aws.wafv2.WebAcl
Explore with Pulumi AI
Create WebAcl Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new WebAcl(name: string, args: WebAclArgs, opts?: CustomResourceOptions);
@overload
def WebAcl(resource_name: str,
args: WebAclArgs,
opts: Optional[ResourceOptions] = None)
@overload
def WebAcl(resource_name: str,
opts: Optional[ResourceOptions] = None,
association_config: Optional[WebAclAssociationConfigArgs] = None,
captcha_config: Optional[WebAclCaptchaConfigArgs] = None,
challenge_config: Optional[WebAclChallengeConfigArgs] = None,
custom_response_bodies: Optional[Sequence[WebAclCustomResponseBodyArgs]] = None,
default_action: Optional[WebAclDefaultActionArgs] = None,
description: Optional[str] = None,
name: Optional[str] = None,
rule_json: Optional[str] = None,
rules: Optional[Sequence[WebAclRuleArgs]] = None,
scope: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
token_domains: Optional[Sequence[str]] = None,
visibility_config: Optional[WebAclVisibilityConfigArgs] = None)
func NewWebAcl(ctx *Context, name string, args WebAclArgs, opts ...ResourceOption) (*WebAcl, error)
public WebAcl(string name, WebAclArgs args, CustomResourceOptions? opts = null)
public WebAcl(String name, WebAclArgs args)
public WebAcl(String name, WebAclArgs args, CustomResourceOptions options)
type: aws:wafv2:WebAcl
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args WebAclArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WebAclArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WebAclArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WebAclArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WebAclArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
WebAcl Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The WebAcl resource accepts the following input properties:
- Default
Action WebAcl Default Action - Action to perform if none of the
rules
contained in the WebACL match. Seedefault_action
below for details. - Scope string
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - Visibility
Config WebAcl Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_config
below for details. - Association
Config WebAcl Association Config - Specifies custom configurations for the associations between the web ACL and protected resources. See
association_config
below for details. - Captcha
Config WebAcl Captcha Config - Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See
captcha_config
below for details. - Challenge
Config WebAcl Challenge Config - Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See
challenge_config
below for details. - Custom
Response List<WebBodies Acl Custom Response Body> - Defines custom response bodies that can be referenced by
custom_response
actions. Seecustom_response_body
below for details. - Description string
- Friendly description of the WebACL.
- Name string
- Friendly name of the WebACL.
- Rule
Json string - Raw JSON string to allow more than three nested statements. Conflicts with
rule
attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead ofrule
, you will be foregoing drift detection. See the AWS documentation for the JSON structure. - Rules
List<Web
Acl Rule> - Rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. Seerule
below for details. - Dictionary<string, string>
- Map of key-value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Token
Domains List<string> - Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- Default
Action WebAcl Default Action Args - Action to perform if none of the
rules
contained in the WebACL match. Seedefault_action
below for details. - Scope string
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - Visibility
Config WebAcl Visibility Config Args - Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_config
below for details. - Association
Config WebAcl Association Config Args - Specifies custom configurations for the associations between the web ACL and protected resources. See
association_config
below for details. - Captcha
Config WebAcl Captcha Config Args - Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See
captcha_config
below for details. - Challenge
Config WebAcl Challenge Config Args - Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See
challenge_config
below for details. - Custom
Response []WebBodies Acl Custom Response Body Args - Defines custom response bodies that can be referenced by
custom_response
actions. Seecustom_response_body
below for details. - Description string
- Friendly description of the WebACL.
- Name string
- Friendly name of the WebACL.
- Rule
Json string - Raw JSON string to allow more than three nested statements. Conflicts with
rule
attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead ofrule
, you will be foregoing drift detection. See the AWS documentation for the JSON structure. - Rules
[]Web
Acl Rule Args - Rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. Seerule
below for details. - map[string]string
- Map of key-value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Token
Domains []string - Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- default
Action WebAcl Default Action - Action to perform if none of the
rules
contained in the WebACL match. Seedefault_action
below for details. - scope String
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - visibility
Config WebAcl Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_config
below for details. - association
Config WebAcl Association Config - Specifies custom configurations for the associations between the web ACL and protected resources. See
association_config
below for details. - captcha
Config WebAcl Captcha Config - Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See
captcha_config
below for details. - challenge
Config WebAcl Challenge Config - Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See
challenge_config
below for details. - custom
Response List<WebBodies Acl Custom Response Body> - Defines custom response bodies that can be referenced by
custom_response
actions. Seecustom_response_body
below for details. - description String
- Friendly description of the WebACL.
- name String
- Friendly name of the WebACL.
- rule
Json String - Raw JSON string to allow more than three nested statements. Conflicts with
rule
attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead ofrule
, you will be foregoing drift detection. See the AWS documentation for the JSON structure. - rules
List<Web
Acl Rule> - Rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. Seerule
below for details. - Map<String,String>
- Map of key-value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - token
Domains List<String> - Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- default
Action WebAcl Default Action - Action to perform if none of the
rules
contained in the WebACL match. Seedefault_action
below for details. - scope string
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - visibility
Config WebAcl Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_config
below for details. - association
Config WebAcl Association Config - Specifies custom configurations for the associations between the web ACL and protected resources. See
association_config
below for details. - captcha
Config WebAcl Captcha Config - Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See
captcha_config
below for details. - challenge
Config WebAcl Challenge Config - Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See
challenge_config
below for details. - custom
Response WebBodies Acl Custom Response Body[] - Defines custom response bodies that can be referenced by
custom_response
actions. Seecustom_response_body
below for details. - description string
- Friendly description of the WebACL.
- name string
- Friendly name of the WebACL.
- rule
Json string - Raw JSON string to allow more than three nested statements. Conflicts with
rule
attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead ofrule
, you will be foregoing drift detection. See the AWS documentation for the JSON structure. - rules
Web
Acl Rule[] - Rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. Seerule
below for details. - {[key: string]: string}
- Map of key-value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - token
Domains string[] - Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- default_
action WebAcl Default Action Args - Action to perform if none of the
rules
contained in the WebACL match. Seedefault_action
below for details. - scope str
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - visibility_
config WebAcl Visibility Config Args - Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_config
below for details. - association_
config WebAcl Association Config Args - Specifies custom configurations for the associations between the web ACL and protected resources. See
association_config
below for details. - captcha_
config WebAcl Captcha Config Args - Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See
captcha_config
below for details. - challenge_
config WebAcl Challenge Config Args - Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See
challenge_config
below for details. - custom_
response_ Sequence[Webbodies Acl Custom Response Body Args] - Defines custom response bodies that can be referenced by
custom_response
actions. Seecustom_response_body
below for details. - description str
- Friendly description of the WebACL.
- name str
- Friendly name of the WebACL.
- rule_
json str - Raw JSON string to allow more than three nested statements. Conflicts with
rule
attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead ofrule
, you will be foregoing drift detection. See the AWS documentation for the JSON structure. - rules
Sequence[Web
Acl Rule Args] - Rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. Seerule
below for details. - Mapping[str, str]
- Map of key-value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - token_
domains Sequence[str] - Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- default
Action Property Map - Action to perform if none of the
rules
contained in the WebACL match. Seedefault_action
below for details. - scope String
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - visibility
Config Property Map - Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_config
below for details. - association
Config Property Map - Specifies custom configurations for the associations between the web ACL and protected resources. See
association_config
below for details. - captcha
Config Property Map - Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See
captcha_config
below for details. - challenge
Config Property Map - Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See
challenge_config
below for details. - custom
Response List<Property Map>Bodies - Defines custom response bodies that can be referenced by
custom_response
actions. Seecustom_response_body
below for details. - description String
- Friendly description of the WebACL.
- name String
- Friendly name of the WebACL.
- rule
Json String - Raw JSON string to allow more than three nested statements. Conflicts with
rule
attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead ofrule
, you will be foregoing drift detection. See the AWS documentation for the JSON structure. - rules List<Property Map>
- Rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. Seerule
below for details. - Map<String>
- Map of key-value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - token
Domains List<String> - Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
Outputs
All input properties are implicitly available as output properties. Additionally, the WebAcl resource produces the following output properties:
- Application
Integration stringUrl - The URL to use in SDK integrations with managed rule groups.
- Arn string
- The ARN of the WAF WebACL.
- Capacity int
- Web ACL capacity units (WCUs) currently being used by this web ACL.
- Id string
- The provider-assigned unique ID for this managed resource.
- Lock
Token string - Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- Application
Integration stringUrl - The URL to use in SDK integrations with managed rule groups.
- Arn string
- The ARN of the WAF WebACL.
- Capacity int
- Web ACL capacity units (WCUs) currently being used by this web ACL.
- Id string
- The provider-assigned unique ID for this managed resource.
- Lock
Token string - map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- application
Integration StringUrl - The URL to use in SDK integrations with managed rule groups.
- arn String
- The ARN of the WAF WebACL.
- capacity Integer
- Web ACL capacity units (WCUs) currently being used by this web ACL.
- id String
- The provider-assigned unique ID for this managed resource.
- lock
Token String - Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- application
Integration stringUrl - The URL to use in SDK integrations with managed rule groups.
- arn string
- The ARN of the WAF WebACL.
- capacity number
- Web ACL capacity units (WCUs) currently being used by this web ACL.
- id string
- The provider-assigned unique ID for this managed resource.
- lock
Token string - {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- application_
integration_ strurl - The URL to use in SDK integrations with managed rule groups.
- arn str
- The ARN of the WAF WebACL.
- capacity int
- Web ACL capacity units (WCUs) currently being used by this web ACL.
- id str
- The provider-assigned unique ID for this managed resource.
- lock_
token str - Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- application
Integration StringUrl - The URL to use in SDK integrations with managed rule groups.
- arn String
- The ARN of the WAF WebACL.
- capacity Number
- Web ACL capacity units (WCUs) currently being used by this web ACL.
- id String
- The provider-assigned unique ID for this managed resource.
- lock
Token String - Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
Look up Existing WebAcl Resource
Get an existing WebAcl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: WebAclState, opts?: CustomResourceOptions): WebAcl
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
application_integration_url: Optional[str] = None,
arn: Optional[str] = None,
association_config: Optional[WebAclAssociationConfigArgs] = None,
capacity: Optional[int] = None,
captcha_config: Optional[WebAclCaptchaConfigArgs] = None,
challenge_config: Optional[WebAclChallengeConfigArgs] = None,
custom_response_bodies: Optional[Sequence[WebAclCustomResponseBodyArgs]] = None,
default_action: Optional[WebAclDefaultActionArgs] = None,
description: Optional[str] = None,
lock_token: Optional[str] = None,
name: Optional[str] = None,
rule_json: Optional[str] = None,
rules: Optional[Sequence[WebAclRuleArgs]] = None,
scope: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
token_domains: Optional[Sequence[str]] = None,
visibility_config: Optional[WebAclVisibilityConfigArgs] = None) -> WebAcl
func GetWebAcl(ctx *Context, name string, id IDInput, state *WebAclState, opts ...ResourceOption) (*WebAcl, error)
public static WebAcl Get(string name, Input<string> id, WebAclState? state, CustomResourceOptions? opts = null)
public static WebAcl get(String name, Output<String> id, WebAclState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Application
Integration stringUrl - The URL to use in SDK integrations with managed rule groups.
- Arn string
- The ARN of the WAF WebACL.
- Association
Config WebAcl Association Config - Specifies custom configurations for the associations between the web ACL and protected resources. See
association_config
below for details. - Capacity int
- Web ACL capacity units (WCUs) currently being used by this web ACL.
- Captcha
Config WebAcl Captcha Config - Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See
captcha_config
below for details. - Challenge
Config WebAcl Challenge Config - Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See
challenge_config
below for details. - Custom
Response List<WebBodies Acl Custom Response Body> - Defines custom response bodies that can be referenced by
custom_response
actions. Seecustom_response_body
below for details. - Default
Action WebAcl Default Action - Action to perform if none of the
rules
contained in the WebACL match. Seedefault_action
below for details. - Description string
- Friendly description of the WebACL.
- Lock
Token string - Name string
- Friendly name of the WebACL.
- Rule
Json string - Raw JSON string to allow more than three nested statements. Conflicts with
rule
attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead ofrule
, you will be foregoing drift detection. See the AWS documentation for the JSON structure. - Rules
List<Web
Acl Rule> - Rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. Seerule
below for details. - Scope string
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - Dictionary<string, string>
- Map of key-value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - Token
Domains List<string> - Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- Visibility
Config WebAcl Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_config
below for details.
- Application
Integration stringUrl - The URL to use in SDK integrations with managed rule groups.
- Arn string
- The ARN of the WAF WebACL.
- Association
Config WebAcl Association Config Args - Specifies custom configurations for the associations between the web ACL and protected resources. See
association_config
below for details. - Capacity int
- Web ACL capacity units (WCUs) currently being used by this web ACL.
- Captcha
Config WebAcl Captcha Config Args - Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See
captcha_config
below for details. - Challenge
Config WebAcl Challenge Config Args - Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See
challenge_config
below for details. - Custom
Response []WebBodies Acl Custom Response Body Args - Defines custom response bodies that can be referenced by
custom_response
actions. Seecustom_response_body
below for details. - Default
Action WebAcl Default Action Args - Action to perform if none of the
rules
contained in the WebACL match. Seedefault_action
below for details. - Description string
- Friendly description of the WebACL.
- Lock
Token string - Name string
- Friendly name of the WebACL.
- Rule
Json string - Raw JSON string to allow more than three nested statements. Conflicts with
rule
attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead ofrule
, you will be foregoing drift detection. See the AWS documentation for the JSON structure. - Rules
[]Web
Acl Rule Args - Rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. Seerule
below for details. - Scope string
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - map[string]string
- Map of key-value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - Token
Domains []string - Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- Visibility
Config WebAcl Visibility Config Args - Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_config
below for details.
- application
Integration StringUrl - The URL to use in SDK integrations with managed rule groups.
- arn String
- The ARN of the WAF WebACL.
- association
Config WebAcl Association Config - Specifies custom configurations for the associations between the web ACL and protected resources. See
association_config
below for details. - capacity Integer
- Web ACL capacity units (WCUs) currently being used by this web ACL.
- captcha
Config WebAcl Captcha Config - Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See
captcha_config
below for details. - challenge
Config WebAcl Challenge Config - Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See
challenge_config
below for details. - custom
Response List<WebBodies Acl Custom Response Body> - Defines custom response bodies that can be referenced by
custom_response
actions. Seecustom_response_body
below for details. - default
Action WebAcl Default Action - Action to perform if none of the
rules
contained in the WebACL match. Seedefault_action
below for details. - description String
- Friendly description of the WebACL.
- lock
Token String - name String
- Friendly name of the WebACL.
- rule
Json String - Raw JSON string to allow more than three nested statements. Conflicts with
rule
attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead ofrule
, you will be foregoing drift detection. See the AWS documentation for the JSON structure. - rules
List<Web
Acl Rule> - Rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. Seerule
below for details. - scope String
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - Map<String,String>
- Map of key-value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - token
Domains List<String> - Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- visibility
Config WebAcl Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_config
below for details.
- application
Integration stringUrl - The URL to use in SDK integrations with managed rule groups.
- arn string
- The ARN of the WAF WebACL.
- association
Config WebAcl Association Config - Specifies custom configurations for the associations between the web ACL and protected resources. See
association_config
below for details. - capacity number
- Web ACL capacity units (WCUs) currently being used by this web ACL.
- captcha
Config WebAcl Captcha Config - Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See
captcha_config
below for details. - challenge
Config WebAcl Challenge Config - Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See
challenge_config
below for details. - custom
Response WebBodies Acl Custom Response Body[] - Defines custom response bodies that can be referenced by
custom_response
actions. Seecustom_response_body
below for details. - default
Action WebAcl Default Action - Action to perform if none of the
rules
contained in the WebACL match. Seedefault_action
below for details. - description string
- Friendly description of the WebACL.
- lock
Token string - name string
- Friendly name of the WebACL.
- rule
Json string - Raw JSON string to allow more than three nested statements. Conflicts with
rule
attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead ofrule
, you will be foregoing drift detection. See the AWS documentation for the JSON structure. - rules
Web
Acl Rule[] - Rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. Seerule
below for details. - scope string
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - {[key: string]: string}
- Map of key-value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - token
Domains string[] - Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- visibility
Config WebAcl Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_config
below for details.
- application_
integration_ strurl - The URL to use in SDK integrations with managed rule groups.
- arn str
- The ARN of the WAF WebACL.
- association_
config WebAcl Association Config Args - Specifies custom configurations for the associations between the web ACL and protected resources. See
association_config
below for details. - capacity int
- Web ACL capacity units (WCUs) currently being used by this web ACL.
- captcha_
config WebAcl Captcha Config Args - Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See
captcha_config
below for details. - challenge_
config WebAcl Challenge Config Args - Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See
challenge_config
below for details. - custom_
response_ Sequence[Webbodies Acl Custom Response Body Args] - Defines custom response bodies that can be referenced by
custom_response
actions. Seecustom_response_body
below for details. - default_
action WebAcl Default Action Args - Action to perform if none of the
rules
contained in the WebACL match. Seedefault_action
below for details. - description str
- Friendly description of the WebACL.
- lock_
token str - name str
- Friendly name of the WebACL.
- rule_
json str - Raw JSON string to allow more than three nested statements. Conflicts with
rule
attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead ofrule
, you will be foregoing drift detection. See the AWS documentation for the JSON structure. - rules
Sequence[Web
Acl Rule Args] - Rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. Seerule
below for details. - scope str
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - Mapping[str, str]
- Map of key-value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - token_
domains Sequence[str] - Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- visibility_
config WebAcl Visibility Config Args - Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_config
below for details.
- application
Integration StringUrl - The URL to use in SDK integrations with managed rule groups.
- arn String
- The ARN of the WAF WebACL.
- association
Config Property Map - Specifies custom configurations for the associations between the web ACL and protected resources. See
association_config
below for details. - capacity Number
- Web ACL capacity units (WCUs) currently being used by this web ACL.
- captcha
Config Property Map - Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See
captcha_config
below for details. - challenge
Config Property Map - Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See
challenge_config
below for details. - custom
Response List<Property Map>Bodies - Defines custom response bodies that can be referenced by
custom_response
actions. Seecustom_response_body
below for details. - default
Action Property Map - Action to perform if none of the
rules
contained in the WebACL match. Seedefault_action
below for details. - description String
- Friendly description of the WebACL.
- lock
Token String - name String
- Friendly name of the WebACL.
