasedStatementCustomKeyUriPath, RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathArgs

    TextTransformations List<RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    TextTransformations []RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    textTransformations List<RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    textTransformations RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

    RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathTextTransformation, RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathTextTransformationArgs

    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.

    RuleGroupRuleStatementRateBasedStatementForwardedIpConfig, RuleGroupRuleStatementRateBasedStatementForwardedIpConfigArgs

    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    HeaderName string
    The name of the HTTP header to use for the IP address.
    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    HeaderName string
    The name of the HTTP header to use for the IP address.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName String
    The name of the HTTP header to use for the IP address.
    fallbackBehavior string
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName string
    The name of the HTTP header to use for the IP address.
    fallback_behavior str
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    header_name str
    The name of the HTTP header to use for the IP address.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName String
    The name of the HTTP header to use for the IP address.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementArgs

    AndStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementAndStatement
    A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
    ByteMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement
    A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
    GeoMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement
    A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
    IpSetReferenceStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement
    A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
    LabelMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement
    A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
    NotStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementNotStatement
    A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
    OrStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementOrStatement
    A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
    RegexMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatement
    A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
    RegexPatternSetReferenceStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement
    A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
    SizeConstraintStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement
    A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
    SqliMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
    XssMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement
    A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
    AndStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementAndStatement
    A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
    ByteMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement
    A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
    GeoMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement
    A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
    IpSetReferenceStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement
    A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
    LabelMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement
    A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
    NotStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementNotStatement
    A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
    OrStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementOrStatement
    A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
    RegexMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatement
    A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
    RegexPatternSetReferenceStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement
    A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
    SizeConstraintStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement
    A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
    SqliMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
    XssMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement
    A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
    andStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementAndStatement
    A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
    byteMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement
    A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
    geoMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement
    A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
    ipSetReferenceStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement
    A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
    labelMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement
    A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
    notStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementNotStatement
    A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
    orStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementOrStatement
    A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
    regexMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatement
    A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
    regexPatternSetReferenceStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement
    A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
    sizeConstraintStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement
    A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
    sqliMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
    xssMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement
    A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
    andStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementAndStatement
    A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
    byteMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement
    A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
    geoMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement
    A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
    ipSetReferenceStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement
    A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
    labelMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement
    A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
    notStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementNotStatement
    A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
    orStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementOrStatement
    A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
    regexMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatement
    A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
    regexPatternSetReferenceStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement
    A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
    sizeConstraintStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement
    A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
    sqliMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
    xssMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement
    A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
    and_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementAndStatement
    A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
    byte_match_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement
    A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
    geo_match_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement
    A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
    ip_set_reference_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement
    A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
    label_match_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement
    A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
    not_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementNotStatement
    A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
    or_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementOrStatement
    A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
    regex_match_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatement
    A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
    regex_pattern_set_reference_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement
    A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
    size_constraint_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement
    A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
    sqli_match_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
    xss_match_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement
    A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.
    andStatement Property Map
    A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
    byteMatchStatement Property Map
    A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
    geoMatchStatement Property Map
    A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
    ipSetReferenceStatement Property Map
    A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
    labelMatchStatement Property Map
    A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
    notStatement Property Map
    A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
    orStatement Property Map
    A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
    regexMatchStatement Property Map
    A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
    regexPatternSetReferenceStatement Property Map
    A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
    sizeConstraintStatement Property Map
    A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
    sqliMatchStatement Property Map
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
    xssMatchStatement Property Map
    A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementAndStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementAndStatementArgs

    Statements List<RuleGroupRuleStatement>
    The statements to combine.
    Statements []RuleGroupRuleStatement
    The statements to combine.
    statements List<RuleGroupRuleStatement>
    The statements to combine.
    statements RuleGroupRuleStatement[]
    The statements to combine.
    statements List<Property Map>
    The statements to combine.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementArgs

    PositionalConstraint string
    The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    SearchString string
    A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    TextTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    PositionalConstraint string
    The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    SearchString string
    A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    TextTransformations []RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    positionalConstraint String
    The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    searchString String
    A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    textTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    positionalConstraint string
    The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    searchString string
    A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    textTransformations RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    positional_constraint str
    The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    search_string str
    A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    field_to_match RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    positionalConstraint String
    The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    searchString String
    A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch Property Map
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchArgs

    AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    Headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders []RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder
    Inspect the request headers. See Header Order below for details.
    Headers []RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeader
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder[]
    Inspect the request headers. See Header Order below for details.
    headers RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeader[]
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    all_query_arguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    header_orders Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder]
    Inspect the request headers. See Header Order below for details.
    headers Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeader]
    Inspect the request headers. See Headers below for details.
    ja3_fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint
    json_body RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    query_string RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    single_header RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    single_query_argument RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uri_path RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments Property Map
    Inspect all query arguments.
    body Property Map
    Inspect the request body, which immediately follows the request headers.
    cookies Property Map
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<Property Map>
    Inspect the request headers. See Header Order below for details.
    headers List<Property Map>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint Property Map
    jsonBody Property Map
    Inspect the request body as JSON. See JSON Body for details.
    method Property Map
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString Property Map
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader Property Map
    Inspect a single header. See Single Header below for details.
    singleQueryArgument Property Map
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath Property Map
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBodyArgs

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookies, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesArgs

    MatchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    MatchPatterns []RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern[]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    match_patterns Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    match_scope str
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversize_handling str
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<Property Map>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs

    All RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedCookies List<string>
    IncludedCookies List<string>
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_cookies Sequence[str]
    included_cookies Sequence[str]
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderArgs

    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    match_scope str
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern Property Map
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs

    All RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders List<string>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders List<string>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    All RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders []string
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders []string
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders string[]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders string[]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_headers Sequence[str]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    included_headers Sequence[str]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrderArgs

    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa3FingerprintArgs

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyArgs

    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    match_scope str
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalid_fallback_behavior str
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversize_handling str
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern Property Map
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs

    all Property Map
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeaderArgs

    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs

    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformationArgs

    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs

    CountryCodes List<string>
    An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    ForwardedIpConfig RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
    CountryCodes []string
    An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    ForwardedIpConfig RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
    countryCodes List<String>
    An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    forwardedIpConfig RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
    countryCodes string[]
    An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    forwardedIpConfig RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
    country_codes Sequence[str]
    An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    forwarded_ip_config RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.
    countryCodes List<String>
    An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    forwardedIpConfig Property Map
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig, RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfigArgs

    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    HeaderName string
    The name of the HTTP header to use for the IP address.
    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    HeaderName string
    The name of the HTTP header to use for the IP address.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName String
    The name of the HTTP header to use for the IP address.
    fallbackBehavior string
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName string
    The name of the HTTP header to use for the IP address.
    fallback_behavior str
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    header_name str
    The name of the HTTP header to use for the IP address.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName String
    The name of the HTTP header to use for the IP address.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementArgs

    Arn string
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    IpSetForwardedIpConfig RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
    Arn string
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    IpSetForwardedIpConfig RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
    arn String
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    ipSetForwardedIpConfig RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
    arn string
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    ipSetForwardedIpConfig RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
    arn str
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    ip_set_forwarded_ip_config RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.
    arn String
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    ipSetForwardedIpConfig Property Map
    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig, RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs

    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    HeaderName string
    The name of the HTTP header to use for the IP address.
    Position string
    The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    HeaderName string
    The name of the HTTP header to use for the IP address.
    Position string
    The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName String
    The name of the HTTP header to use for the IP address.
    position String
    The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
    fallbackBehavior string
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName string
    The name of the HTTP header to use for the IP address.
    position string
    The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
    fallback_behavior str
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    header_name str
    The name of the HTTP header to use for the IP address.
    position str
    The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName String
    The name of the HTTP header to use for the IP address.
    position String
    The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatementArgs

    Key string
    The string to match against.
    Scope string
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.
    Key string
    The string to match against.
    Scope string
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.
    key String
    The string to match against.
    scope String
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.
    key string
    The string to match against.
    scope string
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.
    key str
    The string to match against.
    scope str
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.
    key String
    The string to match against.
    scope String
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementNotStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementNotStatementArgs

    Statements List<RuleGroupRuleStatement>
    The statements to combine.
    Statements []RuleGroupRuleStatement
    The statements to combine.
    statements List<RuleGroupRuleStatement>
    The statements to combine.
    statements RuleGroupRuleStatement[]
    The statements to combine.
    statements List<Property Map>
    The statements to combine.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementOrStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementOrStatementArgs

    Statements List<RuleGroupRuleStatement>
    The statements to combine.
    Statements []RuleGroupRuleStatement
    The statements to combine.
    statements List<RuleGroupRuleStatement>
    The statements to combine.
    statements RuleGroupRuleStatement[]
    The statements to combine.
    statements List<Property Map>
    The statements to combine.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementArgs

    RegexString string
    The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
    TextTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    RegexString string
    The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
    TextTransformations []RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    regexString String
    The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
    textTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    regexString string
    The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
    textTransformations RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    regex_string str
    The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
    text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    field_to_match RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    regexString String
    The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch Property Map
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatch, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchArgs

    AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    Headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders []RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder
    Inspect the request headers. See Header Order below for details.
    Headers []RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder[]
    Inspect the request headers. See Header Order below for details.
    headers RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader[]
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    all_query_arguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    header_orders Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder]
    Inspect the request headers. See Header Order below for details.
    headers Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader]
    Inspect the request headers. See Headers below for details.
    ja3_fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint
    json_body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    query_string RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    single_header RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    single_query_argument RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uri_path RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments Property Map
    Inspect all query arguments.
    body Property Map
    Inspect the request body, which immediately follows the request headers.
    cookies Property Map
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<Property Map>
    Inspect the request headers. See Header Order below for details.
    headers List<Property Map>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint Property Map
    jsonBody Property Map
    Inspect the request body as JSON. See JSON Body for details.
    method Property Map
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString Property Map
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader Property Map
    Inspect a single header. See Single Header below for details.
    singleQueryArgument Property Map
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath Property Map
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchBodyArgs

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesArgs

    MatchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    MatchPatterns []RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern[]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    match_patterns Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    match_scope str
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversize_handling str
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<Property Map>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternArgs

    All RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedCookies List<string>
    IncludedCookies List<string>
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_cookies Sequence[str]
    included_cookies Sequence[str]
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderArgs

    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    match_scope str
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern Property Map
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternArgs

    All RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders List<string>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders List<string>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    All RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders []string
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders []string
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders string[]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders string[]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_headers Sequence[str]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    included_headers Sequence[str]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrderArgs

    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3FingerprintArgs

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyArgs

    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    match_scope str
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalid_fallback_behavior str
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversize_handling str
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern Property Map
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternArgs

    all Property Map
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeaderArgs

    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgumentArgs

    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformation, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformationArgs

    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementArgs

    Arn string
    The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
    TextTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    Arn string
    The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
    TextTransformations []RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    arn String
    The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
    textTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    arn string
    The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
    textTransformations RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    arn str
    The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
    text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    field_to_match RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    arn String
    The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch Property Map
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchArgs

    AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    Headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders []RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder
    Inspect the request headers. See Header Order below for details.
    Headers []RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder[]
    Inspect the request headers. See Header Order below for details.
    headers RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader[]
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    all_query_arguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    header_orders Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder]
    Inspect the request headers. See Header Order below for details.
    headers Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader]
    Inspect the request headers. See Headers below for details.
    ja3_fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint
    json_body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    query_string RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    single_header RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    single_query_argument RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uri_path RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments Property Map
    Inspect all query arguments.
    body Property Map
    Inspect the request body, which immediately follows the request headers.
    cookies Property Map
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<Property Map>
    Inspect the request headers. See Header Order below for details.
    headers List<Property Map>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint Property Map
    jsonBody Property Map
    Inspect the request body as JSON. See JSON Body for details.
    method Property Map
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString Property Map
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader Property Map
    Inspect a single header. See Single Header below for details.
    singleQueryArgument Property Map
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath Property Map
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBodyArgs

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesArgs

    MatchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    MatchPatterns []RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern[]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    match_patterns Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    match_scope str
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversize_handling str
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<Property Map>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternArgs

    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderArgs

    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    match_scope str
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern Property Map
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternArgs

    All RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders List<string>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders List<string>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    All RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders []string
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders []string
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders string[]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders string[]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_headers Sequence[str]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    included_headers Sequence[str]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrderArgs

    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3FingerprintArgs

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyArgs

    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    match_scope str
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalid_fallback_behavior str
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversize_handling str
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern Property Map
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternArgs

    all Property Map
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeaderArgs

    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgumentArgs

    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformationArgs

    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementArgs

    ComparisonOperator string
    The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
    Size int
    The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
    TextTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    ComparisonOperator string
    The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
    Size int
    The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
    TextTransformations []RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    comparisonOperator String
    The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
    size Integer
    The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
    textTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    comparisonOperator string
    The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
    size number
    The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
    textTransformations RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    comparison_operator str
    The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
    size int
    The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
    text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    field_to_match RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    comparisonOperator String
    The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
    size Number
    The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch Property Map
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchArgs

    AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    Headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders []RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder
    Inspect the request headers. See Header Order below for details.
    Headers []RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder[]
    Inspect the request headers. See Header Order below for details.
    headers RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader[]
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    all_query_arguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    header_orders Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder]
    Inspect the request headers. See Header Order below for details.
    headers Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader]
    Inspect the request headers. See Headers below for details.
    ja3_fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint
    json_body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    query_string RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    single_header RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    single_query_argument RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uri_path RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments Property Map
    Inspect all query arguments.
    body Property Map
    Inspect the request body, which immediately follows the request headers.
    cookies Property Map
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<Property Map>
    Inspect the request headers. See Header Order below for details.
    headers List<Property Map>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint Property Map
    jsonBody Property Map
    Inspect the request body as JSON. See JSON Body for details.
    method Property Map
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString Property Map
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader Property Map
    Inspect a single header. See Single Header below for details.
    singleQueryArgument Property Map
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath Property Map
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBodyArgs

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesArgs

    MatchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    MatchPatterns []RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern[]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    match_patterns Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    match_scope str
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversize_handling str
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<Property Map>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternArgs

    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderArgs

    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    match_scope str
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern Property Map
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternArgs

    All RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders List<string>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders List<string>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    All RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders []string
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders []string
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders string[]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders string[]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_headers Sequence[str]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    included_headers Sequence[str]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrderArgs

    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3FingerprintArgs

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyArgs

    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    match_scope str
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalid_fallback_behavior str
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversize_handling str
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern Property Map
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternArgs

    all Property Map
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeaderArgs

    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgumentArgs

    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformationArgs

    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementArgs

    TextTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    SensitivityLevel string
    Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.
    TextTransformations []RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    SensitivityLevel string
    Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.
    textTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    sensitivityLevel String
    Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.
    textTransformations RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    sensitivityLevel string
    Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.
    text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    field_to_match RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    sensitivity_level str
    Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch Property Map
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    sensitivityLevel String
    Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchArgs

    AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    Headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders []RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder
    Inspect the request headers. See Header Order below for details.
    Headers []RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder[]
    Inspect the request headers. See Header Order below for details.
    headers RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader[]
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    all_query_arguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    header_orders Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder]
    Inspect the request headers. See Header Order below for details.
    headers Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader]
    Inspect the request headers. See Headers below for details.
    ja3_fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint
    json_body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    query_string RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    single_header RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    single_query_argument RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uri_path RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments Property Map
    Inspect all query arguments.
    body Property Map
    Inspect the request body, which immediately follows the request headers.
    cookies Property Map
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<Property Map>
    Inspect the request headers. See Header Order below for details.
    headers List<Property Map>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint Property Map
    jsonBody Property Map
    Inspect the request body as JSON. See JSON Body for details.
    method Property Map
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString Property Map
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader Property Map
    Inspect a single header. See Single Header below for details.
    singleQueryArgument Property Map
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath Property Map
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBodyArgs

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesArgs

    MatchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    MatchPatterns []RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern[]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    match_patterns Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    match_scope str
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversize_handling str
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<Property Map>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternArgs

    All RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedCookies List<string>
    IncludedCookies List<string>
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_cookies Sequence[str]
    included_cookies Sequence[str]
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderArgs

    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    match_scope str
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern Property Map
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternArgs

    All RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders List<string>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders List<string>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    All RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders []string
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders []string
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders string[]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders string[]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_headers Sequence[str]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    included_headers Sequence[str]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrderArgs

    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3FingerprintArgs

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyArgs

    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    match_scope str
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalid_fallback_behavior str
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversize_handling str
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern Property Map
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternArgs

    all Property Map
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeaderArgs

    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgumentArgs

    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformationArgs

    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementArgs

    TextTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    TextTransformations []RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    textTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    textTransformations RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    field_to_match RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch Property Map
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchArgs

    AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    Headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders []RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder
    Inspect the request headers. See Header Order below for details.
    Headers []RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeader
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder[]
    Inspect the request headers. See Header Order below for details.
    headers RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeader[]
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    all_query_arguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    header_orders Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder]
    Inspect the request headers. See Header Order below for details.
    headers Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeader]
    Inspect the request headers. See Headers below for details.
    ja3_fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint
    json_body RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    query_string RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    single_header RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    single_query_argument RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uri_path RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments Property Map
    Inspect all query arguments.
    body Property Map
    Inspect the request body, which immediately follows the request headers.
    cookies Property Map
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<Property Map>
    Inspect the request headers. See Header Order below for details.
    headers List<Property Map>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint Property Map
    jsonBody Property Map
    Inspect the request body as JSON. See JSON Body for details.
    method Property Map
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString Property Map
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader Property Map
    Inspect a single header. See Single Header below for details.
    singleQueryArgument Property Map
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath Property Map
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBodyArgs

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookies, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesArgs

    MatchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    MatchPatterns []RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern[]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    match_patterns Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    match_scope str
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversize_handling str
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<Property Map>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternArgs

    All RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedCookies List<string>
    IncludedCookies List<string>
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_cookies Sequence[str]
    included_cookies Sequence[str]
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderArgs

    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    match_scope str
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern Property Map
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternArgs

    All RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders List<string>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders List<string>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    All RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders []string
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders []string
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders string[]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders string[]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_headers Sequence[str]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    included_headers Sequence[str]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrderArgs

    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa3FingerprintArgs

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyArgs

    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    match_scope str
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalid_fallback_behavior str
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversize_handling str
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern Property Map
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternArgs

    all Property Map
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeaderArgs

    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgumentArgs

    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.

    RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformationArgs

    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.

    RuleGroupRuleStatementRegexMatchStatement, RuleGroupRuleStatementRegexMatchStatementArgs

    RegexString string
    The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
    TextTransformations List<RuleGroupRuleStatementRegexMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementRegexMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    RegexString string
    The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
    TextTransformations []RuleGroupRuleStatementRegexMatchStatementTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementRegexMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    regexString String
    The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
    textTransformations List<RuleGroupRuleStatementRegexMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementRegexMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    regexString string
    The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
    textTransformations RuleGroupRuleStatementRegexMatchStatementTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementRegexMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    regex_string str
    The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
    text_transformations Sequence[RuleGroupRuleStatementRegexMatchStatementTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    field_to_match RuleGroupRuleStatementRegexMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    regexString String
    The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch Property Map
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

    RuleGroupRuleStatementRegexMatchStatementFieldToMatch, RuleGroupRuleStatementRegexMatchStatementFieldToMatchArgs

    AllQueryArguments RuleGroupRuleStatementRegexMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementRegexMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders List<RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    Headers List<RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementRegexMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementRegexMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementRegexMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    AllQueryArguments RuleGroupRuleStatementRegexMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementRegexMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders []RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderOrder
    Inspect the request headers. See Header Order below for details.
    Headers []RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeader
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementRegexMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementRegexMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementRegexMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementRegexMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRegexMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    headers List<RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRegexMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementRegexMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementRegexMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementRegexMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRegexMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderOrder[]
    Inspect the request headers. See Header Order below for details.
    headers RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeader[]
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRegexMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementRegexMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementRegexMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    all_query_arguments RuleGroupRuleStatementRegexMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRegexMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    header_orders Sequence[RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderOrder]
    Inspect the request headers. See Header Order below for details.
    headers Sequence[RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeader]
    Inspect the request headers. See Headers below for details.
    ja3_fingerprint RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa3Fingerprint
    json_body RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRegexMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    query_string RuleGroupRuleStatementRegexMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    single_header RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    single_query_argument RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uri_path RuleGroupRuleStatementRegexMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments Property Map
    Inspect all query arguments.
    body Property Map
    Inspect the request body, which immediately follows the request headers.
    cookies Property Map
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<Property Map>
    Inspect the request headers. See Header Order below for details.
    headers List<Property Map>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint Property Map
    jsonBody Property Map
    Inspect the request body as JSON. See JSON Body for details.
    method Property Map
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString Property Map
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader Property Map
    Inspect a single header. See Single Header below for details.
    singleQueryArgument Property Map
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath Property Map
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    RuleGroupRuleStatementRegexMatchStatementFieldToMatchBody, RuleGroupRuleStatementRegexMatchStatementFieldToMatchBodyArgs

    RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookies, RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesArgs

    MatchPatterns List<RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    MatchPatterns []RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPattern
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPattern[]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    match_patterns Sequence[RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPattern]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    match_scope str
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversize_handling str
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<Property Map>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

    RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPatternArgs

    All RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedCookies List<string>
    IncludedCookies List<string>
    All RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedCookies []string
    IncludedCookies []string
    all RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>
    all RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedCookies string[]
    includedCookies string[]
    all RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_cookies Sequence[str]
    included_cookies Sequence[str]
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>

    RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeader, RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderArgs

    MatchPattern RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    MatchPattern RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    match_pattern RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    match_scope str
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern Property Map
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPatternArgs

    All RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders List<string>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders List<string>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    All RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders []string
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders []string
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders string[]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders string[]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_headers Sequence[str]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    included_headers Sequence[str]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderOrderArgs

    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa3FingerprintArgs

    RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBody, RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyArgs

    MatchPattern RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    MatchPattern RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    match_pattern RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    match_scope str
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalid_fallback_behavior str
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversize_handling str
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern Property Map
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternArgs

    All RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    IncludedPaths List<string>
    All RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    IncludedPaths []string
    all RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>
    all RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    includedPaths string[]
    all RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    included_paths Sequence[str]
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>

    RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleHeaderArgs

    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.

    RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgumentArgs

    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.

    RuleGroupRuleStatementRegexMatchStatementTextTransformation, RuleGroupRuleStatementRegexMatchStatementTextTransformationArgs

    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.

    RuleGroupRuleStatementRegexPatternSetReferenceStatement, RuleGroupRuleStatementRegexPatternSetReferenceStatementArgs

    Arn string
    The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
    TextTransformations List<RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    Arn string
    The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
    TextTransformations []RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    arn String
    The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
    textTransformations List<RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    arn string
    The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
    textTransformations RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    arn str
    The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
    text_transformations Sequence[RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    field_to_match RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    arn String
    The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch Property Map
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

    RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatch, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchArgs

    AllQueryArguments RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders List<RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    Headers List<RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    AllQueryArguments RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders []RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder
    Inspect the request headers. See Header Order below for details.
    Headers []RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeader
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    headers List<RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder[]
    Inspect the request headers. See Header Order below for details.
    headers RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeader[]
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    all_query_arguments RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    header_orders Sequence[RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder]
    Inspect the request headers. See Header Order below for details.
    headers Sequence[RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeader]
    Inspect the request headers. See Headers below for details.
    ja3_fingerprint RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint
    json_body RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    query_string RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    single_header RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    single_query_argument RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uri_path RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments Property Map
    Inspect all query arguments.
    body Property Map
    Inspect the request body, which immediately follows the request headers.
    cookies Property Map
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<Property Map>
    Inspect the request headers. See Header Order below for details.
    headers List<Property Map>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint Property Map
    jsonBody Property Map
    Inspect the request body as JSON. See JSON Body for details.
    method Property Map
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString Property Map
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader Property Map
    Inspect a single header. See Single Header below for details.
    singleQueryArgument Property Map
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath Property Map
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBodyArgs

    RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookies, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesArgs

    MatchPatterns List<RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    MatchPatterns []RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern[]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    match_patterns Sequence[RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    match_scope str
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversize_handling str
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<Property Map>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

    RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternArgs

    All RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedCookies List<string>
    IncludedCookies List<string>
    All RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedCookies []string
    IncludedCookies []string
    all RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>
    all RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedCookies string[]
    includedCookies string[]
    all RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_cookies Sequence[str]
    included_cookies Sequence[str]
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>

    RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeader, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderArgs

    MatchPattern RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    MatchPattern RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    match_pattern RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    match_scope str
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern Property Map
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternArgs

    All RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders List<string>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders List<string>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    All RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders []string
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders []string
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders string[]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders string[]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_headers Sequence[str]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    included_headers Sequence[str]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrderArgs

    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa3FingerprintArgs

    RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyArgs

    MatchPattern RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    MatchPattern RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    match_pattern RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    match_scope str
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalid_fallback_behavior str
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversize_handling str
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern Property Map
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternArgs

    All RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    IncludedPaths List<string>
    All RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    IncludedPaths []string
    all RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>
    all RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    includedPaths string[]
    all RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    included_paths Sequence[str]
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>

    RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeaderArgs

    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.

    RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgumentArgs

    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.

    RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformation, RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformationArgs

    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.