- rule
Json String - Raw JSON string to allow more than three nested statements. Conflicts with
rule
attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead ofrule
, you will be foregoing drift detection. See the AWS documentation for the JSON structure. - rules List<Property Map>
- Rule blocks used to identify the web requests that you want to
allow
,block
, orcount
. Seerule
below for details. - scope String
- Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONT
orREGIONAL
. To work with CloudFront, you must also specify the regionus-east-1
(N. Virginia) on the AWS provider. - Map<String>
- Map of key-value pairs to associate with the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - token
Domains List<String> - Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- visibility
Config Property Map - Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_config
below for details.
Supporting Types
Note: There are over 200 nested types for this resource. Only the first 200 types are included in this documentation.
WebAclAssociationConfig, WebAclAssociationConfigArgs
- Request
Bodies List<WebAcl Association Config Request Body> - Customizes the request body that your protected resource forward to AWS WAF for inspection. See
request_body
below for details.
- Request
Bodies []WebAcl Association Config Request Body - Customizes the request body that your protected resource forward to AWS WAF for inspection. See
request_body
below for details.
- request
Bodies List<WebAcl Association Config Request Body> - Customizes the request body that your protected resource forward to AWS WAF for inspection. See
request_body
below for details.
- request
Bodies WebAcl Association Config Request Body[] - Customizes the request body that your protected resource forward to AWS WAF for inspection. See
request_body
below for details.
- request_
bodies Sequence[WebAcl Association Config Request Body] - Customizes the request body that your protected resource forward to AWS WAF for inspection. See
request_body
below for details.
- request
Bodies List<Property Map> - Customizes the request body that your protected resource forward to AWS WAF for inspection. See
request_body
below for details.
WebAclAssociationConfigRequestBody, WebAclAssociationConfigRequestBodyArgs
- Api
Gateways List<WebAcl Association Config Request Body Api Gateway> - Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when
scope
is set toCLOUDFRONT
. Seeapi_gateway
below for details. - App
Runner List<WebServices Acl Association Config Request Body App Runner Service> - Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seeapp_runner_service
below for details. - Cloudfronts
List<Web
Acl Association Config Request Body Cloudfront> - Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seecloudfront
below for details. - Cognito
User List<WebPools Acl Association Config Request Body Cognito User Pool> - Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seecognito_user_pool
below for details. - Verified
Access List<WebInstances Acl Association Config Request Body Verified Access Instance> - Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seeverified_access_instance
below for details.
- Api
Gateways []WebAcl Association Config Request Body Api Gateway - Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when
scope
is set toCLOUDFRONT
. Seeapi_gateway
below for details. - App
Runner []WebServices Acl Association Config Request Body App Runner Service - Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seeapp_runner_service
below for details. - Cloudfronts
[]Web
Acl Association Config Request Body Cloudfront - Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seecloudfront
below for details. - Cognito
User []WebPools Acl Association Config Request Body Cognito User Pool - Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seecognito_user_pool
below for details. - Verified
Access []WebInstances Acl Association Config Request Body Verified Access Instance - Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seeverified_access_instance
below for details.
- api
Gateways List<WebAcl Association Config Request Body Api Gateway> - Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when
scope
is set toCLOUDFRONT
. Seeapi_gateway
below for details. - app
Runner List<WebServices Acl Association Config Request Body App Runner Service> - Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seeapp_runner_service
below for details. - cloudfronts
List<Web
Acl Association Config Request Body Cloudfront> - Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seecloudfront
below for details. - cognito
User List<WebPools Acl Association Config Request Body Cognito User Pool> - Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seecognito_user_pool
below for details. - verified
Access List<WebInstances Acl Association Config Request Body Verified Access Instance> - Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seeverified_access_instance
below for details.
- api
Gateways WebAcl Association Config Request Body Api Gateway[] - Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when
scope
is set toCLOUDFRONT
. Seeapi_gateway
below for details. - app
Runner WebServices Acl Association Config Request Body App Runner Service[] - Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seeapp_runner_service
below for details. - cloudfronts
Web
Acl Association Config Request Body Cloudfront[] - Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seecloudfront
below for details. - cognito
User WebPools Acl Association Config Request Body Cognito User Pool[] - Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seecognito_user_pool
below for details. - verified
Access WebInstances Acl Association Config Request Body Verified Access Instance[] - Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seeverified_access_instance
below for details.
- api_
gateways Sequence[WebAcl Association Config Request Body Api Gateway] - Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when
scope
is set toCLOUDFRONT
. Seeapi_gateway
below for details. - app_
runner_ Sequence[Webservices Acl Association Config Request Body App Runner Service] - Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seeapp_runner_service
below for details. - cloudfronts
Sequence[Web
Acl Association Config Request Body Cloudfront] - Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seecloudfront
below for details. - cognito_
user_ Sequence[Webpools Acl Association Config Request Body Cognito User Pool] - Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seecognito_user_pool
below for details. - verified_
access_ Sequence[Webinstances Acl Association Config Request Body Verified Access Instance] - Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seeverified_access_instance
below for details.
- api
Gateways List<Property Map> - Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when
scope
is set toCLOUDFRONT
. Seeapi_gateway
below for details. - app
Runner List<Property Map>Services - Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seeapp_runner_service
below for details. - cloudfronts List<Property Map>
- Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seecloudfront
below for details. - cognito
User List<Property Map>Pools - Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seecognito_user_pool
below for details. - verified
Access List<Property Map>Instances - Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when
scope
is set toREGIONAL
. Seeverified_access_instance
below for details.
WebAclAssociationConfigRequestBodyApiGateway, WebAclAssociationConfigRequestBodyApiGatewayArgs
- Default
Size stringInspection Limit - Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- Default
Size stringInspection Limit - Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- default
Size StringInspection Limit - Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- default
Size stringInspection Limit - Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- default_
size_ strinspection_ limit - Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- default
Size StringInspection Limit - Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
WebAclAssociationConfigRequestBodyAppRunnerService, WebAclAssociationConfigRequestBodyAppRunnerServiceArgs
- Default
Size stringInspection Limit - Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- Default
Size stringInspection Limit - Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- default
Size StringInspection Limit - Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- default
Size stringInspection Limit - Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- default_
size_ strinspection_ limit - Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- default
Size StringInspection Limit - Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
WebAclAssociationConfigRequestBodyCloudfront, WebAclAssociationConfigRequestBodyCloudfrontArgs
- Default
Size stringInspection Limit - Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- Default
Size stringInspection Limit - Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- default
Size StringInspection Limit - Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- default
Size stringInspection Limit - Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- default_
size_ strinspection_ limit - Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- default
Size StringInspection Limit - Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
WebAclAssociationConfigRequestBodyCognitoUserPool, WebAclAssociationConfigRequestBodyCognitoUserPoolArgs
- Default
Size stringInspection Limit - Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- Default
Size stringInspection Limit - Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- default
Size StringInspection Limit - Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- default
Size stringInspection Limit - Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- default_
size_ strinspection_ limit - Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- default
Size StringInspection Limit - Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
WebAclAssociationConfigRequestBodyVerifiedAccessInstance, WebAclAssociationConfigRequestBodyVerifiedAccessInstanceArgs
- Default
Size stringInspection Limit - Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- Default
Size stringInspection Limit - Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- default
Size StringInspection Limit - Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- default
Size stringInspection Limit - Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- default_
size_ strinspection_ limit - Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
- default
Size StringInspection Limit - Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are
KB_16
,KB_32
,KB_48
andKB_64
.
WebAclCaptchaConfig, WebAclCaptchaConfigArgs
- Immunity
Time WebProperty Acl Captcha Config Immunity Time Property - Defines custom immunity time. See
immunity_time_property
below for details.
- Immunity
Time WebProperty Acl Captcha Config Immunity Time Property - Defines custom immunity time. See
immunity_time_property
below for details.
- immunity
Time WebProperty Acl Captcha Config Immunity Time Property - Defines custom immunity time. See
immunity_time_property
below for details.
- immunity
Time WebProperty Acl Captcha Config Immunity Time Property - Defines custom immunity time. See
immunity_time_property
below for details.
- immunity_
time_ Webproperty Acl Captcha Config Immunity Time Property - Defines custom immunity time. See
immunity_time_property
below for details.
- immunity
Time Property MapProperty - Defines custom immunity time. See
immunity_time_property
below for details.
WebAclCaptchaConfigImmunityTimeProperty, WebAclCaptchaConfigImmunityTimePropertyArgs
- Immunity
Time int - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- Immunity
Time int - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity
Time Integer - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity
Time number - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity_
time int - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity
Time Number - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
WebAclChallengeConfig, WebAclChallengeConfigArgs
- Immunity
Time WebProperty Acl Challenge Config Immunity Time Property - Defines custom immunity time. See
immunity_time_property
below for details.
- Immunity
Time WebProperty Acl Challenge Config Immunity Time Property - Defines custom immunity time. See
immunity_time_property
below for details.
- immunity
Time WebProperty Acl Challenge Config Immunity Time Property - Defines custom immunity time. See
immunity_time_property
below for details.
- immunity
Time WebProperty Acl Challenge Config Immunity Time Property - Defines custom immunity time. See
immunity_time_property
below for details.
- immunity_
time_ Webproperty Acl Challenge Config Immunity Time Property - Defines custom immunity time. See
immunity_time_property
below for details.
- immunity
Time Property MapProperty - Defines custom immunity time. See
immunity_time_property
below for details.
WebAclChallengeConfigImmunityTimeProperty, WebAclChallengeConfigImmunityTimePropertyArgs
- Immunity
Time int - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- Immunity
Time int - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity
Time Integer - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity
Time number - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity_
time int - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity
Time Number - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
WebAclCustomResponseBody, WebAclCustomResponseBodyArgs
- Content string
- Payload of the custom response.
- Content
Type string - Type of content in the payload that you are defining in the
content
argument. Valid values areTEXT_PLAIN
,TEXT_HTML
, orAPPLICATION_JSON
. - Key string
- Unique key identifying the custom response body. This is referenced by the
custom_response_body_key
argument in thecustom_response
block.
- Content string
- Payload of the custom response.
- Content
Type string - Type of content in the payload that you are defining in the
content
argument. Valid values areTEXT_PLAIN
,TEXT_HTML
, orAPPLICATION_JSON
. - Key string
- Unique key identifying the custom response body. This is referenced by the
custom_response_body_key
argument in thecustom_response
block.
- content String
- Payload of the custom response.
- content
Type String - Type of content in the payload that you are defining in the
content
argument. Valid values areTEXT_PLAIN
,TEXT_HTML
, orAPPLICATION_JSON
. - key String
- Unique key identifying the custom response body. This is referenced by the
custom_response_body_key
argument in thecustom_response
block.
- content string
- Payload of the custom response.
- content
Type string - Type of content in the payload that you are defining in the
content
argument. Valid values areTEXT_PLAIN
,TEXT_HTML
, orAPPLICATION_JSON
. - key string
- Unique key identifying the custom response body. This is referenced by the
custom_response_body_key
argument in thecustom_response
block.
- content str
- Payload of the custom response.
- content_
type str - Type of content in the payload that you are defining in the
content
argument. Valid values areTEXT_PLAIN
,TEXT_HTML
, orAPPLICATION_JSON
. - key str
- Unique key identifying the custom response body. This is referenced by the
custom_response_body_key
argument in thecustom_response
block.
- content String
- Payload of the custom response.
- content
Type String - Type of content in the payload that you are defining in the
content
argument. Valid values areTEXT_PLAIN
,TEXT_HTML
, orAPPLICATION_JSON
. - key String
- Unique key identifying the custom response body. This is referenced by the
custom_response_body_key
argument in thecustom_response
block.
WebAclDefaultAction, WebAclDefaultActionArgs
- Allow
Web
Acl Default Action Allow - Specifies that AWS WAF should allow requests by default. See
allow
below for details. - Block
Web
Acl Default Action Block - Specifies that AWS WAF should block requests by default. See
block
below for details.
- Allow
Web
Acl Default Action Allow - Specifies that AWS WAF should allow requests by default. See
allow
below for details. - Block
Web
Acl Default Action Block - Specifies that AWS WAF should block requests by default. See
block
below for details.
- allow
Web
Acl Default Action Allow - Specifies that AWS WAF should allow requests by default. See
allow
below for details. - block
Web
Acl Default Action Block - Specifies that AWS WAF should block requests by default. See
block
below for details.
- allow
Web
Acl Default Action Allow - Specifies that AWS WAF should allow requests by default. See
allow
below for details. - block
Web
Acl Default Action Block - Specifies that AWS WAF should block requests by default. See
block
below for details.
- allow
Web
Acl Default Action Allow - Specifies that AWS WAF should allow requests by default. See
allow
below for details. - block
Web
Acl Default Action Block - Specifies that AWS WAF should block requests by default. See
block
below for details.
- allow Property Map
- Specifies that AWS WAF should allow requests by default. See
allow
below for details. - block Property Map
- Specifies that AWS WAF should block requests by default. See
block
below for details.
WebAclDefaultActionAllow, WebAclDefaultActionAllowArgs
- Custom
Request WebHandling Acl Default Action Allow Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- Custom
Request WebHandling Acl Default Action Allow Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request WebHandling Acl Default Action Allow Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request WebHandling Acl Default Action Allow Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom_
request_ Webhandling Acl Default Action Allow Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request Property MapHandling - Defines custom handling for the web request. See
custom_request_handling
below for details.
WebAclDefaultActionAllowCustomRequestHandling, WebAclDefaultActionAllowCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Default Action Allow Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- Insert
Headers []WebAcl Default Action Allow Custom Request Handling Insert Header - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers List<WebAcl Default Action Allow Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers WebAcl Default Action Allow Custom Request Handling Insert Header[] - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert_
headers Sequence[WebAcl Default Action Allow Custom Request Handling Insert Header] - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers List<Property Map> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
WebAclDefaultActionAllowCustomRequestHandlingInsertHeader, WebAclDefaultActionAllowCustomRequestHandlingInsertHeaderArgs
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
- name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value string
- Value of the custom header.
- name str
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value str
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
WebAclDefaultActionBlock, WebAclDefaultActionBlockArgs
- Custom
Response WebAcl Default Action Block Custom Response - Defines a custom response for the web request. See
custom_response
below for details.
- Custom
Response WebAcl Default Action Block Custom Response - Defines a custom response for the web request. See
custom_response
below for details.
- custom
Response WebAcl Default Action Block Custom Response - Defines a custom response for the web request. See
custom_response
below for details.
- custom
Response WebAcl Default Action Block Custom Response - Defines a custom response for the web request. See
custom_response
below for details.
- custom_
response WebAcl Default Action Block Custom Response - Defines a custom response for the web request. See
custom_response
below for details.
- custom
Response Property Map - Defines a custom response for the web request. See
custom_response
below for details.
WebAclDefaultActionBlockCustomResponse, WebAclDefaultActionBlockCustomResponseArgs
- Response
Code int - The HTTP status code to return to the client.
- Custom
Response stringBody Key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - Response
Headers List<WebAcl Default Action Block Custom Response Response Header> - The
response_header
blocks used to define the HTTP response headers added to the response. Seeresponse_header
below for details.
- Response
Code int - The HTTP status code to return to the client.
- Custom
Response stringBody Key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - Response
Headers []WebAcl Default Action Block Custom Response Response Header - The
response_header
blocks used to define the HTTP response headers added to the response. Seeresponse_header
below for details.
- response
Code Integer - The HTTP status code to return to the client.
- custom
Response StringBody Key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - response
Headers List<WebAcl Default Action Block Custom Response Response Header> - The
response_header
blocks used to define the HTTP response headers added to the response. Seeresponse_header
below for details.
- response
Code number - The HTTP status code to return to the client.
- custom
Response stringBody Key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - response
Headers WebAcl Default Action Block Custom Response Response Header[] - The
response_header
blocks used to define the HTTP response headers added to the response. Seeresponse_header
below for details.
- response_
code int - The HTTP status code to return to the client.
- custom_
response_ strbody_ key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - response_
headers Sequence[WebAcl Default Action Block Custom Response Response Header] - The
response_header
blocks used to define the HTTP response headers added to the response. Seeresponse_header
below for details.
- response
Code Number - The HTTP status code to return to the client.
- custom
Response StringBody Key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - response
Headers List<Property Map> - The
response_header
blocks used to define the HTTP response headers added to the response. Seeresponse_header
below for details.
WebAclDefaultActionBlockCustomResponseResponseHeader, WebAclDefaultActionBlockCustomResponseResponseHeaderArgs
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
- name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value string
- Value of the custom header.
- name str
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value str
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
WebAclRule, WebAclRuleArgs
- Name string
- Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern,
^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*
, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors. - Priority int
- If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the
rules
in order based on the value ofpriority
. AWS WAF processes rules with lower priority first. - Statement
Web
Acl Rule Statement - The AWS WAF processing statement for the rule, for example
byte_match_statement
orgeo_match_statement
. Seestatement
below for details. - Visibility
Config WebAcl Rule Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_config
below for details. - Action
Web
Acl Rule Action - Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See
action
for details. - Captcha
Config WebAcl Rule Captcha Config - Specifies how AWS WAF should handle CAPTCHA evaluations. See
captcha_config
below for details. - Override
Action WebAcl Rule Override Action - Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like
rule_group_reference_statement
andmanaged_rule_group_statement
. Seeoverride_action
below for details. - Rule
Labels List<WebAcl Rule Rule Label> - Labels to apply to web requests that match the rule match statement. See
rule_label
below for details.
- Name string
- Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern,
^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*
, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors. - Priority int
- If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the
rules
in order based on the value ofpriority
. AWS WAF processes rules with lower priority first. - Statement
Web
Acl Rule Statement - The AWS WAF processing statement for the rule, for example
byte_match_statement
orgeo_match_statement
. Seestatement
below for details. - Visibility
Config WebAcl Rule Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_config
below for details. - Action
Web
Acl Rule Action - Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See
action
for details. - Captcha
Config WebAcl Rule Captcha Config - Specifies how AWS WAF should handle CAPTCHA evaluations. See
captcha_config
below for details. - Override
Action WebAcl Rule Override Action - Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like
rule_group_reference_statement
andmanaged_rule_group_statement
. Seeoverride_action
below for details. - Rule
Labels []WebAcl Rule Rule Label - Labels to apply to web requests that match the rule match statement. See
rule_label
below for details.
- name String
- Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern,
^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*
, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors. - priority Integer
- If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the
rules
in order based on the value ofpriority
. AWS WAF processes rules with lower priority first. - statement
Web
Acl Rule Statement - The AWS WAF processing statement for the rule, for example
byte_match_statement
orgeo_match_statement
. Seestatement
below for details. - visibility
Config WebAcl Rule Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_config
below for details. - action
Web
Acl Rule Action - Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See
action
for details. - captcha
Config WebAcl Rule Captcha Config - Specifies how AWS WAF should handle CAPTCHA evaluations. See
captcha_config
below for details. - override
Action WebAcl Rule Override Action - Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like
rule_group_reference_statement
andmanaged_rule_group_statement
. Seeoverride_action
below for details. - rule
Labels List<WebAcl Rule Rule Label> - Labels to apply to web requests that match the rule match statement. See
rule_label
below for details.
- name string
- Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern,
^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*
, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors. - priority number
- If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the
rules
in order based on the value ofpriority
. AWS WAF processes rules with lower priority first. - statement
Web
Acl Rule Statement - The AWS WAF processing statement for the rule, for example
byte_match_statement
orgeo_match_statement
. Seestatement
below for details. - visibility
Config WebAcl Rule Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_config
below for details. - action
Web
Acl Rule Action - Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See
action
for details. - captcha
Config WebAcl Rule Captcha Config - Specifies how AWS WAF should handle CAPTCHA evaluations. See
captcha_config
below for details. - override
Action WebAcl Rule Override Action - Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like
rule_group_reference_statement
andmanaged_rule_group_statement
. Seeoverride_action
below for details. - rule
Labels WebAcl Rule Rule Label[] - Labels to apply to web requests that match the rule match statement. See
rule_label
below for details.
- name str
- Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern,
^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*
, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors. - priority int
- If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the
rules
in order based on the value ofpriority
. AWS WAF processes rules with lower priority first. - statement
Web
Acl Rule Statement - The AWS WAF processing statement for the rule, for example
byte_match_statement
orgeo_match_statement
. Seestatement
below for details. - visibility_
config WebAcl Rule Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_config
below for details. - action
Web
Acl Rule Action - Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See
action
for details. - captcha_
config WebAcl Rule Captcha Config - Specifies how AWS WAF should handle CAPTCHA evaluations. See
captcha_config
below for details. - override_
action WebAcl Rule Override Action - Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like
rule_group_reference_statement
andmanaged_rule_group_statement
. Seeoverride_action
below for details. - rule_
labels Sequence[WebAcl Rule Rule Label] - Labels to apply to web requests that match the rule match statement. See
rule_label
below for details.
- name String
- Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern,
^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*
, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors. - priority Number
- If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the
rules
in order based on the value ofpriority
. AWS WAF processes rules with lower priority first. - statement Property Map
- The AWS WAF processing statement for the rule, for example
byte_match_statement
orgeo_match_statement
. Seestatement
below for details. - visibility
Config Property Map - Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_config
below for details. - action Property Map
- Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See
action
for details. - captcha
Config Property Map - Specifies how AWS WAF should handle CAPTCHA evaluations. See
captcha_config
below for details. - override
Action Property Map - Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like
rule_group_reference_statement
andmanaged_rule_group_statement
. Seeoverride_action
below for details. - rule
Labels List<Property Map> - Labels to apply to web requests that match the rule match statement. See
rule_label
below for details.
WebAclRuleAction, WebAclRuleActionArgs
- Allow
Web
Acl Rule Action Allow - Instructs AWS WAF to allow the web request. See
allow
below for details. - Block
Web
Acl Rule Action Block - Instructs AWS WAF to block the web request. See
block
below for details. - Captcha
Web
Acl Rule Action Captcha - Instructs AWS WAF to run a Captcha check against the web request. See
captcha
below for details. - Challenge
Web
Acl Rule Action Challenge - Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See
challenge
below for details. - Count
Web
Acl Rule Action Count - Instructs AWS WAF to count the web request and allow it. See
count
below for details.
- Allow
Web
Acl Rule Action Allow - Instructs AWS WAF to allow the web request. See
allow
below for details. - Block
Web
Acl Rule Action Block - Instructs AWS WAF to block the web request. See
block
below for details. - Captcha
Web
Acl Rule Action Captcha - Instructs AWS WAF to run a Captcha check against the web request. See
captcha
below for details. - Challenge
Web
Acl Rule Action Challenge - Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See
challenge
below for details. - Count
Web
Acl Rule Action Count - Instructs AWS WAF to count the web request and allow it. See
count
below for details.
- allow
Web
Acl Rule Action Allow - Instructs AWS WAF to allow the web request. See
allow
below for details. - block
Web
Acl Rule Action Block - Instructs AWS WAF to block the web request. See
block
below for details. - captcha
Web
Acl Rule Action Captcha - Instructs AWS WAF to run a Captcha check against the web request. See
captcha
below for details. - challenge
Web
Acl Rule Action Challenge - Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See
challenge
below for details. - count
Web
Acl Rule Action Count - Instructs AWS WAF to count the web request and allow it. See
count
below for details.
- allow
Web
Acl Rule Action Allow - Instructs AWS WAF to allow the web request. See
allow
below for details. - block
Web
Acl Rule Action Block - Instructs AWS WAF to block the web request. See
block
below for details. - captcha
Web
Acl Rule Action Captcha - Instructs AWS WAF to run a Captcha check against the web request. See
captcha
below for details. - challenge
Web
Acl Rule Action Challenge - Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See
challenge
below for details. - count
Web
Acl Rule Action Count - Instructs AWS WAF to count the web request and allow it. See
count
below for details.
- allow
Web
Acl Rule Action Allow - Instructs AWS WAF to allow the web request. See
allow
below for details. - block
Web
Acl Rule Action Block - Instructs AWS WAF to block the web request. See
block
below for details. - captcha
Web
Acl Rule Action Captcha - Instructs AWS WAF to run a Captcha check against the web request. See
captcha
below for details. - challenge
Web
Acl Rule Action Challenge - Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See
challenge
below for details. - count
Web
Acl Rule Action Count - Instructs AWS WAF to count the web request and allow it. See
count
below for details.
- allow Property Map
- Instructs AWS WAF to allow the web request. See
allow
below for details. - block Property Map
- Instructs AWS WAF to block the web request. See
block
below for details. - captcha Property Map
- Instructs AWS WAF to run a Captcha check against the web request. See
captcha
below for details. - challenge Property Map
- Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See
challenge
below for details. - count Property Map
- Instructs AWS WAF to count the web request and allow it. See
count
below for details.
WebAclRuleActionAllow, WebAclRuleActionAllowArgs
- Custom
Request WebHandling Acl Rule Action Allow Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- Custom
Request WebHandling Acl Rule Action Allow Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request WebHandling Acl Rule Action Allow Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request WebHandling Acl Rule Action Allow Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom_
request_ Webhandling Acl Rule Action Allow Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request Property MapHandling - Defines custom handling for the web request. See
custom_request_handling
below for details.
WebAclRuleActionAllowCustomRequestHandling, WebAclRuleActionAllowCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Action Allow Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- Insert
Headers []WebAcl Rule Action Allow Custom Request Handling Insert Header - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers List<WebAcl Rule Action Allow Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers WebAcl Rule Action Allow Custom Request Handling Insert Header[] - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert_
headers Sequence[WebAcl Rule Action Allow Custom Request Handling Insert Header] - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers List<Property Map> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
WebAclRuleActionAllowCustomRequestHandlingInsertHeader, WebAclRuleActionAllowCustomRequestHandlingInsertHeaderArgs
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
- name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value string
- Value of the custom header.
- name str
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value str
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
WebAclRuleActionBlock, WebAclRuleActionBlockArgs
- Custom
Response WebAcl Rule Action Block Custom Response - Defines a custom response for the web request. See
custom_response
below for details.
- Custom
Response WebAcl Rule Action Block Custom Response - Defines a custom response for the web request. See
custom_response
below for details.
- custom
Response WebAcl Rule Action Block Custom Response - Defines a custom response for the web request. See
custom_response
below for details.
- custom
Response WebAcl Rule Action Block Custom Response - Defines a custom response for the web request. See
custom_response
below for details.
- custom_
response WebAcl Rule Action Block Custom Response - Defines a custom response for the web request. See
custom_response
below for details.
- custom
Response Property Map - Defines a custom response for the web request. See
custom_response
below for details.
WebAclRuleActionBlockCustomResponse, WebAclRuleActionBlockCustomResponseArgs
- Response
Code int - The HTTP status code to return to the client.
- Custom
Response stringBody Key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - Response
Headers List<WebAcl Rule Action Block Custom Response Response Header> - The
response_header
blocks used to define the HTTP response headers added to the response. Seeresponse_header
below for details.
- Response
Code int - The HTTP status code to return to the client.
- Custom
Response stringBody Key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - Response
Headers []WebAcl Rule Action Block Custom Response Response Header - The
response_header
blocks used to define the HTTP response headers added to the response. Seeresponse_header
below for details.
- response
Code Integer - The HTTP status code to return to the client.
- custom
Response StringBody Key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - response
Headers List<WebAcl Rule Action Block Custom Response Response Header> - The
response_header
blocks used to define the HTTP response headers added to the response. Seeresponse_header
below for details.
- response
Code number - The HTTP status code to return to the client.
- custom
Response stringBody Key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - response
Headers WebAcl Rule Action Block Custom Response Response Header[] - The
response_header
blocks used to define the HTTP response headers added to the response. Seeresponse_header
below for details.
- response_
code int - The HTTP status code to return to the client.
- custom_
response_ strbody_ key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - response_
headers Sequence[WebAcl Rule Action Block Custom Response Response Header] - The
response_header
blocks used to define the HTTP response headers added to the response. Seeresponse_header
below for details.
- response
Code Number - The HTTP status code to return to the client.
- custom
Response StringBody Key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - response
Headers List<Property Map> - The
response_header
blocks used to define the HTTP response headers added to the response. Seeresponse_header
below for details.
WebAclRuleActionBlockCustomResponseResponseHeader, WebAclRuleActionBlockCustomResponseResponseHeaderArgs
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
- name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value string
- Value of the custom header.
- name str
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value str
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
WebAclRuleActionCaptcha, WebAclRuleActionCaptchaArgs
- Custom
Request WebHandling Acl Rule Action Captcha Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- Custom
Request WebHandling Acl Rule Action Captcha Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request WebHandling Acl Rule Action Captcha Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request WebHandling Acl Rule Action Captcha Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom_
request_ Webhandling Acl Rule Action Captcha Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request Property MapHandling - Defines custom handling for the web request. See
custom_request_handling
below for details.
WebAclRuleActionCaptchaCustomRequestHandling, WebAclRuleActionCaptchaCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Action Captcha Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- Insert
Headers []WebAcl Rule Action Captcha Custom Request Handling Insert Header - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers List<WebAcl Rule Action Captcha Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers WebAcl Rule Action Captcha Custom Request Handling Insert Header[] - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert_
headers Sequence[WebAcl Rule Action Captcha Custom Request Handling Insert Header] - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers List<Property Map> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader, WebAclRuleActionCaptchaCustomRequestHandlingInsertHeaderArgs
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
- name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value string
- Value of the custom header.
- name str
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value str
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
WebAclRuleActionChallenge, WebAclRuleActionChallengeArgs
- Custom
Request WebHandling Acl Rule Action Challenge Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- Custom
Request WebHandling Acl Rule Action Challenge Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request WebHandling Acl Rule Action Challenge Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request WebHandling Acl Rule Action Challenge Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom_
request_ Webhandling Acl Rule Action Challenge Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request Property MapHandling - Defines custom handling for the web request. See
custom_request_handling
below for details.
WebAclRuleActionChallengeCustomRequestHandling, WebAclRuleActionChallengeCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Action Challenge Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- Insert
Headers []WebAcl Rule Action Challenge Custom Request Handling Insert Header - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers List<WebAcl Rule Action Challenge Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers WebAcl Rule Action Challenge Custom Request Handling Insert Header[] - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert_
headers Sequence[WebAcl Rule Action Challenge Custom Request Handling Insert Header] - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers List<Property Map> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
WebAclRuleActionChallengeCustomRequestHandlingInsertHeader, WebAclRuleActionChallengeCustomRequestHandlingInsertHeaderArgs
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
- name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value string
- Value of the custom header.
- name str
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value str
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
WebAclRuleActionCount, WebAclRuleActionCountArgs
- Custom
Request WebHandling Acl Rule Action Count Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- Custom
Request WebHandling Acl Rule Action Count Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request WebHandling Acl Rule Action Count Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request WebHandling Acl Rule Action Count Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom_
request_ Webhandling Acl Rule Action Count Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request Property MapHandling - Defines custom handling for the web request. See
custom_request_handling
below for details.
WebAclRuleActionCountCustomRequestHandling, WebAclRuleActionCountCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Action Count Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- Insert
Headers []WebAcl Rule Action Count Custom Request Handling Insert Header - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers List<WebAcl Rule Action Count Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers WebAcl Rule Action Count Custom Request Handling Insert Header[] - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert_
headers Sequence[WebAcl Rule Action Count Custom Request Handling Insert Header] - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers List<Property Map> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
WebAclRuleActionCountCustomRequestHandlingInsertHeader, WebAclRuleActionCountCustomRequestHandlingInsertHeaderArgs
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
- name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value string
- Value of the custom header.
- name str
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value str
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
WebAclRuleCaptchaConfig, WebAclRuleCaptchaConfigArgs
- Immunity
Time WebProperty Acl Rule Captcha Config Immunity Time Property - Defines custom immunity time. See
immunity_time_property
below for details.
- Immunity
Time WebProperty Acl Rule Captcha Config Immunity Time Property - Defines custom immunity time. See
immunity_time_property
below for details.
- immunity
Time WebProperty Acl Rule Captcha Config Immunity Time Property - Defines custom immunity time. See
immunity_time_property
below for details.
- immunity
Time WebProperty Acl Rule Captcha Config Immunity Time Property - Defines custom immunity time. See
immunity_time_property
below for details.
- immunity_
time_ Webproperty Acl Rule Captcha Config Immunity Time Property - Defines custom immunity time. See
immunity_time_property
below for details.
- immunity
Time Property MapProperty - Defines custom immunity time. See
immunity_time_property
below for details.
WebAclRuleCaptchaConfigImmunityTimeProperty, WebAclRuleCaptchaConfigImmunityTimePropertyArgs
- Immunity
Time int - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- Immunity
Time int - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity
Time Integer - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity
Time number - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity_
time int - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity
Time Number - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
WebAclRuleOverrideAction, WebAclRuleOverrideActionArgs
- Count
Web
Acl Rule Override Action Count - Override the rule action setting to count (i.e., only count matches). Configured as an empty block
{}
. - None
Web
Acl Rule Override Action None - Don't override the rule action setting. Configured as an empty block
{}
.
- Count
Web
Acl Rule Override Action Count - Override the rule action setting to count (i.e., only count matches). Configured as an empty block
{}
. - None
Web
Acl Rule Override Action None - Don't override the rule action setting. Configured as an empty block
{}
.
- count
Web
Acl Rule Override Action Count - Override the rule action setting to count (i.e., only count matches). Configured as an empty block
{}
. - none
Web
Acl Rule Override Action None - Don't override the rule action setting. Configured as an empty block
{}
.
- count
Web
Acl Rule Override Action Count - Override the rule action setting to count (i.e., only count matches). Configured as an empty block
{}
. - none
Web
Acl Rule Override Action None - Don't override the rule action setting. Configured as an empty block
{}
.
- count
Web
Acl Rule Override Action Count - Override the rule action setting to count (i.e., only count matches). Configured as an empty block
{}
. - none
Web
Acl Rule Override Action None - Don't override the rule action setting. Configured as an empty block
{}
.
- count Property Map
- Override the rule action setting to count (i.e., only count matches). Configured as an empty block
{}
. - none Property Map
- Don't override the rule action setting. Configured as an empty block
{}
.
WebAclRuleRuleLabel, WebAclRuleRuleLabelArgs
- Name string
- Label string.
- Name string
- Label string.
- name String
- Label string.
- name string
- Label string.
- name str
- Label string.
- name String
- Label string.
WebAclRuleStatement, WebAclRuleStatementArgs
- And
Statement WebAcl Rule Statement And Statement - Logical rule statement used to combine other rule statements with AND logic. See
and_statement
below for details. - Byte
Match WebStatement Acl Rule Statement Byte Match Statement - Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statement
below for details. - Geo
Match WebStatement Acl Rule Statement Geo Match Statement - Rule statement used to identify web requests based on country of origin. See
geo_match_statement
below for details. - Ip
Set WebReference Statement Acl Rule Statement Ip Set Reference Statement - Rule statement used to detect web requests coming from particular IP addresses or address ranges. See
ip_set_reference_statement
below for details. - Label
Match WebStatement Acl Rule Statement Label Match Statement - Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statement
below for details. - Managed
Rule WebGroup Statement Acl Rule Statement Managed Rule Group Statement - Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See
managed_rule_group_statement
below for details. - Not
Statement WebAcl Rule Statement Not Statement - Logical rule statement used to negate the results of another rule statement. See
not_statement
below for details. - Or
Statement WebAcl Rule Statement Or Statement - Logical rule statement used to combine other rule statements with OR logic. See
or_statement
below for details. - Rate
Based WebStatement Acl Rule Statement Rate Based Statement - Rate-based rule tracks the rate of requests for each originating
IP address
, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any5-minute
time span. This statement can not be nested. Seerate_based_statement
below for details. - Regex
Match WebStatement Acl Rule Statement Regex Match Statement - Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statement
below for details. - Regex
Pattern WebSet Reference Statement Acl Rule Statement Regex Pattern Set Reference Statement - Rule statement used to search web request components for matches with regular expressions. See
regex_pattern_set_reference_statement
below for details. - Rule
Group WebReference Statement Acl Rule Statement Rule Group Reference Statement - Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See
rule_group_reference_statement
below for details. - Size
Constraint WebStatement Acl Rule Statement Size Constraint Statement - Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statement
below for more details. - Sqli
Match WebStatement Acl Rule Statement Sqli Match Statement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statement
below for details. - Xss
Match WebStatement Acl Rule Statement Xss Match Statement - Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statement
below for details.