    RuleGroupRuleStatementSizeConstraintStatement, RuleGroupRuleStatementSizeConstraintStatementArgs

    ComparisonOperator string
    The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
    Size int
    The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
    TextTransformations List<RuleGroupRuleStatementSizeConstraintStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementSizeConstraintStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    ComparisonOperator string
    The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
    Size int
    The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
    TextTransformations []RuleGroupRuleStatementSizeConstraintStatementTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementSizeConstraintStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    comparisonOperator String
    The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
    size Integer
    The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
    textTransformations List<RuleGroupRuleStatementSizeConstraintStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementSizeConstraintStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    comparisonOperator string
    The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
    size number
    The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
    textTransformations RuleGroupRuleStatementSizeConstraintStatementTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementSizeConstraintStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    comparison_operator str
    The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
    size int
    The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
    text_transformations Sequence[RuleGroupRuleStatementSizeConstraintStatementTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    field_to_match RuleGroupRuleStatementSizeConstraintStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    comparisonOperator String
    The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
    size Number
    The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch Property Map
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

    RuleGroupRuleStatementSizeConstraintStatementFieldToMatch, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchArgs

    AllQueryArguments RuleGroupRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders List<RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    Headers List<RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementSizeConstraintStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementSizeConstraintStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementSizeConstraintStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    AllQueryArguments RuleGroupRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders []RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderOrder
    Inspect the request headers. See Header Order below for details.
    Headers []RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeader
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementSizeConstraintStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementSizeConstraintStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementSizeConstraintStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    headers List<RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementSizeConstraintStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementSizeConstraintStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementSizeConstraintStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderOrder[]
    Inspect the request headers. See Header Order below for details.
    headers RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeader[]
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementSizeConstraintStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementSizeConstraintStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementSizeConstraintStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    all_query_arguments RuleGroupRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    header_orders Sequence[RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderOrder]
    Inspect the request headers. See Header Order below for details.
    headers Sequence[RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeader]
    Inspect the request headers. See Headers below for details.
    ja3_fingerprint RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa3Fingerprint
    json_body RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementSizeConstraintStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    query_string RuleGroupRuleStatementSizeConstraintStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    single_header RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    single_query_argument RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uri_path RuleGroupRuleStatementSizeConstraintStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments Property Map
    Inspect all query arguments.
    body Property Map
    Inspect the request body, which immediately follows the request headers.
    cookies Property Map
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<Property Map>
    Inspect the request headers. See Header Order below for details.
    headers List<Property Map>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint Property Map
    jsonBody Property Map
    Inspect the request body as JSON. See JSON Body for details.
    method Property Map
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString Property Map
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader Property Map
    Inspect a single header. See Single Header below for details.
    singleQueryArgument Property Map
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath Property Map
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBody, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBodyArgs

    RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookies, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesArgs

    MatchPatterns List<RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    MatchPatterns []RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern[]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    match_patterns Sequence[RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    match_scope str
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversize_handling str
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<Property Map>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

    RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternArgs

    All RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedCookies List<string>
    IncludedCookies List<string>
    All RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedCookies []string
    IncludedCookies []string
    all RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>
    all RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedCookies string[]
    includedCookies string[]
    all RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_cookies Sequence[str]
    included_cookies Sequence[str]
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>

    RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeader, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderArgs

    MatchPattern RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    MatchPattern RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    match_pattern RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    match_scope str
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern Property Map
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternArgs

    All RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders List<string>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders List<string>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    All RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders []string
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders []string
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders string[]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders string[]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_headers Sequence[str]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    included_headers Sequence[str]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderOrderArgs

    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa3FingerprintArgs

    RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBody, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBodyArgs

    MatchPattern RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    MatchPattern RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    match_pattern RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    match_scope str
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalid_fallback_behavior str
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversize_handling str
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern Property Map
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternArgs

    All RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    IncludedPaths List<string>
    All RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    IncludedPaths []string
    all RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>
    all RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    includedPaths string[]
    all RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    included_paths Sequence[str]
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>

    RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleHeader, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleHeaderArgs

    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.

    RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgumentArgs

    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    The name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    The name of the query header to inspect. This setting must be provided as lower case characters.

    RuleGroupRuleStatementSizeConstraintStatementTextTransformation, RuleGroupRuleStatementSizeConstraintStatementTextTransformationArgs

    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    The transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    The transformation to apply, please refer to the Text Transformation documentation for more details.

    RuleGroupRuleStatementSqliMatchStatement, RuleGroupRuleStatementSqliMatchStatementArgs

    TextTransformations List<RuleGroupRuleStatementSqliMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementSqliMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    SensitivityLevel string
    Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.
    TextTransformations []RuleGroupRuleStatementSqliMatchStatementTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    FieldToMatch RuleGroupRuleStatementSqliMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    SensitivityLevel string
    Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.
    textTransformations List<RuleGroupRuleStatementSqliMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementSqliMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    sensitivityLevel String
    Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.
    textTransformations RuleGroupRuleStatementSqliMatchStatementTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch RuleGroupRuleStatementSqliMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    sensitivityLevel string
    Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.
    text_transformations Sequence[RuleGroupRuleStatementSqliMatchStatementTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    field_to_match RuleGroupRuleStatementSqliMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    sensitivity_level str
    Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
    fieldToMatch Property Map
    The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
    sensitivityLevel String
    Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.