- And
Statement WebAcl Rule Statement And Statement - Logical rule statement used to combine other rule statements with AND logic. See
and_statement
below for details. - Byte
Match WebStatement Acl Rule Statement Byte Match Statement - Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statement
below for details. - Geo
Match WebStatement Acl Rule Statement Geo Match Statement - Rule statement used to identify web requests based on country of origin. See
geo_match_statement
below for details. - Ip
Set WebReference Statement Acl Rule Statement Ip Set Reference Statement - Rule statement used to detect web requests coming from particular IP addresses or address ranges. See
ip_set_reference_statement
below for details. - Label
Match WebStatement Acl Rule Statement Label Match Statement - Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statement
below for details. - Managed
Rule WebGroup Statement Acl Rule Statement Managed Rule Group Statement - Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See
managed_rule_group_statement
below for details. - Not
Statement WebAcl Rule Statement Not Statement - Logical rule statement used to negate the results of another rule statement. See
not_statement
below for details. - Or
Statement WebAcl Rule Statement Or Statement - Logical rule statement used to combine other rule statements with OR logic. See
or_statement
below for details. - Rate
Based WebStatement Acl Rule Statement Rate Based Statement - Rate-based rule tracks the rate of requests for each originating
IP address
, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any5-minute
time span. This statement can not be nested. Seerate_based_statement
below for details. - Regex
Match WebStatement Acl Rule Statement Regex Match Statement - Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statement
below for details. - Regex
Pattern WebSet Reference Statement Acl Rule Statement Regex Pattern Set Reference Statement - Rule statement used to search web request components for matches with regular expressions. See
regex_pattern_set_reference_statement
below for details. - Rule
Group WebReference Statement Acl Rule Statement Rule Group Reference Statement - Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See
rule_group_reference_statement
below for details. - Size
Constraint WebStatement Acl Rule Statement Size Constraint Statement - Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statement
below for more details. - Sqli
Match WebStatement Acl Rule Statement Sqli Match Statement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statement
below for details. - Xss
Match WebStatement Acl Rule Statement Xss Match Statement - Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statement
below for details.
- and
Statement WebAcl Rule Statement And Statement - Logical rule statement used to combine other rule statements with AND logic. See
and_statement
below for details. - byte
Match WebStatement Acl Rule Statement Byte Match Statement - Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statement
below for details. - geo
Match WebStatement Acl Rule Statement Geo Match Statement - Rule statement used to identify web requests based on country of origin. See
geo_match_statement
below for details. - ip
Set WebReference Statement Acl Rule Statement Ip Set Reference Statement - Rule statement used to detect web requests coming from particular IP addresses or address ranges. See
ip_set_reference_statement
below for details. - label
Match WebStatement Acl Rule Statement Label Match Statement - Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statement
below for details. - managed
Rule WebGroup Statement Acl Rule Statement Managed Rule Group Statement - Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See
managed_rule_group_statement
below for details. - not
Statement WebAcl Rule Statement Not Statement - Logical rule statement used to negate the results of another rule statement. See
not_statement
below for details. - or
Statement WebAcl Rule Statement Or Statement - Logical rule statement used to combine other rule statements with OR logic. See
or_statement
below for details. - rate
Based WebStatement Acl Rule Statement Rate Based Statement - Rate-based rule tracks the rate of requests for each originating
IP address
, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any5-minute
time span. This statement can not be nested. Seerate_based_statement
below for details. - regex
Match WebStatement Acl Rule Statement Regex Match Statement - Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statement
below for details. - regex
Pattern WebSet Reference Statement Acl Rule Statement Regex Pattern Set Reference Statement - Rule statement used to search web request components for matches with regular expressions. See
regex_pattern_set_reference_statement
below for details. - rule
Group WebReference Statement Acl Rule Statement Rule Group Reference Statement - Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See
rule_group_reference_statement
below for details. - size
Constraint WebStatement Acl Rule Statement Size Constraint Statement - Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statement
below for more details. - sqli
Match WebStatement Acl Rule Statement Sqli Match Statement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statement
below for details. - xss
Match WebStatement Acl Rule Statement Xss Match Statement - Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statement
below for details.
- and
Statement WebAcl Rule Statement And Statement - Logical rule statement used to combine other rule statements with AND logic. See
and_statement
below for details. - byte
Match WebStatement Acl Rule Statement Byte Match Statement - Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statement
below for details. - geo
Match WebStatement Acl Rule Statement Geo Match Statement - Rule statement used to identify web requests based on country of origin. See
geo_match_statement
below for details. - ip
Set WebReference Statement Acl Rule Statement Ip Set Reference Statement - Rule statement used to detect web requests coming from particular IP addresses or address ranges. See
ip_set_reference_statement
below for details. - label
Match WebStatement Acl Rule Statement Label Match Statement - Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statement
below for details. - managed
Rule WebGroup Statement Acl Rule Statement Managed Rule Group Statement - Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See
managed_rule_group_statement
below for details. - not
Statement WebAcl Rule Statement Not Statement - Logical rule statement used to negate the results of another rule statement. See
not_statement
below for details. - or
Statement WebAcl Rule Statement Or Statement - Logical rule statement used to combine other rule statements with OR logic. See
or_statement
below for details. - rate
Based WebStatement Acl Rule Statement Rate Based Statement - Rate-based rule tracks the rate of requests for each originating
IP address
, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any5-minute
time span. This statement can not be nested. Seerate_based_statement
below for details. - regex
Match WebStatement Acl Rule Statement Regex Match Statement - Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statement
below for details. - regex
Pattern WebSet Reference Statement Acl Rule Statement Regex Pattern Set Reference Statement - Rule statement used to search web request components for matches with regular expressions. See
regex_pattern_set_reference_statement
below for details. - rule
Group WebReference Statement Acl Rule Statement Rule Group Reference Statement - Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See
rule_group_reference_statement
below for details. - size
Constraint WebStatement Acl Rule Statement Size Constraint Statement - Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statement
below for more details. - sqli
Match WebStatement Acl Rule Statement Sqli Match Statement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statement
below for details. - xss
Match WebStatement Acl Rule Statement Xss Match Statement - Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statement
below for details.
- and_
statement WebAcl Rule Statement And Statement - Logical rule statement used to combine other rule statements with AND logic. See
and_statement
below for details. - byte_
match_ Webstatement Acl Rule Statement Byte Match Statement - Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statement
below for details. - geo_
match_ Webstatement Acl Rule Statement Geo Match Statement - Rule statement used to identify web requests based on country of origin. See
geo_match_statement
below for details. - ip_
set_ Webreference_ statement Acl Rule Statement Ip Set Reference Statement - Rule statement used to detect web requests coming from particular IP addresses or address ranges. See
ip_set_reference_statement
below for details. - label_
match_ Webstatement Acl Rule Statement Label Match Statement - Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statement
below for details. - managed_
rule_ Webgroup_ statement Acl Rule Statement Managed Rule Group Statement - Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See
managed_rule_group_statement
below for details. - not_
statement WebAcl Rule Statement Not Statement - Logical rule statement used to negate the results of another rule statement. See
not_statement
below for details. - or_
statement WebAcl Rule Statement Or Statement - Logical rule statement used to combine other rule statements with OR logic. See
or_statement
below for details. - rate_
based_ Webstatement Acl Rule Statement Rate Based Statement - Rate-based rule tracks the rate of requests for each originating
IP address
, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any5-minute
time span. This statement can not be nested. Seerate_based_statement
below for details. - regex_
match_ Webstatement Acl Rule Statement Regex Match Statement - Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statement
below for details. - regex_
pattern_ Webset_ reference_ statement Acl Rule Statement Regex Pattern Set Reference Statement - Rule statement used to search web request components for matches with regular expressions. See
regex_pattern_set_reference_statement
below for details. - rule_
group_ Webreference_ statement Acl Rule Statement Rule Group Reference Statement - Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See
rule_group_reference_statement
below for details. - size_
constraint_ Webstatement Acl Rule Statement Size Constraint Statement - Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statement
below for more details. - sqli_
match_ Webstatement Acl Rule Statement Sqli Match Statement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statement
below for details. - xss_
match_ Webstatement Acl Rule Statement Xss Match Statement - Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statement
below for details.
- and
Statement Property Map - Logical rule statement used to combine other rule statements with AND logic. See
and_statement
below for details. - byte
Match Property MapStatement - Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statement
below for details. - geo
Match Property MapStatement - Rule statement used to identify web requests based on country of origin. See
geo_match_statement
below for details. - ip
Set Property MapReference Statement - Rule statement used to detect web requests coming from particular IP addresses or address ranges. See
ip_set_reference_statement
below for details. - label
Match Property MapStatement - Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statement
below for details. - managed
Rule Property MapGroup Statement - Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See
managed_rule_group_statement
below for details. - not
Statement Property Map - Logical rule statement used to negate the results of another rule statement. See
not_statement
below for details. - or
Statement Property Map - Logical rule statement used to combine other rule statements with OR logic. See
or_statement
below for details. - rate
Based Property MapStatement - Rate-based rule tracks the rate of requests for each originating
IP address
, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any5-minute
time span. This statement can not be nested. Seerate_based_statement
below for details. - regex
Match Property MapStatement - Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statement
below for details. - regex
Pattern Property MapSet Reference Statement - Rule statement used to search web request components for matches with regular expressions. See
regex_pattern_set_reference_statement
below for details. - rule
Group Property MapReference Statement - Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See
rule_group_reference_statement
below for details. - size
Constraint Property MapStatement - Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statement
below for more details. - sqli
Match Property MapStatement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statement
below for details. - xss
Match Property MapStatement - Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statement
below for details.
WebAclRuleStatementAndStatement, WebAclRuleStatementAndStatementArgs
- Statements
List<Web
Acl Rule Statement> - The statements to combine.
- Statements
[]Web
Acl Rule Statement - The statements to combine.
- statements
List<Web
Acl Rule Statement> - The statements to combine.
- statements
Web
Acl Rule Statement[] - The statements to combine.
- statements
Sequence[Web
Acl Rule Statement] - The statements to combine.
- statements List<Property Map>
- The statements to combine.
WebAclRuleStatementByteMatchStatement, WebAclRuleStatementByteMatchStatementArgs
- Positional
Constraint string - Area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - Search
String string - String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - Text
Transformations List<WebAcl Rule Statement Byte Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - Field
To WebMatch Acl Rule Statement Byte Match Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- Positional
Constraint string - Area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - Search
String string - String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - Text
Transformations []WebAcl Rule Statement Byte Match Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - Field
To WebMatch Acl Rule Statement Byte Match Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- positional
Constraint String - Area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - search
String String - String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - text
Transformations List<WebAcl Rule Statement Byte Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To WebMatch Acl Rule Statement Byte Match Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- positional
Constraint string - Area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - search
String string - String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - text
Transformations WebAcl Rule Statement Byte Match Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To WebMatch Acl Rule Statement Byte Match Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- positional_
constraint str - Area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - search_
string str - String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - text_
transformations Sequence[WebAcl Rule Statement Byte Match Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field_
to_ Webmatch Acl Rule Statement Byte Match Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- positional
Constraint String - Area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - search
String String - String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To Property MapMatch - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
WebAclRuleStatementByteMatchStatementFieldToMatch, WebAclRuleStatementByteMatchStatementFieldToMatchArgs
- All
Query WebArguments Acl Rule Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Byte Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Byte Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - Header
Orders List<WebAcl Rule Statement Byte Match Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - Headers
List<Web
Acl Rule Statement Byte Match Statement Field To Match Header> - Inspect the request headers. See
headers
below for details. - Ja3Fingerprint
Web
Acl Rule Statement Byte Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - Json
Body WebAcl Rule Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - Method
Web
Acl Rule Statement Byte Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String WebAcl Rule Statement Byte Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header WebAcl Rule Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - Single
Query WebArgument Acl Rule Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - Uri
Path WebAcl Rule Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- All
Query WebArguments Acl Rule Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Byte Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Byte Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - Header
Orders []WebAcl Rule Statement Byte Match Statement Field To Match Header Order - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - Headers
[]Web
Acl Rule Statement Byte Match Statement Field To Match Header - Inspect the request headers. See
headers
below for details. - Ja3Fingerprint
Web
Acl Rule Statement Byte Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - Json
Body WebAcl Rule Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - Method
Web
Acl Rule Statement Byte Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String WebAcl Rule Statement Byte Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header WebAcl Rule Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - Single
Query WebArgument Acl Rule Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - Uri
Path WebAcl Rule Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query WebArguments Acl Rule Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Byte Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Byte Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header
Orders List<WebAcl Rule Statement Byte Match Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
List<Web
Acl Rule Statement Byte Match Statement Field To Match Header> - Inspect the request headers. See
headers
below for details. - ja3Fingerprint
Web
Acl Rule Statement Byte Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body WebAcl Rule Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Byte Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String WebAcl Rule Statement Byte Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header WebAcl Rule Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single
Query WebArgument Acl Rule Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path WebAcl Rule Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query WebArguments Acl Rule Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Byte Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Byte Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header
Orders WebAcl Rule Statement Byte Match Statement Field To Match Header Order[] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
Web
Acl Rule Statement Byte Match Statement Field To Match Header[] - Inspect the request headers. See
headers
below for details. - ja3Fingerprint
Web
Acl Rule Statement Byte Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body WebAcl Rule Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Byte Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String WebAcl Rule Statement Byte Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header WebAcl Rule Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single
Query WebArgument Acl Rule Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path WebAcl Rule Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all_
query_ Webarguments Acl Rule Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Byte Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Byte Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header_
orders Sequence[WebAcl Rule Statement Byte Match Statement Field To Match Header Order] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
Sequence[Web
Acl Rule Statement Byte Match Statement Field To Match Header] - Inspect the request headers. See
headers
below for details. - ja3_
fingerprint WebAcl Rule Statement Byte Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json_
body WebAcl Rule Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Byte Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query_
string WebAcl Rule Statement Byte Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single_
header WebAcl Rule Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single_
query_ Webargument Acl Rule Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri_
path WebAcl Rule Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body, which immediately follows the request headers. See
body
below for details. - Property Map
- Inspect the cookies in the web request. See
cookies
below for details. - header
Orders List<Property Map> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers List<Property Map>
- Inspect the request headers. See
headers
below for details. - ja3Fingerprint Property Map
- Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body Property Map - Inspect the request body as JSON. See
json_body
for details. - method Property Map
- Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String Property Map - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header Property Map - Inspect a single header. See
single_header
below for details. - single
Query Property MapArgument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path Property Map - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
WebAclRuleStatementByteMatchStatementFieldToMatchBody, WebAclRuleStatementByteMatchStatementFieldToMatchBodyArgs
- Oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- Oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling String - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize_
handling str - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling String - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
WebAclRuleStatementByteMatchStatementFieldToMatchCookies, WebAclRuleStatementByteMatchStatementFieldToMatchCookiesArgs
- Match
Patterns List<WebAcl Rule Statement Byte Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- Match
Patterns []WebAcl Rule Statement Byte Match Statement Field To Match Cookies Match Pattern - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns List<WebAcl Rule Statement Byte Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns WebAcl Rule Statement Byte Match Statement Field To Match Cookies Match Pattern[] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match_
patterns Sequence[WebAcl Rule Statement Byte Match Statement Field To Match Cookies Match Pattern] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match_
scope str - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize_
handling str - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns List<Property Map> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs
- All
Web
Acl Rule Statement Byte Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<string>
- List<string>
- All
Web
Acl Rule Statement Byte Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- []string
- []string
- all
Web
Acl Rule Statement Byte Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
- all
Web
Acl Rule Statement Byte Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- string[]
- string[]
- all
Web
Acl Rule Statement Byte Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Sequence[str]
- Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
WebAclRuleStatementByteMatchStatementFieldToMatchHeader, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderArgs
- Match
Pattern WebAcl Rule Statement Byte Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Match
Pattern WebAcl Rule Statement Byte Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern WebAcl Rule Statement Byte Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern WebAcl Rule Statement Byte Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match_
pattern WebAcl Rule Statement Byte Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match_
scope str - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern Property Map - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs
- All
Web
Acl Rule Statement Byte Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers List<string> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers List<string> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- All
Web
Acl Rule Statement Byte Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers []string - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers []string - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Byte Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Byte Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers string[] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers string[] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Byte Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded_
headers Sequence[str] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included_
headers Sequence[str] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementByteMatchStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback_
behavior str - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody, WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyArgs
- Match
Pattern WebAcl Rule Statement Byte Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- Match
Pattern WebAcl Rule Statement Byte Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern WebAcl Rule Statement Byte Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern WebAcl Rule Statement Byte Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match_
pattern WebAcl Rule Statement Byte Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match_
scope str - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid_
fallback_ strbehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize_
handling str - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern Property Map - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Web
Acl Rule Statement Byte Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths List<string>
- All
Web
Acl Rule Statement Byte Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths []string
- all
Web
Acl Rule Statement Byte Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
- all
Web
Acl Rule Statement Byte Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths string[]
- all
Web
Acl Rule Statement Byte Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included_
paths Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeaderArgs
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
WebAclRuleStatementByteMatchStatementTextTransformation, WebAclRuleStatementByteMatchStatementTextTransformationArgs
- Priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- Transformation to apply, please refer to the Text Transformation documentation for more details.
WebAclRuleStatementGeoMatchStatement, WebAclRuleStatementGeoMatchStatementArgs
- Country
Codes List<string> - Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - Forwarded
Ip WebConfig Acl Rule Statement Geo Match Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
forwarded_ip_config
below for details.
- Country
Codes []string - Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - Forwarded
Ip WebConfig Acl Rule Statement Geo Match Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
forwarded_ip_config
below for details.
- country
Codes List<String> - Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - forwarded
Ip WebConfig Acl Rule Statement Geo Match Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
forwarded_ip_config
below for details.
- country
Codes string[] - Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - forwarded
Ip WebConfig Acl Rule Statement Geo Match Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
forwarded_ip_config
below for details.
- country_
codes Sequence[str] - Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - forwarded_
ip_ Webconfig Acl Rule Statement Geo Match Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
forwarded_ip_config
below for details.
- country
Codes List<String> - Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - forwarded
Ip Property MapConfig - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
forwarded_ip_config
below for details.
WebAclRuleStatementGeoMatchStatementForwardedIpConfig, WebAclRuleStatementGeoMatchStatementForwardedIpConfigArgs
- Fallback
Behavior string - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - Header
Name string - Name of the HTTP header to use for the IP address.
- Fallback
Behavior string - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - Header
Name string - Name of the HTTP header to use for the IP address.
- fallback
Behavior String - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name String - Name of the HTTP header to use for the IP address.
- fallback
Behavior string - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name string - Name of the HTTP header to use for the IP address.
- fallback_
behavior str - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header_
name str - Name of the HTTP header to use for the IP address.
- fallback
Behavior String - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name String - Name of the HTTP header to use for the IP address.
WebAclRuleStatementIpSetReferenceStatement, WebAclRuleStatementIpSetReferenceStatementArgs
- Arn string
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- Ip
Set WebForwarded Ip Config Acl Rule Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
ip_set_forwarded_ip_config
below for more details.
- Arn string
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- Ip
Set WebForwarded Ip Config Acl Rule Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
ip_set_forwarded_ip_config
below for more details.
- arn String
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- ip
Set WebForwarded Ip Config Acl Rule Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
ip_set_forwarded_ip_config
below for more details.
- arn string
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- ip
Set WebForwarded Ip Config Acl Rule Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
ip_set_forwarded_ip_config
below for more details.
- arn str
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- ip_
set_ Webforwarded_ ip_ config Acl Rule Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
ip_set_forwarded_ip_config
below for more details.
- arn String
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- ip
Set Property MapForwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
ip_set_forwarded_ip_config
below for more details.
WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig, WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs
- Fallback
Behavior string - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - Header
Name string - Name of the HTTP header to use for the IP address.
- Position string
- Position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- Fallback
Behavior string - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - Header
Name string - Name of the HTTP header to use for the IP address.
- Position string
- Position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- fallback
Behavior String - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name String - Name of the HTTP header to use for the IP address.
- position String
- Position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- fallback
Behavior string - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name string - Name of the HTTP header to use for the IP address.
- position string
- Position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- fallback_
behavior str - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header_
name str - Name of the HTTP header to use for the IP address.
- position str
- Position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- fallback
Behavior String - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name String - Name of the HTTP header to use for the IP address.
- position String
- Position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
WebAclRuleStatementLabelMatchStatement, WebAclRuleStatementLabelMatchStatementArgs
WebAclRuleStatementManagedRuleGroupStatement, WebAclRuleStatementManagedRuleGroupStatementArgs
- Name string
- Name of the managed rule group.
- Vendor
Name string - Name of the managed rule group vendor.
- Managed
Rule List<WebGroup Configs Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config> - Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See
managed_rule_group_configs
for more details - Rule
Action List<WebOverrides Acl Rule Statement Managed Rule Group Statement Rule Action Override> - Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See
rule_action_override
below for details. - Scope
Down WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement - Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See
statement
above for details. - Version string
- Version of the managed rule group. You can set
Version_1.0
orVersion_1.1
etc. If you want to use the default version, do not set anything.
- Name string
- Name of the managed rule group.
- Vendor
Name string - Name of the managed rule group vendor.
- Managed
Rule []WebGroup Configs Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config - Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See
managed_rule_group_configs
for more details - Rule
Action []WebOverrides Acl Rule Statement Managed Rule Group Statement Rule Action Override - Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See
rule_action_override
below for details. - Scope
Down WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement - Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See
statement
above for details. - Version string
- Version of the managed rule group. You can set
Version_1.0
orVersion_1.1
etc. If you want to use the default version, do not set anything.
- name String
- Name of the managed rule group.
- vendor
Name String - Name of the managed rule group vendor.
- managed
Rule List<WebGroup Configs Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config> - Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See
managed_rule_group_configs
for more details - rule
Action List<WebOverrides Acl Rule Statement Managed Rule Group Statement Rule Action Override> - Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See
rule_action_override
below for details. - scope
Down WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement - Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See
statement
above for details. - version String
- Version of the managed rule group. You can set
Version_1.0
orVersion_1.1
etc. If you want to use the default version, do not set anything.
- name string
- Name of the managed rule group.
- vendor
Name string - Name of the managed rule group vendor.
- managed
Rule WebGroup Configs Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config[] - Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See
managed_rule_group_configs
for more details - rule
Action WebOverrides Acl Rule Statement Managed Rule Group Statement Rule Action Override[] - Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See
rule_action_override
below for details. - scope
Down WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement - Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See
statement
above for details. - version string
- Version of the managed rule group. You can set
Version_1.0
orVersion_1.1
etc. If you want to use the default version, do not set anything.
- name str
- Name of the managed rule group.
- vendor_
name str - Name of the managed rule group vendor.
- managed_
rule_ Sequence[Webgroup_ configs Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config] - Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See
managed_rule_group_configs
for more details - rule_
action_ Sequence[Weboverrides Acl Rule Statement Managed Rule Group Statement Rule Action Override] - Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See
rule_action_override
below for details. - scope_
down_ Webstatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement - Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See
statement
above for details. - version str
- Version of the managed rule group. You can set
Version_1.0
orVersion_1.1
etc. If you want to use the default version, do not set anything.
- name String
- Name of the managed rule group.
- vendor
Name String - Name of the managed rule group vendor.
- managed
Rule List<Property Map>Group Configs - Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See
managed_rule_group_configs
for more details - rule
Action List<Property Map>Overrides - Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See
rule_action_override
below for details. - scope
Down Property MapStatement - Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See
statement
above for details. - version String
- Version of the managed rule group. You can set
Version_1.0
orVersion_1.1
etc. If you want to use the default version, do not set anything.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs
- Aws
Managed WebRules Acfp Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set - Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client.
- Aws
Managed WebRules Atp Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set - Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.
- Aws
Managed WebRules Bot Control Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Bot Control Rule Set - Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See
aws_managed_rules_bot_control_rule_set
for more details - Login
Path string - The path of the login endpoint for your application.
- Password
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Password Field - Details about your login page password field. See
password_field
for more details. - Payload
Type string - The payload type for your login endpoint, either JSON or form encoded.
- Username
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Username Field - Details about your login page username field. See
username_field
for more details.
- Aws
Managed WebRules Acfp Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set - Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client.
- Aws
Managed WebRules Atp Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set - Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.
- Aws
Managed WebRules Bot Control Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Bot Control Rule Set - Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See
aws_managed_rules_bot_control_rule_set
for more details - Login
Path string - The path of the login endpoint for your application.
- Password
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Password Field - Details about your login page password field. See
password_field
for more details. - Payload
Type string - The payload type for your login endpoint, either JSON or form encoded.
- Username
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Username Field - Details about your login page username field. See
username_field
for more details.
- aws
Managed WebRules Acfp Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set - Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client.
- aws
Managed WebRules Atp Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set - Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.
- aws
Managed WebRules Bot Control Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Bot Control Rule Set - Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See
aws_managed_rules_bot_control_rule_set
for more details - login
Path String - The path of the login endpoint for your application.
- password
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Password Field - Details about your login page password field. See
password_field
for more details. - payload
Type String - The payload type for your login endpoint, either JSON or form encoded.
- username
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Username Field - Details about your login page username field. See
username_field
for more details.
- aws
Managed WebRules Acfp Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set - Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client.
- aws
Managed WebRules Atp Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set - Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.
- aws
Managed WebRules Bot Control Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Bot Control Rule Set - Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See
aws_managed_rules_bot_control_rule_set
for more details - login
Path string - The path of the login endpoint for your application.
- password
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Password Field - Details about your login page password field. See
password_field
for more details. - payload
Type string - The payload type for your login endpoint, either JSON or form encoded.
- username
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Username Field - Details about your login page username field. See
username_field
for more details.
- aws_
managed_ Webrules_ acfp_ rule_ set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set - Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client.
- aws_
managed_ Webrules_ atp_ rule_ set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set - Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.
- aws_
managed_ Webrules_ bot_ control_ rule_ set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Bot Control Rule Set - Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See
aws_managed_rules_bot_control_rule_set
for more details - login_
path str - The path of the login endpoint for your application.
- password_
field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Password Field - Details about your login page password field. See
password_field
for more details. - payload_
type str - The payload type for your login endpoint, either JSON or form encoded.
- username_
field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Username Field - Details about your login page username field. See
username_field
for more details.
- aws
Managed Property MapRules Acfp Rule Set - Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client.
- aws
Managed Property MapRules Atp Rule Set - Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.
- aws
Managed Property MapRules Bot Control Rule Set - Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See
aws_managed_rules_bot_control_rule_set
for more details - login
Path String - The path of the login endpoint for your application.
- password
Field Property Map - Details about your login page password field. See
password_field
for more details. - payload
Type String - The payload type for your login endpoint, either JSON or form encoded.
- username
Field Property Map - Details about your login page username field. See
username_field
for more details.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetArgs
- Creation
Path string - The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
- Registration
Page stringPath - The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
- Request
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection - The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See
request_inspection
for more details. - Enable
Regex boolIn Path - Whether or not to allow the use of regular expressions in the login page path.
- Response
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection - The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See
response_inspection
for more details.
- Creation
Path string - The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
- Registration
Page stringPath - The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
- Request
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection - The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See
request_inspection
for more details. - Enable
Regex boolIn Path - Whether or not to allow the use of regular expressions in the login page path.
- Response
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection - The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See
response_inspection
for more details.
- creation
Path String - The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
- registration
Page StringPath - The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
- request
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection - The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See
request_inspection
for more details. - enable
Regex BooleanIn Path - Whether or not to allow the use of regular expressions in the login page path.
- response
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection - The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See
response_inspection
for more details.
- creation
Path string - The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
- registration
Page stringPath - The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
- request
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection - The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See
request_inspection
for more details. - enable
Regex booleanIn Path - Whether or not to allow the use of regular expressions in the login page path.
- response
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection - The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See
response_inspection
for more details.
- creation_
path str - The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
- registration_
page_ strpath - The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
- request_
inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection - The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See
request_inspection
for more details. - enable_
regex_ boolin_ path - Whether or not to allow the use of regular expressions in the login page path.
- response_
inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection - The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See
response_inspection
for more details.
- creation
Path String - The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
- registration
Page StringPath - The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
- request
Inspection Property Map - The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See
request_inspection
for more details. - enable
Regex BooleanIn Path - Whether or not to allow the use of regular expressions in the login page path.
- response
Inspection Property Map - The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See
response_inspection
for more details.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionArgs
- Payload
Type string - The payload type for your login endpoint, either JSON or form encoded.
- Address
Fields WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Address Fields - The names of the fields in the request payload that contain your customer's primary physical address. See
address_fields
for more details. - Email
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Email Field - The name of the field in the request payload that contains your customer's email. See
email_field
for more details. - Password
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Password Field - Details about your login page password field. See
password_field
for more details. - Phone
Number WebFields Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Phone Number Fields - The names of the fields in the request payload that contain your customer's primary phone number. See
phone_number_fields
for more details. - Username
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Username Field - Details about your login page username field. See
username_field
for more details.
- Payload
Type string - The payload type for your login endpoint, either JSON or form encoded.
- Address
Fields WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Address Fields - The names of the fields in the request payload that contain your customer's primary physical address. See
address_fields
for more details. - Email
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Email Field - The name of the field in the request payload that contains your customer's email. See
email_field
for more details. - Password
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Password Field - Details about your login page password field. See
password_field
for more details. - Phone
Number WebFields Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Phone Number Fields - The names of the fields in the request payload that contain your customer's primary phone number. See
phone_number_fields
for more details. - Username
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Username Field - Details about your login page username field. See
username_field
for more details.
- payload
Type String - The payload type for your login endpoint, either JSON or form encoded.
- address
Fields WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Address Fields - The names of the fields in the request payload that contain your customer's primary physical address. See
address_fields
for more details. - email
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Email Field - The name of the field in the request payload that contains your customer's email. See
email_field
for more details. - password
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Password Field - Details about your login page password field. See
password_field
for more details. - phone
Number WebFields Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Phone Number Fields - The names of the fields in the request payload that contain your customer's primary phone number. See
phone_number_fields
for more details. - username
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Username Field - Details about your login page username field. See
username_field
for more details.
- payload
Type string - The payload type for your login endpoint, either JSON or form encoded.
- address
Fields WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Address Fields - The names of the fields in the request payload that contain your customer's primary physical address. See
address_fields
for more details. - email
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Email Field - The name of the field in the request payload that contains your customer's email. See
email_field
for more details. - password
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Password Field - Details about your login page password field. See
password_field
for more details. - phone
Number WebFields Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Phone Number Fields - The names of the fields in the request payload that contain your customer's primary phone number. See
phone_number_fields
for more details. - username
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Username Field - Details about your login page username field. See
username_field
for more details.
- payload_
type str - The payload type for your login endpoint, either JSON or form encoded.
- address_
fields WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Address Fields - The names of the fields in the request payload that contain your customer's primary physical address. See
address_fields
for more details. - email_
field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Email Field - The name of the field in the request payload that contains your customer's email. See
email_field
for more details. - password_
field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Password Field - Details about your login page password field. See
password_field
for more details. - phone_
number_ Webfields Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Phone Number Fields - The names of the fields in the request payload that contain your customer's primary phone number. See
phone_number_fields
for more details. - username_
field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Username Field - Details about your login page username field. See
username_field
for more details.
- payload
Type String - The payload type for your login endpoint, either JSON or form encoded.
- address
Fields Property Map - The names of the fields in the request payload that contain your customer's primary physical address. See
address_fields
for more details. - email
Field Property Map - The name of the field in the request payload that contains your customer's email. See
email_field
for more details. - password
Field Property Map - Details about your login page password field. See
password_field
for more details. - phone
Number Property MapFields - The names of the fields in the request payload that contain your customer's primary phone number. See
phone_number_fields
for more details. - username
Field Property Map - Details about your login page username field. See
username_field
for more details.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFieldsArgs
- Identifiers List<string>
- Identifiers []string
- identifiers List<String>
- identifiers string[]
- identifiers Sequence[str]
- identifiers List<String>
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailFieldArgs
- Identifier string
- The name of the field in the request payload that contains your customer's email.
- Identifier string
- The name of the field in the request payload that contains your customer's email.
- identifier String
- The name of the field in the request payload that contains your customer's email.
- identifier string
- The name of the field in the request payload that contains your customer's email.
- identifier str
- The name of the field in the request payload that contains your customer's email.
- identifier String
- The name of the field in the request payload that contains your customer's email.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordFieldArgs
- Identifier string
- The name of the password field.
- Identifier string
- The name of the password field.
- identifier String
- The name of the password field.
- identifier string
- The name of the password field.
- identifier str
- The name of the password field.
- identifier String
- The name of the password field.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFieldsArgs
- Identifiers List<string>
- Identifiers []string
- identifiers List<String>
- identifiers string[]
- identifiers Sequence[str]
- identifiers List<String>
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameFieldArgs
- Identifier string
- The name of the username field.
- Identifier string
- The name of the username field.
- identifier String
- The name of the username field.
- identifier string
- The name of the username field.
- identifier str
- The name of the username field.
- identifier String
- The name of the username field.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionArgs
- Body
Contains WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Body Contains - Configures inspection of the response body. See
body_contains
for more details. - Header
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Header - Configures inspection of the response header.See
header
for more details. - Json
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Json - Configures inspection of the response JSON. See
json
for more details. - Status
Code WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Status Code - Configures inspection of the response status code.See
status_code
for more details.
- Body
Contains WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Body Contains - Configures inspection of the response body. See
body_contains
for more details. - Header
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Header - Configures inspection of the response header.See
header
for more details. - Json
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Json - Configures inspection of the response JSON. See
json
for more details. - Status
Code WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Status Code - Configures inspection of the response status code.See
status_code
for more details.
- body
Contains WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Body Contains - Configures inspection of the response body. See
body_contains
for more details. - header
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Header - Configures inspection of the response header.See
header
for more details. - json
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Json - Configures inspection of the response JSON. See
json
for more details. - status
Code WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Status Code - Configures inspection of the response status code.See
status_code
for more details.
- body
Contains WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Body Contains - Configures inspection of the response body. See
body_contains
for more details. - header
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Header - Configures inspection of the response header.See
header
for more details. - json
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Json - Configures inspection of the response JSON. See
json
for more details. - status
Code WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Status Code - Configures inspection of the response status code.See
status_code
for more details.
- body_
contains WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Body Contains - Configures inspection of the response body. See
body_contains
for more details. - header
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Header - Configures inspection of the response header.See
header
for more details. - json
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Json - Configures inspection of the response JSON. See
json
for more details. - status_
code WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Status Code - Configures inspection of the response status code.See
status_code
for more details.
- body
Contains Property Map - Configures inspection of the response body. See
body_contains
for more details. - header Property Map
- Configures inspection of the response header.See
header
for more details. - json Property Map
- Configures inspection of the response JSON. See
json
for more details. - status
Code Property Map - Configures inspection of the response status code.See
status_code
for more details.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContainsArgs
- Failure
Strings List<string> - Strings in the body of the response that indicate a failed login attempt.
- Success
Strings List<string> - Strings in the body of the response that indicate a successful login attempt.
- Failure
Strings []string - Strings in the body of the response that indicate a failed login attempt.
- Success
Strings []string - Strings in the body of the response that indicate a successful login attempt.
- failure
Strings List<String> - Strings in the body of the response that indicate a failed login attempt.
- success
Strings List<String> - Strings in the body of the response that indicate a successful login attempt.
- failure
Strings string[] - Strings in the body of the response that indicate a failed login attempt.
- success
Strings string[] - Strings in the body of the response that indicate a successful login attempt.
- failure_
strings Sequence[str] - Strings in the body of the response that indicate a failed login attempt.
- success_
strings Sequence[str] - Strings in the body of the response that indicate a successful login attempt.
- failure
Strings List<String> - Strings in the body of the response that indicate a failed login attempt.
- success
Strings List<String> - Strings in the body of the response that indicate a successful login attempt.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeaderArgs
- Failure
Values List<string> - Values in the response header with the specified name that indicate a failed login attempt.
- Name string
- The name of the header to use.
- Success
Values List<string> - Values in the response header with the specified name that indicate a successful login attempt.
- Failure
Values []string - Values in the response header with the specified name that indicate a failed login attempt.
- Name string
- The name of the header to use.
- Success
Values []string - Values in the response header with the specified name that indicate a successful login attempt.
- failure
Values List<String> - Values in the response header with the specified name that indicate a failed login attempt.
- name String
- The name of the header to use.
- success
Values List<String> - Values in the response header with the specified name that indicate a successful login attempt.
- failure
Values string[] - Values in the response header with the specified name that indicate a failed login attempt.
- name string
- The name of the header to use.
- success
Values string[] - Values in the response header with the specified name that indicate a successful login attempt.
- failure_
values Sequence[str] - Values in the response header with the specified name that indicate a failed login attempt.
- name str
- The name of the header to use.
- success_
values Sequence[str] - Values in the response header with the specified name that indicate a successful login attempt.
- failure
Values List<String> - Values in the response header with the specified name that indicate a failed login attempt.
- name String
- The name of the header to use.
- success
Values List<String> - Values in the response header with the specified name that indicate a successful login attempt.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJsonArgs
- Failure
Values List<string> - Values in the response header with the specified name that indicate a failed login attempt.
- Identifier string
- The identifier for the value to match against in the JSON.
- Success
Values List<string> - Values in the response header with the specified name that indicate a successful login attempt.
- Failure
Values []string - Values in the response header with the specified name that indicate a failed login attempt.
- Identifier string
- The identifier for the value to match against in the JSON.
- Success
Values []string - Values in the response header with the specified name that indicate a successful login attempt.
- failure
Values List<String> - Values in the response header with the specified name that indicate a failed login attempt.
- identifier String
- The identifier for the value to match against in the JSON.
- success
Values List<String> - Values in the response header with the specified name that indicate a successful login attempt.
- failure
Values string[] - Values in the response header with the specified name that indicate a failed login attempt.
- identifier string
- The identifier for the value to match against in the JSON.
- success
Values string[] - Values in the response header with the specified name that indicate a successful login attempt.
- failure_
values Sequence[str] - Values in the response header with the specified name that indicate a failed login attempt.
- identifier str
- The identifier for the value to match against in the JSON.
- success_
values Sequence[str] - Values in the response header with the specified name that indicate a successful login attempt.
- failure
Values List<String> - Values in the response header with the specified name that indicate a failed login attempt.
- identifier String
- The identifier for the value to match against in the JSON.
- success
Values List<String> - Values in the response header with the specified name that indicate a successful login attempt.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCodeArgs
- Failure
Codes List<int> - Status codes in the response that indicate a failed login attempt.
- Success
Codes List<int> - Status codes in the response that indicate a successful login attempt.
- Failure
Codes []int - Status codes in the response that indicate a failed login attempt.
- Success
Codes []int - Status codes in the response that indicate a successful login attempt.
- failure
Codes List<Integer> - Status codes in the response that indicate a failed login attempt.
- success
Codes List<Integer> - Status codes in the response that indicate a successful login attempt.
- failure
Codes number[] - Status codes in the response that indicate a failed login attempt.
- success
Codes number[] - Status codes in the response that indicate a successful login attempt.
- failure_
codes Sequence[int] - Status codes in the response that indicate a failed login attempt.
- success_
codes Sequence[int] - Status codes in the response that indicate a successful login attempt.
- failure
Codes List<Number> - Status codes in the response that indicate a failed login attempt.
- success
Codes List<Number> - Status codes in the response that indicate a successful login attempt.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetArgs
- Login
Path string - The path of the login endpoint for your application.
- Enable
Regex boolIn Path - Whether or not to allow the use of regular expressions in the login page path.
- Request
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Request Inspection - The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See
request_inspection
for more details. - Response
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection - The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See
response_inspection
for more details.
- Login
Path string - The path of the login endpoint for your application.
- Enable
Regex boolIn Path - Whether or not to allow the use of regular expressions in the login page path.
- Request
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Request Inspection - The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See
request_inspection
for more details. - Response
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection - The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See
response_inspection
for more details.
- login
Path String - The path of the login endpoint for your application.
- enable
Regex BooleanIn Path - Whether or not to allow the use of regular expressions in the login page path.
- request
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Request Inspection - The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See
request_inspection
for more details. - response
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection - The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See
response_inspection
for more details.
- login
Path string - The path of the login endpoint for your application.
- enable
Regex booleanIn Path - Whether or not to allow the use of regular expressions in the login page path.
- request
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Request Inspection - The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See
request_inspection
for more details. - response
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection - The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See
response_inspection
for more details.
- login_
path str - The path of the login endpoint for your application.
- enable_
regex_ boolin_ path - Whether or not to allow the use of regular expressions in the login page path.
- request_
inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Request Inspection - The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See
request_inspection
for more details. - response_
inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection - The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See
response_inspection
for more details.
- login
Path String - The path of the login endpoint for your application.
- enable
Regex BooleanIn Path - Whether or not to allow the use of regular expressions in the login page path.
- request
Inspection Property Map - The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See
request_inspection
for more details. - response
Inspection Property Map - The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See
response_inspection
for more details.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionArgs
- Password
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Request Inspection Password Field - Details about your login page password field. See
password_field
for more details. - Payload
Type string - The payload type for your login endpoint, either JSON or form encoded.
- Username
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Request Inspection Username Field - Details about your login page username field. See
username_field
for more details.
- Password
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Request Inspection Password Field - Details about your login page password field. See
password_field
for more details. - Payload
Type string - The payload type for your login endpoint, either JSON or form encoded.
- Username
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Request Inspection Username Field - Details about your login page username field. See
username_field
for more details.
- password
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Request Inspection Password Field - Details about your login page password field. See
password_field
for more details. - payload
Type String - The payload type for your login endpoint, either JSON or form encoded.
- username
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Request Inspection Username Field - Details about your login page username field. See
username_field
for more details.
- password
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Request Inspection Password Field - Details about your login page password field. See
password_field
for more details. - payload
Type string - The payload type for your login endpoint, either JSON or form encoded.
- username
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Request Inspection Username Field - Details about your login page username field. See
username_field
for more details.
- password_
field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Request Inspection Password Field - Details about your login page password field. See
password_field
for more details. - payload_
type str - The payload type for your login endpoint, either JSON or form encoded.
- username_
field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Request Inspection Username Field - Details about your login page username field. See
username_field
for more details.
- password
Field Property Map - Details about your login page password field. See
password_field
for more details. - payload
Type String - The payload type for your login endpoint, either JSON or form encoded.
- username
Field Property Map - Details about your login page username field. See
username_field
for more details.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordFieldArgs
- Identifier string
- The name of the password field.
- Identifier string
- The name of the password field.
- identifier String
- The name of the password field.
- identifier string
- The name of the password field.
- identifier str
- The name of the password field.
- identifier String
- The name of the password field.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameFieldArgs
- Identifier string
- The name of the username field.
- Identifier string
- The name of the username field.
- identifier String
- The name of the username field.
- identifier string
- The name of the username field.
- identifier str
- The name of the username field.
- identifier String
- The name of the username field.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionArgs
- Body
Contains WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Body Contains - Configures inspection of the response body. See
body_contains
for more details. - Header
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Header - Configures inspection of the response header.See
header
for more details. - Json
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Json - Configures inspection of the response JSON. See
json
for more details. - Status
Code WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Status Code - Configures inspection of the response status code.See
status_code
for more details.
- Body
Contains WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Body Contains - Configures inspection of the response body. See
body_contains
for more details. - Header
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Header - Configures inspection of the response header.See
header
for more details. - Json
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Json - Configures inspection of the response JSON. See
json
for more details. - Status
Code WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Status Code - Configures inspection of the response status code.See
status_code
for more details.
- body
Contains WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Body Contains - Configures inspection of the response body. See
body_contains
for more details. - header
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Header - Configures inspection of the response header.See
header
for more details. - json
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Json - Configures inspection of the response JSON. See
json
for more details. - status
Code WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Status Code - Configures inspection of the response status code.See
status_code
for more details.
- body
Contains WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Body Contains - Configures inspection of the response body. See
body_contains
for more details. - header
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Header - Configures inspection of the response header.See
header
for more details. - json
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Json - Configures inspection of the response JSON. See
json
for more details. - status
Code WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Status Code - Configures inspection of the response status code.See
status_code
for more details.
- body_
contains WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Body Contains - Configures inspection of the response body. See
body_contains
for more details. - header
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Header - Configures inspection of the response header.See
header
for more details. - json
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Json - Configures inspection of the response JSON. See
json
for more details. - status_
code WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Status Code - Configures inspection of the response status code.See
status_code
for more details.
- body
Contains Property Map - Configures inspection of the response body. See
body_contains
for more details. - header Property Map
- Configures inspection of the response header.See
header
for more details. - json Property Map
- Configures inspection of the response JSON. See
json
for more details. - status
Code Property Map - Configures inspection of the response status code.See
status_code
for more details.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContainsArgs
- Failure
Strings List<string> - Strings in the body of the response that indicate a failed login attempt.
- Success
Strings List<string> - Strings in the body of the response that indicate a successful login attempt.
- Failure
Strings []string - Strings in the body of the response that indicate a failed login attempt.
- Success
Strings []string - Strings in the body of the response that indicate a successful login attempt.
- failure
Strings List<String> - Strings in the body of the response that indicate a failed login attempt.
- success
Strings List<String> - Strings in the body of the response that indicate a successful login attempt.
- failure
Strings string[] - Strings in the body of the response that indicate a failed login attempt.
- success
Strings string[] - Strings in the body of the response that indicate a successful login attempt.
- failure_
strings Sequence[str] - Strings in the body of the response that indicate a failed login attempt.
- success_
strings Sequence[str] - Strings in the body of the response that indicate a successful login attempt.
- failure
Strings List<String> - Strings in the body of the response that indicate a failed login attempt.
- success
Strings List<String> - Strings in the body of the response that indicate a successful login attempt.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeaderArgs
- Failure
Values List<string> - Values in the response header with the specified name that indicate a failed login attempt.
- Name string
- The name of the header to use.
- Success
Values List<string> - Values in the response header with the specified name that indicate a successful login attempt.
- Failure
Values []string - Values in the response header with the specified name that indicate a failed login attempt.
- Name string
- The name of the header to use.
- Success
Values []string - Values in the response header with the specified name that indicate a successful login attempt.
- failure
Values List<String> - Values in the response header with the specified name that indicate a failed login attempt.
- name String
- The name of the header to use.
- success
Values List<String> - Values in the response header with the specified name that indicate a successful login attempt.
- failure
Values string[] - Values in the response header with the specified name that indicate a failed login attempt.
- name string
- The name of the header to use.
- success
Values string[] - Values in the response header with the specified name that indicate a successful login attempt.
- failure_
values Sequence[str] - Values in the response header with the specified name that indicate a failed login attempt.
- name str
- The name of the header to use.
- success_
values Sequence[str] - Values in the response header with the specified name that indicate a successful login attempt.
- failure
Values List<String> - Values in the response header with the specified name that indicate a failed login attempt.
- name String
- The name of the header to use.
- success
Values List<String> - Values in the response header with the specified name that indicate a successful login attempt.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJsonArgs
- Failure
Values List<string> - Values in the response header with the specified name that indicate a failed login attempt.
- Identifier string
- The identifier for the value to match against in the JSON.
- Success
Values List<string> - Values in the response header with the specified name that indicate a successful login attempt.
- Failure
Values []string - Values in the response header with the specified name that indicate a failed login attempt.
- Identifier string
- The identifier for the value to match against in the JSON.
- Success
Values []string - Values in the response header with the specified name that indicate a successful login attempt.
- failure
Values List<String> - Values in the response header with the specified name that indicate a failed login attempt.
- identifier String
- The identifier for the value to match against in the JSON.
- success
Values List<String> - Values in the response header with the specified name that indicate a successful login attempt.
- failure
Values string[] - Values in the response header with the specified name that indicate a failed login attempt.
- identifier string
- The identifier for the value to match against in the JSON.
- success
Values string[] - Values in the response header with the specified name that indicate a successful login attempt.
- failure_
values Sequence[str] - Values in the response header with the specified name that indicate a failed login attempt.
- identifier str
- The identifier for the value to match against in the JSON.
- success_
values Sequence[str] - Values in the response header with the specified name that indicate a successful login attempt.
- failure
Values List<String> - Values in the response header with the specified name that indicate a failed login attempt.
- identifier String
- The identifier for the value to match against in the JSON.
- success
Values List<String> - Values in the response header with the specified name that indicate a successful login attempt.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCodeArgs
- Failure
Codes List<int> - Status codes in the response that indicate a failed login attempt.
- Success
Codes List<int> - Status codes in the response that indicate a successful login attempt.
- Failure
Codes []int - Status codes in the response that indicate a failed login attempt.
- Success
Codes []int - Status codes in the response that indicate a successful login attempt.
- failure
Codes List<Integer> - Status codes in the response that indicate a failed login attempt.
- success
Codes List<Integer> - Status codes in the response that indicate a successful login attempt.
- failure
Codes number[] - Status codes in the response that indicate a failed login attempt.
- success
Codes number[] - Status codes in the response that indicate a successful login attempt.
- failure_
codes Sequence[int] - Status codes in the response that indicate a failed login attempt.
- success_
codes Sequence[int] - Status codes in the response that indicate a successful login attempt.
- failure
Codes List<Number> - Status codes in the response that indicate a failed login attempt.
- success
Codes List<Number> - Status codes in the response that indicate a successful login attempt.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSetArgs
- Inspection
Level string - The inspection level to use for the Bot Control rule group.
- Enable
Machine boolLearning - Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to
true
.
- Inspection
Level string - The inspection level to use for the Bot Control rule group.
- Enable
Machine boolLearning - Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to
true
.
- inspection
Level String - The inspection level to use for the Bot Control rule group.
- enable
Machine BooleanLearning - Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to
true
.
- inspection
Level string - The inspection level to use for the Bot Control rule group.
- enable
Machine booleanLearning - Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to
true
.
- inspection_
level str - The inspection level to use for the Bot Control rule group.
- enable_
machine_ boollearning - Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to
true
.
- inspection
Level String - The inspection level to use for the Bot Control rule group.
- enable
Machine BooleanLearning - Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to
true
.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordFieldArgs
- Identifier string
- The name of the password field.
- Identifier string
- The name of the password field.
- identifier String
- The name of the password field.
- identifier string
- The name of the password field.
- identifier str
- The name of the password field.
- identifier String
- The name of the password field.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameFieldArgs
- Identifier string
- The name of the username field.
- Identifier string
- The name of the username field.
- identifier String
- The name of the username field.
- identifier string
- The name of the username field.
- identifier str
- The name of the username field.
- identifier String
- The name of the username field.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideArgs
- Action
To WebUse Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use - Override action to use, in place of the configured action of the rule in the rule group. See
action
for details. - Name string
- Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.
- Action
To WebUse Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use - Override action to use, in place of the configured action of the rule in the rule group. See
action
for details. - Name string
- Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.
- action
To WebUse Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use - Override action to use, in place of the configured action of the rule in the rule group. See
action
for details. - name String
- Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.
- action
To WebUse Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use - Override action to use, in place of the configured action of the rule in the rule group. See
action
for details. - name string
- Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.
- action_
to_ Webuse Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use - Override action to use, in place of the configured action of the rule in the rule group. See
action
for details. - name str
- Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.
- action
To Property MapUse - Override action to use, in place of the configured action of the rule in the rule group. See
action
for details. - name String
- Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseArgs
- Allow
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow - Block
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block - Captcha
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha - Instructs AWS WAF to run a Captcha check against the web request. See
captcha
below for details. - Challenge
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge - Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See
challenge
below for details. - Count
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count
- Allow
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow - Block
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block - Captcha
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha - Instructs AWS WAF to run a Captcha check against the web request. See
captcha
below for details. - Challenge
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge - Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See
challenge
below for details. - Count
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count
- allow
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow - block
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block - captcha
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha - Instructs AWS WAF to run a Captcha check against the web request. See
captcha
below for details. - challenge
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge - Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See
challenge
below for details. - count
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count
- allow
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow - block
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block - captcha
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha - Instructs AWS WAF to run a Captcha check against the web request. See
captcha
below for details. - challenge
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge - Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See
challenge
below for details. - count
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count
- allow
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow - block
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block - captcha
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha - Instructs AWS WAF to run a Captcha check against the web request. See
captcha
below for details. - challenge
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge - Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See
challenge
below for details. - count
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count
- allow Property Map
- block Property Map
- captcha Property Map
- Instructs AWS WAF to run a Captcha check against the web request. See
captcha
below for details. - challenge Property Map
- Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See
challenge
below for details. - count Property Map
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowArgs
- Custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- Custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom_
request_ Webhandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request Property MapHandling - Defines custom handling for the web request. See
custom_request_handling
below for details.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- Insert
Headers []WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow Custom Request Handling Insert Header - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers List<WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow Custom Request Handling Insert Header[] - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert_
headers Sequence[WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow Custom Request Handling Insert Header] - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers List<Property Map> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
- name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value string
- Value of the custom header.
- name str
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value str
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockArgs
- Custom
Response WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block Custom Response - Defines a custom response for the web request. See
custom_response
below for details.
- Custom
Response WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block Custom Response - Defines a custom response for the web request. See
custom_response
below for details.
- custom
Response WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block Custom Response - Defines a custom response for the web request. See
custom_response
below for details.
- custom
Response WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block Custom Response - Defines a custom response for the web request. See
custom_response
below for details.
- custom_
response WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block Custom Response - Defines a custom response for the web request. See
custom_response
below for details.
- custom
Response Property Map - Defines a custom response for the web request. See
custom_response
below for details.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseArgs
- Response
Code int - The HTTP status code to return to the client.
- Custom
Response stringBody Key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - Response
Headers List<WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block Custom Response Response Header> - The
response_header
blocks used to define the HTTP response headers added to the response. Seeresponse_header
below for details.
- Response
Code int - The HTTP status code to return to the client.
- Custom
Response stringBody Key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - Response
Headers []WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block Custom Response Response Header - The
response_header
blocks used to define the HTTP response headers added to the response. Seeresponse_header
below for details.
- response
Code Integer - The HTTP status code to return to the client.
- custom
Response StringBody Key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - response
Headers List<WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block Custom Response Response Header> - The
response_header
blocks used to define the HTTP response headers added to the response. Seeresponse_header
below for details.
- response
Code number - The HTTP status code to return to the client.
- custom
Response stringBody Key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - response
Headers WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block Custom Response Response Header[] - The
response_header
blocks used to define the HTTP response headers added to the response. Seeresponse_header
below for details.
- response_
code int - The HTTP status code to return to the client.
- custom_
response_ strbody_ key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - response_
headers Sequence[WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block Custom Response Response Header] - The
response_header
blocks used to define the HTTP response headers added to the response. Seeresponse_header
below for details.
- response
Code Number - The HTTP status code to return to the client.
- custom
Response StringBody Key - References the response body that you want AWS WAF to return to the web request client. This must reference a
key
defined in acustom_response_body
block of this resource. - response
Headers List<Property Map> - The
response_header
blocks used to define the HTTP response headers added to the response. Seeresponse_header
below for details.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
- name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value string
- Value of the custom header.
- name str
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value str
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaArgs
- Custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- Custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom_
request_ Webhandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request Property MapHandling - Defines custom handling for the web request. See
custom_request_handling
below for details.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- Insert
Headers []WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha Custom Request Handling Insert Header - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers List<WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha Custom Request Handling Insert Header[] - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert_
headers Sequence[WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha Custom Request Handling Insert Header] - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers List<Property Map> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
- name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value string
- Value of the custom header.
- name str
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value str
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeArgs
- Custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- Custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom_
request_ Webhandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request Property MapHandling - Defines custom handling for the web request. See
custom_request_handling
below for details.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- Insert
Headers []WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge Custom Request Handling Insert Header - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers List<WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge Custom Request Handling Insert Header[] - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert_
headers Sequence[WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge Custom Request Handling Insert Header] - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers List<Property Map> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
- name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value string
- Value of the custom header.
- name str
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value str
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountArgs
- Custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- Custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom_
request_ Webhandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count Custom Request Handling - Defines custom handling for the web request. See
custom_request_handling
below for details.
- custom
Request Property MapHandling - Defines custom handling for the web request. See
custom_request_handling
below for details.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- Insert
Headers []WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count Custom Request Handling Insert Header - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers List<WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count Custom Request Handling Insert Header> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count Custom Request Handling Insert Header[] - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert_
headers Sequence[WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count Custom Request Handling Insert Header] - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
- insert
Headers List<Property Map> - The
insert_header
blocks used to define HTTP headers added to the request. Seeinsert_header
below for details.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- Name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - Value string
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
- name string
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value string
- Value of the custom header.
- name str
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value str
- Value of the custom header.
- name String
- Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-
, to avoid confusion with the headers that are already in the request. For example, for the header namesample
, AWS WAF inserts the headerx-amzn-waf-sample
. - value String
- Value of the custom header.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementArgs
- And
Statement WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement And Statement - Logical rule statement used to combine other rule statements with AND logic. See
and_statement
below for details. - Byte
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement - Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statement
below for details. - Geo
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Geo Match Statement - Rule statement used to identify web requests based on country of origin. See
geo_match_statement
below for details. - Ip
Set WebReference Statement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Ip Set Reference Statement - Rule statement used to detect web requests coming from particular IP addresses or address ranges. See
ip_set_reference_statement
below for details. - Label
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Label Match Statement - Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statement
below for details. - Not
Statement WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Not Statement - Logical rule statement used to negate the results of another rule statement. See
not_statement
below for details. - Or
Statement WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Or Statement - Logical rule statement used to combine other rule statements with OR logic. See
or_statement
below for details. - Regex
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement - Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statement
below for details. - Regex
Pattern WebSet Reference Statement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement - Rule statement used to search web request components for matches with regular expressions. See
regex_pattern_set_reference_statement
below for details. - Size
Constraint WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement - Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statement
below for more details. - Sqli
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statement
below for details. - Xss
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement - Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statement
below for details.
- And
Statement WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement And Statement - Logical rule statement used to combine other rule statements with AND logic. See
and_statement
below for details. - Byte
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement - Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statement
below for details. - Geo
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Geo Match Statement - Rule statement used to identify web requests based on country of origin. See
geo_match_statement
below for details. - Ip
Set WebReference Statement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Ip Set Reference Statement - Rule statement used to detect web requests coming from particular IP addresses or address ranges. See
ip_set_reference_statement
below for details. - Label
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Label Match Statement - Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statement
below for details. - Not
Statement WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Not Statement - Logical rule statement used to negate the results of another rule statement. See
not_statement
below for details. - Or
Statement WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Or Statement - Logical rule statement used to combine other rule statements with OR logic. See
or_statement
below for details. - Regex
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement - Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statement
below for details. - Regex
Pattern WebSet Reference Statement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement - Rule statement used to search web request components for matches with regular expressions. See
regex_pattern_set_reference_statement
below for details. - Size
Constraint WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement - Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statement
below for more details. - Sqli
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statement
below for details. - Xss
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement - Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statement
below for details.
- and
Statement WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement And Statement - Logical rule statement used to combine other rule statements with AND logic. See
and_statement
below for details. - byte
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement - Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statement
below for details. - geo
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Geo Match Statement - Rule statement used to identify web requests based on country of origin. See
geo_match_statement
below for details. - ip
Set WebReference Statement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Ip Set Reference Statement - Rule statement used to detect web requests coming from particular IP addresses or address ranges. See
ip_set_reference_statement
below for details. - label
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Label Match Statement - Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statement
below for details. - not
Statement WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Not Statement - Logical rule statement used to negate the results of another rule statement. See
not_statement
below for details. - or
Statement WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Or Statement - Logical rule statement used to combine other rule statements with OR logic. See
or_statement
below for details. - regex
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement - Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statement
below for details. - regex
Pattern WebSet Reference Statement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement - Rule statement used to search web request components for matches with regular expressions. See
regex_pattern_set_reference_statement
below for details. - size
Constraint WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement - Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statement
below for more details. - sqli
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statement
below for details. - xss
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement - Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statement
below for details.
- and
Statement WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement And Statement - Logical rule statement used to combine other rule statements with AND logic. See
and_statement
below for details. - byte
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement - Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statement
below for details. - geo
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Geo Match Statement - Rule statement used to identify web requests based on country of origin. See
geo_match_statement
below for details. - ip
Set WebReference Statement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Ip Set Reference Statement - Rule statement used to detect web requests coming from particular IP addresses or address ranges. See
ip_set_reference_statement
below for details. - label
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Label Match Statement - Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statement
below for details. - not
Statement WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Not Statement - Logical rule statement used to negate the results of another rule statement. See
not_statement
below for details. - or
Statement WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Or Statement - Logical rule statement used to combine other rule statements with OR logic. See
or_statement
below for details. - regex
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement - Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statement
below for details. - regex
Pattern WebSet Reference Statement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement - Rule statement used to search web request components for matches with regular expressions. See
regex_pattern_set_reference_statement
below for details. - size
Constraint WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement - Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statement
below for more details. - sqli
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statement
below for details. - xss
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement - Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statement
below for details.
- and_
statement WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement And Statement - Logical rule statement used to combine other rule statements with AND logic. See
and_statement
below for details. - byte_
match_ Webstatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement - Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statement
below for details. - geo_
match_ Webstatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Geo Match Statement - Rule statement used to identify web requests based on country of origin. See
geo_match_statement
below for details. - ip_
set_ Webreference_ statement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Ip Set Reference Statement - Rule statement used to detect web requests coming from particular IP addresses or address ranges. See
ip_set_reference_statement
below for details. - label_
match_ Webstatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Label Match Statement - Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statement
below for details. - not_
statement WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Not Statement - Logical rule statement used to negate the results of another rule statement. See
not_statement
below for details. - or_
statement WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Or Statement - Logical rule statement used to combine other rule statements with OR logic. See
or_statement
below for details. - regex_
match_ Webstatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement - Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statement
below for details. - regex_
pattern_ Webset_ reference_ statement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement - Rule statement used to search web request components for matches with regular expressions. See
regex_pattern_set_reference_statement
below for details. - size_
constraint_ Webstatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement - Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statement
below for more details. - sqli_
match_ Webstatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statement
below for details. - xss_
match_ Webstatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement - Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statement
below for details.
- and
Statement Property Map - Logical rule statement used to combine other rule statements with AND logic. See
and_statement
below for details. - byte
Match Property MapStatement - Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statement
below for details. - geo
Match Property MapStatement - Rule statement used to identify web requests based on country of origin. See
geo_match_statement
below for details. - ip
Set Property MapReference Statement - Rule statement used to detect web requests coming from particular IP addresses or address ranges. See
ip_set_reference_statement
below for details. - label
Match Property MapStatement - Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statement
below for details. - not
Statement Property Map - Logical rule statement used to negate the results of another rule statement. See
not_statement
below for details. - or
Statement Property Map - Logical rule statement used to combine other rule statements with OR logic. See
or_statement
below for details. - regex
Match Property MapStatement - Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statement
below for details. - regex
Pattern Property MapSet Reference Statement - Rule statement used to search web request components for matches with regular expressions. See
regex_pattern_set_reference_statement
below for details. - size
Constraint Property MapStatement - Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statement
below for more details. - sqli
Match Property MapStatement - An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statement
below for details. - xss
Match Property MapStatement - Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statement
below for details.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementArgs
- Statements
List<Web
Acl Rule Statement> - The statements to combine.
- Statements
[]Web
Acl Rule Statement - The statements to combine.
- statements
List<Web
Acl Rule Statement> - The statements to combine.
- statements
Web
Acl Rule Statement[] - The statements to combine.
- statements
Sequence[Web
Acl Rule Statement] - The statements to combine.
- statements List<Property Map>
- The statements to combine.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementArgs
- Positional
Constraint string - Area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - Search
String string - String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - Text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- Positional
Constraint string - Area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - Search
String string - String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - Text
Transformations []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- positional
Constraint String - Area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - search
String String - String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- positional
Constraint string - Area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - search
String string - String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - text
Transformations WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- positional_
constraint str - Area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - search_
string str - String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - text_
transformations Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field_
to_ Webmatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- positional
Constraint String - Area within the portion of a web request that you want AWS WAF to search for
search_string
. Valid values include the following:EXACTLY
,STARTS_WITH
,ENDS_WITH
,CONTAINS
,CONTAINS_WORD
. See the AWS documentation for more information. - search
String String - String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match
. The maximum length of the value is 50 bytes. - text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To Property MapMatch - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchArgs
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - Header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - Headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header> - Inspect the request headers. See
headers
below for details. - Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - Header
Orders []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Order - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - Headers
[]Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header - Inspect the request headers. See
headers
below for details. - Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header> - Inspect the request headers. See
headers
below for details. - ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header
Orders WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Order[] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header[] - Inspect the request headers. See
headers
below for details. - ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all_
query_ Webarguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header_
orders Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Order] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
Sequence[Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header] - Inspect the request headers. See
headers
below for details. - ja3_
fingerprint WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json_
body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query_
string WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single_
header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single_
query_ Webargument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri_
path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body, which immediately follows the request headers. See
body
below for details. - Property Map
- Inspect the cookies in the web request. See
cookies
below for details. - header
Orders List<Property Map> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers List<Property Map>
- Inspect the request headers. See
headers
below for details. - ja3Fingerprint Property Map
- Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body Property Map - Inspect the request body as JSON. See
json_body
for details. - method Property Map
- Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String Property Map - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header Property Map - Inspect a single header. See
single_header
below for details. - single
Query Property MapArgument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path Property Map - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBodyArgs
- Oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- Oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling String - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize_
handling str - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling String - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesArgs
- Match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- Match
Patterns []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern[] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match_
patterns Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match_
scope str - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize_
handling str - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns List<Property Map> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<string>
- List<string>
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- []string
- []string
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- string[]
- string[]
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Sequence[str]
- Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderArgs
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match_
scope str - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern Property Map - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers List<string> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers List<string> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers []string - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers []string - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers string[] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers string[] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded_
headers Sequence[str] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included_
headers Sequence[str] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback_
behavior str - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyArgs
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match_
scope str - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid_
fallback_ strbehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize_
handling str - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern Property Map - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths List<string>
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths []string
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths string[]
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included_
paths Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeaderArgs
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformationArgs
- Priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- Transformation to apply, please refer to the Text Transformation documentation for more details.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementArgs
- Country
Codes List<string> - Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - Forwarded
Ip WebConfig Acl Rule Statement Managed Rule Group Statement Scope Down Statement Geo Match Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
forwarded_ip_config
below for details.
- Country
Codes []string - Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - Forwarded
Ip WebConfig Acl Rule Statement Managed Rule Group Statement Scope Down Statement Geo Match Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
forwarded_ip_config
below for details.
- country
Codes List<String> - Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - forwarded
Ip WebConfig Acl Rule Statement Managed Rule Group Statement Scope Down Statement Geo Match Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
forwarded_ip_config
below for details.
- country
Codes string[] - Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - forwarded
Ip WebConfig Acl Rule Statement Managed Rule Group Statement Scope Down Statement Geo Match Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
forwarded_ip_config
below for details.
- country_
codes Sequence[str] - Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - forwarded_
ip_ Webconfig Acl Rule Statement Managed Rule Group Statement Scope Down Statement Geo Match Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
forwarded_ip_config
below for details.
- country
Codes List<String> - Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166
international standard. See the documentation for valid values. - forwarded
Ip Property MapConfig - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
forwarded_ip_config
below for details.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfigArgs
- Fallback
Behavior string - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - Header
Name string - Name of the HTTP header to use for the IP address.
- Fallback
Behavior string - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - Header
Name string - Name of the HTTP header to use for the IP address.
- fallback
Behavior String - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name String - Name of the HTTP header to use for the IP address.
- fallback
Behavior string - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name string - Name of the HTTP header to use for the IP address.
- fallback_
behavior str - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header_
name str - Name of the HTTP header to use for the IP address.
- fallback
Behavior String - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name String - Name of the HTTP header to use for the IP address.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementArgs
- Arn string
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- Ip
Set WebForwarded Ip Config Acl Rule Statement Managed Rule Group Statement Scope Down Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
ip_set_forwarded_ip_config
below for more details.
- Arn string
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- Ip
Set WebForwarded Ip Config Acl Rule Statement Managed Rule Group Statement Scope Down Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
ip_set_forwarded_ip_config
below for more details.
- arn String
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- ip
Set WebForwarded Ip Config Acl Rule Statement Managed Rule Group Statement Scope Down Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
ip_set_forwarded_ip_config
below for more details.
- arn string
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- ip
Set WebForwarded Ip Config Acl Rule Statement Managed Rule Group Statement Scope Down Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
ip_set_forwarded_ip_config
below for more details.
- arn str
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- ip_
set_ Webforwarded_ ip_ config Acl Rule Statement Managed Rule Group Statement Scope Down Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
ip_set_forwarded_ip_config
below for more details.
- arn String
- The Amazon Resource Name (ARN) of the IP Set that this statement references.
- ip
Set Property MapForwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
ip_set_forwarded_ip_config
below for more details.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs
- Fallback
Behavior string - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - Header
Name string - Name of the HTTP header to use for the IP address.
- Position string
- Position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- Fallback
Behavior string - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - Header
Name string - Name of the HTTP header to use for the IP address.
- Position string
- Position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- fallback
Behavior String - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name String - Name of the HTTP header to use for the IP address.
- position String
- Position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- fallback
Behavior string - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name string - Name of the HTTP header to use for the IP address.
- position string
- Position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- fallback_
behavior str - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header_
name str - Name of the HTTP header to use for the IP address.
- position str
- Position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- fallback
Behavior String - Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCH
orNO_MATCH
. - header
Name String - Name of the HTTP header to use for the IP address.
- position String
- Position in the header to search for the IP address. Valid values include:
FIRST
,LAST
, orANY
. IfANY
is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatementArgs
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementArgs
- Statements
List<Web
Acl Rule Statement> - The statements to combine.
- Statements
[]Web
Acl Rule Statement - The statements to combine.
- statements
List<Web
Acl Rule Statement> - The statements to combine.
- statements
Web
Acl Rule Statement[] - The statements to combine.
- statements
Sequence[Web
Acl Rule Statement] - The statements to combine.
- statements List<Property Map>
- The statements to combine.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementArgs
- Statements
List<Web
Acl Rule Statement> - The statements to combine.
- Statements
[]Web
Acl Rule Statement - The statements to combine.
- statements
List<Web
Acl Rule Statement> - The statements to combine.
- statements
Web
Acl Rule Statement[] - The statements to combine.
- statements
Sequence[Web
Acl Rule Statement] - The statements to combine.
- statements List<Property Map>
- The statements to combine.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementArgs
- Regex
String string - String representing the regular expression. Minimum of
1
and maximum of512
characters. - Text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- Regex
String string - String representing the regular expression. Minimum of
1
and maximum of512
characters. - Text
Transformations []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- regex
String String - String representing the regular expression. Minimum of
1
and maximum of512
characters. - text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- regex
String string - String representing the regular expression. Minimum of
1
and maximum of512
characters. - text
Transformations WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- regex_
string str - String representing the regular expression. Minimum of
1
and maximum of512
characters. - text_
transformations Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field_
to_ Webmatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match - The part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- regex
String String - String representing the regular expression. Minimum of
1
and maximum of512
characters. - text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To Property MapMatch - The part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchArgs
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - Header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - Headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header> - Inspect the request headers. See
headers
below for details. - Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - Header
Orders []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Order - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - Headers
[]Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header - Inspect the request headers. See
headers
below for details. - Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header> - Inspect the request headers. See
headers
below for details. - ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header
Orders WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Order[] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header[] - Inspect the request headers. See
headers
below for details. - ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all_
query_ Webarguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header_
orders Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Order] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
Sequence[Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header] - Inspect the request headers. See
headers
below for details. - ja3_
fingerprint WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json_
body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query_
string WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single_
header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single_
query_ Webargument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri_
path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body, which immediately follows the request headers. See
body
below for details. - Property Map
- Inspect the cookies in the web request. See
cookies
below for details. - header
Orders List<Property Map> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers List<Property Map>
- Inspect the request headers. See
headers
below for details. - ja3Fingerprint Property Map
- Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body Property Map - Inspect the request body as JSON. See
json_body
for details. - method Property Map
- Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String Property Map - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header Property Map - Inspect a single header. See
single_header
below for details. - single
Query Property MapArgument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path Property Map - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBodyArgs
- Oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- Oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling String - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize_
handling str - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling String - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesArgs
- Match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- Match
Patterns []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern[] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match_
patterns Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match_
scope str - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize_
handling str - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns List<Property Map> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<string>
- List<string>
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- []string
- []string
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- string[]
- string[]
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Sequence[str]
- Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderArgs
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match_
scope str - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern Property Map - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers List<string> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers List<string> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers []string - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers []string - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers string[] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers string[] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded_
headers Sequence[str] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included_
headers Sequence[str] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback_
behavior str - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyArgs
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match_
scope str - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid_
fallback_ strbehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize_
handling str - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern Property Map - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths List<string>
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths []string
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths string[]
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included_
paths Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeaderArgs
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformationArgs
- Priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- Transformation to apply, please refer to the Text Transformation documentation for more details.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementArgs
- Arn string
- The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
- Text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- Arn string
- The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
- Text
Transformations []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- arn String
- The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
- text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- arn string
- The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
- text
Transformations WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- arn str
- The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
- text_
transformations Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field_
to_ Webmatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- arn String
- The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To Property MapMatch - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchArgs
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - Header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - Headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header> - Inspect the request headers. See
headers
below for details. - Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - Header
Orders []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Order - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - Headers
[]Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header - Inspect the request headers. See
headers
below for details. - Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header> - Inspect the request headers. See
headers
below for details. - ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header
Orders WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Order[] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header[] - Inspect the request headers. See
headers
below for details. - ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all_
query_ Webarguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header_
orders Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Order] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
Sequence[Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header] - Inspect the request headers. See
headers
below for details. - ja3_
fingerprint WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json_
body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query_
string WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single_
header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single_
query_ Webargument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri_
path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body, which immediately follows the request headers. See
body
below for details. - Property Map
- Inspect the cookies in the web request. See
cookies
below for details. - header
Orders List<Property Map> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers List<Property Map>
- Inspect the request headers. See
headers
below for details. - ja3Fingerprint Property Map
- Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body Property Map - Inspect the request body as JSON. See
json_body
for details. - method Property Map
- Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String Property Map - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header Property Map - Inspect a single header. See
single_header
below for details. - single
Query Property MapArgument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path Property Map - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBodyArgs
- Oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- Oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling String - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize_
handling str - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling String - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesArgs
- Match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- Match
Patterns []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern[] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match_
patterns Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match_
scope str - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize_
handling str - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns List<Property Map> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<string>
- List<string>
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- []string
- []string
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- string[]
- string[]
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Sequence[str]
- Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderArgs
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match_
scope str - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern Property Map - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers List<string> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers List<string> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers []string - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers []string - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers string[] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers string[] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded_
headers Sequence[str] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included_
headers Sequence[str] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback_
behavior str - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyArgs
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match_
scope str - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid_
fallback_ strbehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize_
handling str - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern Property Map - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths List<string>
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths []string
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths string[]
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included_
paths Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeaderArgs
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformationArgs
- Priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- Transformation to apply, please refer to the Text Transformation documentation for more details.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementArgs
- Comparison
Operator string - Operator to use to compare the request part to the size setting. Valid values include:
EQ
,NE
,LE
,LT
,GE
, orGT
. - Size int
- Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
- Text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- Comparison
Operator string - Operator to use to compare the request part to the size setting. Valid values include:
EQ
,NE
,LE
,LT
,GE
, orGT
. - Size int
- Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
- Text
Transformations []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- comparison
Operator String - Operator to use to compare the request part to the size setting. Valid values include:
EQ
,NE
,LE
,LT
,GE
, orGT
. - size Integer
- Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
- text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- comparison
Operator string - Operator to use to compare the request part to the size setting. Valid values include:
EQ
,NE
,LE
,LT
,GE
, orGT
. - size number
- Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
- text
Transformations WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- comparison_
operator str - Operator to use to compare the request part to the size setting. Valid values include:
EQ
,NE
,LE
,LT
,GE
, orGT
. - size int
- Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
- text_
transformations Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field_
to_ Webmatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- comparison
Operator String - Operator to use to compare the request part to the size setting. Valid values include:
EQ
,NE
,LE
,LT
,GE
, orGT
. - size Number
- Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To Property MapMatch - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchArgs
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - Header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - Headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header> - Inspect the request headers. See
headers
below for details. - Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - Header
Orders []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Order - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - Headers
[]Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header - Inspect the request headers. See
headers
below for details. - Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header> - Inspect the request headers. See
headers
below for details. - ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header
Orders WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Order[] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header[] - Inspect the request headers. See
headers
below for details. - ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all_
query_ Webarguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header_
orders Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Order] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
Sequence[Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header] - Inspect the request headers. See
headers
below for details. - ja3_
fingerprint WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json_
body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query_
string WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single_
header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single_
query_ Webargument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri_
path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body, which immediately follows the request headers. See
body
below for details. - Property Map
- Inspect the cookies in the web request. See
cookies
below for details. - header
Orders List<Property Map> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers List<Property Map>
- Inspect the request headers. See
headers
below for details. - ja3Fingerprint Property Map
- Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body Property Map - Inspect the request body as JSON. See
json_body
for details. - method Property Map
- Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String Property Map - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header Property Map - Inspect a single header. See
single_header
below for details. - single
Query Property MapArgument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path Property Map - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBodyArgs
- Oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- Oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling String - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize_
handling str - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling String - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesArgs
- Match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- Match
Patterns []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern[] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match_
patterns Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match_
scope str - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize_
handling str - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns List<Property Map> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<string>
- List<string>
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- []string
- []string
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- string[]
- string[]
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Sequence[str]
- Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderArgs
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match_
scope str - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern Property Map - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers List<string> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers List<string> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers []string - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers []string - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers string[] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers string[] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded_
headers Sequence[str] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included_
headers Sequence[str] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback_
behavior str - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyArgs
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match_
scope str - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid_
fallback_ strbehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize_
handling str - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern Property Map - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths List<string>
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths []string
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths string[]
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included_
paths Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeaderArgs
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformationArgs
- Priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- Transformation to apply, please refer to the Text Transformation documentation for more details.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementArgs
- Text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details. - Sensitivity
Level string - Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include:
LOW
,HIGH
.
- Text
Transformations []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details. - Sensitivity
Level string - Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include:
LOW
,HIGH
.
- text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details. - sensitivity
Level String - Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include:
LOW
,HIGH
.
- text
Transformations WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details. - sensitivity
Level string - Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include:
LOW
,HIGH
.
- text_
transformations Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field_
to_ Webmatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details. - sensitivity_
level str - Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include:
LOW
,HIGH
.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To Property MapMatch - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details. - sensitivity
Level String - Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include:
LOW
,HIGH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchArgs
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - Header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - Headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header> - Inspect the request headers. See
headers
below for details. - Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - Header
Orders []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Order - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - Headers
[]Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header - Inspect the request headers. See
headers
below for details. - Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header> - Inspect the request headers. See
headers
below for details. - ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header
Orders WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Order[] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header[] - Inspect the request headers. See
headers
below for details. - ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all_
query_ Webarguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header_
orders Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Order] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
Sequence[Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header] - Inspect the request headers. See
headers
below for details. - ja3_
fingerprint WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json_
body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query_
string WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single_
header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single_
query_ Webargument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri_
path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body, which immediately follows the request headers. See
body
below for details. - Property Map
- Inspect the cookies in the web request. See
cookies
below for details. - header
Orders List<Property Map> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers List<Property Map>
- Inspect the request headers. See
headers
below for details. - ja3Fingerprint Property Map
- Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body Property Map - Inspect the request body as JSON. See
json_body
for details. - method Property Map
- Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String Property Map - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header Property Map - Inspect a single header. See
single_header
below for details. - single
Query Property MapArgument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path Property Map - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBodyArgs
- Oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- Oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling String - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize_
handling str - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling String - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesArgs
- Match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- Match
Patterns []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern[] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match_
patterns Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match_
scope str - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize_
handling str - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns List<Property Map> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<string>
- List<string>
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- []string
- []string
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- string[]
- string[]
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Sequence[str]
- Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderArgs
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match_
scope str - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern Property Map - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers List<string> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers List<string> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers []string - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers []string - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers string[] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers string[] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded_
headers Sequence[str] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included_
headers Sequence[str] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback_
behavior str - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyArgs
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match_
scope str - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid_
fallback_ strbehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize_
handling str - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern Property Map - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths List<string>
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths []string
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths string[]
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included_
paths Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeaderArgs
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformationArgs
- Priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- Transformation to apply, please refer to the Text Transformation documentation for more details.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementArgs
- Text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- Text
Transformations []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- text
Transformations WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- text_
transformations Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field_
to_ Webmatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See
text_transformation
below for details. - field
To Property MapMatch - Part of a web request that you want AWS WAF to inspect. See
field_to_match
below for details.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchArgs
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - Header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - Headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header> - Inspect the request headers. See
headers
below for details. - Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - Header
Orders []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Order - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - Headers
[]Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header - Inspect the request headers. See
headers
below for details. - Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header> - Inspect the request headers. See
headers
below for details. - ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header
Orders WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Order[] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header[] - Inspect the request headers. See
headers
below for details. - ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all_
query_ Webarguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Body - Inspect the request body, which immediately follows the request headers. See
body
below for details. - Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies - Inspect the cookies in the web request. See
cookies
below for details. - header_
orders Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Order] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers
Sequence[Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header] - Inspect the request headers. See
headers
below for details. - ja3_
fingerprint WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Ja3Fingerprint - Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json_
body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body - Inspect the request body as JSON. See
json_body
for details. - method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Method - Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query_
string WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Query String - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single_
header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Single Header - Inspect a single header. See
single_header
below for details. - single_
query_ Webargument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Single Query Argument - Inspect a single query argument. See
single_query_argument
below for details. - uri_
path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Uri Path - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body, which immediately follows the request headers. See
body
below for details. - Property Map
- Inspect the cookies in the web request. See
cookies
below for details. - header
Orders List<Property Map> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See
header_order
below for details. - headers List<Property Map>
- Inspect the request headers. See
headers
below for details. - ja3Fingerprint Property Map
- Inspect the JA3 fingerprint. See
ja3_fingerprint
below for details. - json
Body Property Map - Inspect the request body as JSON. See
json_body
for details. - method Property Map
- Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String Property Map - Inspect the query string. This is the part of a URL that appears after a
?
character, if any. - single
Header Property Map - Inspect a single header. See
single_header
below for details. - single
Query Property MapArgument - Inspect a single query argument. See
single_query_argument
below for details. - uri
Path Property Map - Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBodyArgs
- Oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- Oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling String - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling string - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize_
handling str - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- oversize
Handling String - What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesArgs
- Match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- Match
Patterns []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - Match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- Oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern[] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope string - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling string - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match_
patterns Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern] - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match_
scope str - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize_
handling str - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
- match
Patterns List<Property Map> - The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all
,included_cookies
orexcluded_cookies
. More details: CookieMatchPattern - match
Scope String - The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL
,KEY
,VALUE
- oversize
Handling String - What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE
,MATCH
,NO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<string>
- List<string>
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- []string
- []string
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- string[]
- string[]
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Sequence[str]
- Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderArgs
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - Match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope string - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match_
scope str - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- match
Pattern Property Map - The filter to use to identify the subset of headers to inspect in a web request. The
match_pattern
block supports only one of the following arguments: - match
Scope String - The parts of the headers to inspect with the rule inspection criteria. If you specify
All
, AWS WAF inspects both keys and values. Valid values include the following:ALL
,Key
,Value
. - oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers List<string> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers List<string> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Excluded
Headers []string - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers []string - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded
Headers string[] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers string[] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern All - An empty configuration block that is used for inspecting all headers.
- excluded_
headers Sequence[str] - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included_
headers Sequence[str] - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> - An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> - An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- Oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling string - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize_
handling str - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
- oversize
Handling String - Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE
,MATCH
,NO_MATCH
. See the AWS documentation for more information.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- Fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior string - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback_
behavior str - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
- fallback
Behavior String - The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include:
MATCH
orNO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyArgs
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - Match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - Invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - Oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope string - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback stringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling string - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match_
scope str - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid_
fallback_ strbehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize_
handling str - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
- match
Pattern Property Map - The patterns to look for in the JSON body. You must specify exactly one setting: either
all
orincluded_paths
. See JsonMatchPattern for details. - match
Scope String - The parts of the JSON to match against using the
match_pattern
. Valid values areALL
,KEY
andVALUE
. - invalid
Fallback StringBehavior - What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING
,MATCH
andNO_MATCH
. - oversize
Handling String - What to do if the body is larger than can be inspected. Valid values are
CONTINUE
(default),MATCH
andNO_MATCH
.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths List<string>
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- Included
Paths []string
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included
Paths string[]
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern All - An empty configuration block that is used for inspecting all headers.
- included_
paths Sequence[str]
- all Property Map
- An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeaderArgs
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name string
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name str
- Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
- Name of the query header to inspect. This setting must be provided as lower case characters.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformationArgs
- Priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
- Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
- Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
- Transformation to apply, please refer to the Text Transformation documentation for more details.
WebAclRuleStatementNotStatement, WebAclRuleStatementNotStatementArgs
- Statements
List<Web
Acl Rule Statement> - The statements to combine.
- Statements
[]Web
Acl Rule Statement - The statements to combine.
- statements
List<Web
Acl Rule Statement> - The statements to combine.
- statements
Web
Acl Rule Statement[] - The statements to combine.
- statements
Sequence[Web
Acl Rule Statement] - The statements to combine.
- statements List<Property Map>
- The statements to combine.
WebAclRuleStatementOrStatement, WebAclRuleStatementOrStatementArgs
- Statements
List<Web
Acl Rule Statement> - The statements to combine.
- Statements
[]Web
Acl Rule Statement - The statements to combine.
- statements
List<Web
Acl Rule Statement> - The statements to combine.
- statements
Web
Acl Rule Statement[] - The statements to combine.
- statements
Sequence[Web
Acl Rule Statement] - The statements to combine.
- statements List<Property Map>
- The statements to combine.
WebAclRuleStatementRateBasedStatement, WebAclRuleStatementRateBasedStatementArgs
- Limit int
- Limit on requests per 5-minute period for a single originating IP address.
- Aggregate
Key stringType - Setting that indicates how to aggregate the request counts. Valid values include:
CONSTANT
,CUSTOM_KEYS
,FORWARDED_IP
, orIP
. Default:IP
. - Custom
Keys List<WebAcl Rule Statement Rate Based Statement Custom Key> - Aggregate the request counts using one or more web request components as the aggregate keys. See
custom_key
below for details. - Evaluation
Window intSec The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are
60
,120
,300
, and600
. Defaults to300
(5 minutes).NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.
- Forwarded
Ip WebConfig Acl Rule Statement Rate Based Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If
aggregate_key_type
is set toFORWARDED_IP
, this block is required. Seeforwarded_ip_config
below for details. - Scope
Down WebStatement Acl Rule Statement Rate Based Statement Scope Down Statement - Optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See
statement
above for details. Ifaggregate_key_type
is set toCONSTANT
, this block is required.
- Limit int
- Limit on requests per 5-minute period for a single originating IP address.
- Aggregate
Key stringType - Setting that indicates how to aggregate the request counts. Valid values include:
CONSTANT
,CUSTOM_KEYS
,FORWARDED_IP
, orIP
. Default:IP
. - Custom
Keys []WebAcl Rule Statement Rate Based Statement Custom Key - Aggregate the request counts using one or more web request components as the aggregate keys. See
custom_key
below for details. - Evaluation
Window intSec The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are
60
,120
,300
, and600
. Defaults to300
(5 minutes).NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.
- Forwarded
Ip WebConfig Acl Rule Statement Rate Based Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If
aggregate_key_type
is set toFORWARDED_IP
, this block is required. Seeforwarded_ip_config
below for details. - Scope
Down WebStatement Acl Rule Statement Rate Based Statement Scope Down Statement - Optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See
statement
above for details. Ifaggregate_key_type
is set toCONSTANT
, this block is required.
- limit Integer
- Limit on requests per 5-minute period for a single originating IP address.
- aggregate
Key StringType - Setting that indicates how to aggregate the request counts. Valid values include:
CONSTANT
,CUSTOM_KEYS
,FORWARDED_IP
, orIP
. Default:IP
. - custom
Keys List<WebAcl Rule Statement Rate Based Statement Custom Key> - Aggregate the request counts using one or more web request components as the aggregate keys. See
custom_key
below for details. - evaluation
Window IntegerSec The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are
60
,120
,300
, and600
. Defaults to300
(5 minutes).NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.
- forwarded
Ip WebConfig Acl Rule Statement Rate Based Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If
aggregate_key_type
is set toFORWARDED_IP
, this block is required. Seeforwarded_ip_config
below for details. - scope
Down WebStatement Acl Rule Statement Rate Based Statement Scope Down Statement - Optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See
statement
above for details. Ifaggregate_key_type
is set toCONSTANT
, this block is required.
- limit number
- Limit on requests per 5-minute period for a single originating IP address.
- aggregate
Key stringType - Setting that indicates how to aggregate the request counts. Valid values include:
CONSTANT
,CUSTOM_KEYS
,FORWARDED_IP
, orIP
. Default:IP
. - custom
Keys WebAcl Rule Statement Rate Based Statement Custom Key[] - Aggregate the request counts using one or more web request components as the aggregate keys. See
custom_key
below for details. - evaluation
Window numberSec The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are
60
,120
,300
, and600
. Defaults to300
(5 minutes).NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.
- forwarded
Ip WebConfig Acl Rule Statement Rate Based Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If
aggregate_key_type
is set toFORWARDED_IP
, this block is required. Seeforwarded_ip_config
below for details. - scope
Down WebStatement Acl Rule Statement Rate Based Statement Scope Down Statement - Optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See
statement
above for details. Ifaggregate_key_type
is set toCONSTANT
, this block is required.
- limit int
- Limit on requests per 5-minute period for a single originating IP address.
- aggregate_
key_ strtype - Setting that indicates how to aggregate the request counts. Valid values include:
CONSTANT
,CUSTOM_KEYS
,FORWARDED_IP
, orIP
. Default:IP
. - custom_
keys Sequence[WebAcl Rule Statement Rate Based Statement Custom Key] - Aggregate the request counts using one or more web request components as the aggregate keys. See
custom_key
below for details. - evaluation_
window_ intsec The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are
60
,120
,300
, and600
. Defaults to300
(5 minutes).NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.
- forwarded_
ip_ Webconfig Acl Rule Statement Rate Based Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If
aggregate_key_type
is set toFORWARDED_IP
, this block is required. Seeforwarded_ip_config
below for details. - scope_
down_ Webstatement Acl Rule Statement Rate Based Statement Scope Down Statement - Optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See
statement
above for details. Ifaggregate_key_type
is set toCONSTANT
, this block is required.
- limit Number
- Limit on requests per 5-minute period for a single originating IP address.
- aggregate
Key StringType - Setting that indicates how to aggregate the request counts. Valid values include:
CONSTANT
,CUSTOM_KEYS
,FORWARDED_IP
, orIP
. Default:IP
. - custom
Keys List<Property Map> - Aggregate the request counts using one or more web request components as the aggregate keys. See
custom_key
below for details. - evaluation
Window NumberSec The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are
60
,120
,300
, and600
. Defaults to300
(5 minutes).NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.
- forwarded
Ip Property MapConfig - Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If
aggregate_key_type
is set toFORWARDED_IP
, this block is required. Seeforwarded_ip_config
below for details. - scope
Down Property MapStatement - Optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See
statement
above for details. Ifaggregate_key_type
is set toCONSTANT
, this block is required.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.