    RuleGroupRuleStatementSqliMatchStatementFieldToMatch, RuleGroupRuleStatementSqliMatchStatementFieldToMatchArgs

    AllQueryArguments RuleGroupRuleStatementSqliMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementSqliMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders List<RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    Headers List<RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementSqliMatchStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementSqliMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementSqliMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementSqliMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementSqliMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    AllQueryArguments RuleGroupRuleStatementSqliMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body RuleGroupRuleStatementSqliMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    Cookies RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    HeaderOrders []RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderOrder
    Inspect the request headers. See Header Order below for details.
    Headers []RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeader
    Inspect the request headers. See Headers below for details.
    Ja3Fingerprint RuleGroupRuleStatementSqliMatchStatementFieldToMatchJa3Fingerprint
    JsonBody RuleGroupRuleStatementSqliMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    Method RuleGroupRuleStatementSqliMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString RuleGroupRuleStatementSqliMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    SingleQueryArgument RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    UriPath RuleGroupRuleStatementSqliMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementSqliMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementSqliMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderOrder>
    Inspect the request headers. See Header Order below for details.
    headers List<RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeader>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementSqliMatchStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementSqliMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementSqliMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementSqliMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementSqliMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments RuleGroupRuleStatementSqliMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementSqliMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderOrder[]
    Inspect the request headers. See Header Order below for details.
    headers RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeader[]
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint RuleGroupRuleStatementSqliMatchStatementFieldToMatchJa3Fingerprint
    jsonBody RuleGroupRuleStatementSqliMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementSqliMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString RuleGroupRuleStatementSqliMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    singleQueryArgument RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath RuleGroupRuleStatementSqliMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    all_query_arguments RuleGroupRuleStatementSqliMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body RuleGroupRuleStatementSqliMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers.
    cookies RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See Cookies below for details.
    header_orders Sequence[RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderOrder]
    Inspect the request headers. See Header Order below for details.
    headers Sequence[RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeader]
    Inspect the request headers. See Headers below for details.
    ja3_fingerprint RuleGroupRuleStatementSqliMatchStatementFieldToMatchJa3Fingerprint
    json_body RuleGroupRuleStatementSqliMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See JSON Body for details.
    method RuleGroupRuleStatementSqliMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    query_string RuleGroupRuleStatementSqliMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    single_header RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See Single Header below for details.
    single_query_argument RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See Single Query Argument below for details.
    uri_path RuleGroupRuleStatementSqliMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments Property Map
    Inspect all query arguments.
    body Property Map
    Inspect the request body, which immediately follows the request headers.
    cookies Property Map
    Inspect the cookies in the web request. See Cookies below for details.
    headerOrders List<Property Map>
    Inspect the request headers. See Header Order below for details.
    headers List<Property Map>
    Inspect the request headers. See Headers below for details.
    ja3Fingerprint Property Map
    jsonBody Property Map
    Inspect the request body as JSON. See JSON Body for details.
    method Property Map
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString Property Map
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader Property Map
    Inspect a single header. See Single Header below for details.
    singleQueryArgument Property Map
    Inspect a single query argument. See Single Query Argument below for details.
    uriPath Property Map
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    RuleGroupRuleStatementSqliMatchStatementFieldToMatchBody, RuleGroupRuleStatementSqliMatchStatementFieldToMatchBodyArgs

    RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookies, RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookiesArgs

    MatchPatterns List<RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    MatchPatterns []RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPattern
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPattern[]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    match_patterns Sequence[RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPattern]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    match_scope str
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversize_handling str
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH
    matchPatterns List<Property Map>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

    RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPatternArgs

    All RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedCookies List<string>
    IncludedCookies List<string>
    All RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedCookies []string
    IncludedCookies []string
    all RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>
    all RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedCookies string[]
    includedCookies string[]
    all RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_cookies Sequence[str]
    included_cookies Sequence[str]
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>

    RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeader, RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderArgs

    MatchPattern RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    MatchPattern RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    match_pattern RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    match_scope str
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern Property Map
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPatternArgs

    All RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders List<string>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders List<string>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    All RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders []string
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders []string
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders string[]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders string[]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_headers Sequence[str]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    included_headers Sequence[str]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi