1. Packages
  2. AWS
  3. API Docs
  4. wafv2
  5. WebAcl
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

aws.wafv2.WebAcl

Explore with Pulumi AI

aws logo
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

    Create WebAcl Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new WebAcl(name: string, args: WebAclArgs, opts?: CustomResourceOptions);
    @overload
    def WebAcl(resource_name: str,
               args: WebAclArgs,
               opts: Optional[ResourceOptions] = None)
    
    @overload
    def WebAcl(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               association_config: Optional[WebAclAssociationConfigArgs] = None,
               captcha_config: Optional[WebAclCaptchaConfigArgs] = None,
               challenge_config: Optional[WebAclChallengeConfigArgs] = None,
               custom_response_bodies: Optional[Sequence[WebAclCustomResponseBodyArgs]] = None,
               default_action: Optional[WebAclDefaultActionArgs] = None,
               description: Optional[str] = None,
               name: Optional[str] = None,
               rule_json: Optional[str] = None,
               rules: Optional[Sequence[WebAclRuleArgs]] = None,
               scope: Optional[str] = None,
               tags: Optional[Mapping[str, str]] = None,
               token_domains: Optional[Sequence[str]] = None,
               visibility_config: Optional[WebAclVisibilityConfigArgs] = None)
    func NewWebAcl(ctx *Context, name string, args WebAclArgs, opts ...ResourceOption) (*WebAcl, error)
    public WebAcl(string name, WebAclArgs args, CustomResourceOptions? opts = null)
    public WebAcl(String name, WebAclArgs args)
    public WebAcl(String name, WebAclArgs args, CustomResourceOptions options)
    
    type: aws:wafv2:WebAcl
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args WebAclArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args WebAclArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args WebAclArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args WebAclArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args WebAclArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    WebAcl Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The WebAcl resource accepts the following input properties:

    DefaultAction WebAclDefaultAction
    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
    Scope string
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    VisibilityConfig WebAclVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
    AssociationConfig WebAclAssociationConfig
    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
    CaptchaConfig WebAclCaptchaConfig
    Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
    ChallengeConfig WebAclChallengeConfig
    Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
    CustomResponseBodies List<WebAclCustomResponseBody>
    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
    Description string
    Friendly description of the WebACL.
    Name string
    Friendly name of the WebACL.
    RuleJson string
    Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. See the AWS documentation for the JSON structure.
    Rules List<WebAclRule>
    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
    Tags Dictionary<string, string>
    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TokenDomains List<string>
    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
    DefaultAction WebAclDefaultActionArgs
    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
    Scope string
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    VisibilityConfig WebAclVisibilityConfigArgs
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
    AssociationConfig WebAclAssociationConfigArgs
    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
    CaptchaConfig WebAclCaptchaConfigArgs
    Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
    ChallengeConfig WebAclChallengeConfigArgs
    Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
    CustomResponseBodies []WebAclCustomResponseBodyArgs
    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
    Description string
    Friendly description of the WebACL.
    Name string
    Friendly name of the WebACL.
    RuleJson string
    Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. See the AWS documentation for the JSON structure.
    Rules []WebAclRuleArgs
    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
    Tags map[string]string
    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TokenDomains []string
    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
    defaultAction WebAclDefaultAction
    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
    scope String
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    visibilityConfig WebAclVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
    associationConfig WebAclAssociationConfig
    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
    captchaConfig WebAclCaptchaConfig
    Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
    challengeConfig WebAclChallengeConfig
    Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
    customResponseBodies List<WebAclCustomResponseBody>
    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
    description String
    Friendly description of the WebACL.
    name String
    Friendly name of the WebACL.
    ruleJson String
    Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. See the AWS documentation for the JSON structure.
    rules List<WebAclRule>
    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
    tags Map<String,String>
    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tokenDomains List<String>
    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
    defaultAction WebAclDefaultAction
    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
    scope string
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    visibilityConfig WebAclVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
    associationConfig WebAclAssociationConfig
    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
    captchaConfig WebAclCaptchaConfig
    Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
    challengeConfig WebAclChallengeConfig
    Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
    customResponseBodies WebAclCustomResponseBody[]
    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
    description string
    Friendly description of the WebACL.
    name string
    Friendly name of the WebACL.
    ruleJson string
    Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. See the AWS documentation for the JSON structure.
    rules WebAclRule[]
    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
    tags {[key: string]: string}
    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tokenDomains string[]
    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
    default_action WebAclDefaultActionArgs
    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
    scope str
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    visibility_config WebAclVisibilityConfigArgs
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
    association_config WebAclAssociationConfigArgs
    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
    captcha_config WebAclCaptchaConfigArgs
    Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
    challenge_config WebAclChallengeConfigArgs
    Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
    custom_response_bodies Sequence[WebAclCustomResponseBodyArgs]
    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
    description str
    Friendly description of the WebACL.
    name str
    Friendly name of the WebACL.
    rule_json str
    Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. See the AWS documentation for the JSON structure.
    rules Sequence[WebAclRuleArgs]
    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
    tags Mapping[str, str]
    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    token_domains Sequence[str]
    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
    defaultAction Property Map
    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
    scope String
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    visibilityConfig Property Map
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
    associationConfig Property Map
    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
    captchaConfig Property Map
    Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
    challengeConfig Property Map
    Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
    customResponseBodies List<Property Map>
    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
    description String
    Friendly description of the WebACL.
    name String
    Friendly name of the WebACL.
    ruleJson String
    Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. See the AWS documentation for the JSON structure.
    rules List<Property Map>
    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
    tags Map<String>
    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tokenDomains List<String>
    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the WebAcl resource produces the following output properties:

    ApplicationIntegrationUrl string
    The URL to use in SDK integrations with managed rule groups.
    Arn string
    The ARN of the WAF WebACL.
    Capacity int
    Web ACL capacity units (WCUs) currently being used by this web ACL.
    Id string
    The provider-assigned unique ID for this managed resource.
    LockToken string
    TagsAll Dictionary<string, string>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    ApplicationIntegrationUrl string
    The URL to use in SDK integrations with managed rule groups.
    Arn string
    The ARN of the WAF WebACL.
    Capacity int
    Web ACL capacity units (WCUs) currently being used by this web ACL.
    Id string
    The provider-assigned unique ID for this managed resource.
    LockToken string
    TagsAll map[string]string
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    applicationIntegrationUrl String
    The URL to use in SDK integrations with managed rule groups.
    arn String
    The ARN of the WAF WebACL.
    capacity Integer
    Web ACL capacity units (WCUs) currently being used by this web ACL.
    id String
    The provider-assigned unique ID for this managed resource.
    lockToken String
    tagsAll Map<String,String>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    applicationIntegrationUrl string
    The URL to use in SDK integrations with managed rule groups.
    arn string
    The ARN of the WAF WebACL.
    capacity number
    Web ACL capacity units (WCUs) currently being used by this web ACL.
    id string
    The provider-assigned unique ID for this managed resource.
    lockToken string
    tagsAll {[key: string]: string}
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    application_integration_url str
    The URL to use in SDK integrations with managed rule groups.
    arn str
    The ARN of the WAF WebACL.
    capacity int
    Web ACL capacity units (WCUs) currently being used by this web ACL.
    id str
    The provider-assigned unique ID for this managed resource.
    lock_token str
    tags_all Mapping[str, str]
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    applicationIntegrationUrl String
    The URL to use in SDK integrations with managed rule groups.
    arn String
    The ARN of the WAF WebACL.
    capacity Number
    Web ACL capacity units (WCUs) currently being used by this web ACL.
    id String
    The provider-assigned unique ID for this managed resource.
    lockToken String
    tagsAll Map<String>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Look up Existing WebAcl Resource

    Get an existing WebAcl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: WebAclState, opts?: CustomResourceOptions): WebAcl
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            application_integration_url: Optional[str] = None,
            arn: Optional[str] = None,
            association_config: Optional[WebAclAssociationConfigArgs] = None,
            capacity: Optional[int] = None,
            captcha_config: Optional[WebAclCaptchaConfigArgs] = None,
            challenge_config: Optional[WebAclChallengeConfigArgs] = None,
            custom_response_bodies: Optional[Sequence[WebAclCustomResponseBodyArgs]] = None,
            default_action: Optional[WebAclDefaultActionArgs] = None,
            description: Optional[str] = None,
            lock_token: Optional[str] = None,
            name: Optional[str] = None,
            rule_json: Optional[str] = None,
            rules: Optional[Sequence[WebAclRuleArgs]] = None,
            scope: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None,
            token_domains: Optional[Sequence[str]] = None,
            visibility_config: Optional[WebAclVisibilityConfigArgs] = None) -> WebAcl
    func GetWebAcl(ctx *Context, name string, id IDInput, state *WebAclState, opts ...ResourceOption) (*WebAcl, error)
    public static WebAcl Get(string name, Input<string> id, WebAclState? state, CustomResourceOptions? opts = null)
    public static WebAcl get(String name, Output<String> id, WebAclState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    ApplicationIntegrationUrl string
    The URL to use in SDK integrations with managed rule groups.
    Arn string
    The ARN of the WAF WebACL.
    AssociationConfig WebAclAssociationConfig
    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
    Capacity int
    Web ACL capacity units (WCUs) currently being used by this web ACL.
    CaptchaConfig WebAclCaptchaConfig
    Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
    ChallengeConfig WebAclChallengeConfig
    Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
    CustomResponseBodies List<WebAclCustomResponseBody>
    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
    DefaultAction WebAclDefaultAction
    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
    Description string
    Friendly description of the WebACL.
    LockToken string
    Name string
    Friendly name of the WebACL.
    RuleJson string
    Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. See the AWS documentation for the JSON structure.
    Rules List<WebAclRule>
    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
    Scope string
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    Tags Dictionary<string, string>
    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll Dictionary<string, string>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    TokenDomains List<string>
    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
    VisibilityConfig WebAclVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
    ApplicationIntegrationUrl string
    The URL to use in SDK integrations with managed rule groups.
    Arn string
    The ARN of the WAF WebACL.
    AssociationConfig WebAclAssociationConfigArgs
    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
    Capacity int
    Web ACL capacity units (WCUs) currently being used by this web ACL.
    CaptchaConfig WebAclCaptchaConfigArgs
    Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
    ChallengeConfig WebAclChallengeConfigArgs
    Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
    CustomResponseBodies []WebAclCustomResponseBodyArgs
    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
    DefaultAction WebAclDefaultActionArgs
    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
    Description string
    Friendly description of the WebACL.
    LockToken string
    Name string
    Friendly name of the WebACL.
    RuleJson string
    Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. See the AWS documentation for the JSON structure.
    Rules []WebAclRuleArgs
    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
    Scope string
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    Tags map[string]string
    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll map[string]string
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    TokenDomains []string
    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
    VisibilityConfig WebAclVisibilityConfigArgs
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
    applicationIntegrationUrl String
    The URL to use in SDK integrations with managed rule groups.
    arn String
    The ARN of the WAF WebACL.
    associationConfig WebAclAssociationConfig
    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
    capacity Integer
    Web ACL capacity units (WCUs) currently being used by this web ACL.
    captchaConfig WebAclCaptchaConfig
    Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
    challengeConfig WebAclChallengeConfig
    Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
    customResponseBodies List<WebAclCustomResponseBody>
    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
    defaultAction WebAclDefaultAction
    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
    description String
    Friendly description of the WebACL.
    lockToken String
    name String
    Friendly name of the WebACL.
    ruleJson String
    Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. See the AWS documentation for the JSON structure.
    rules List<WebAclRule>
    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
    scope String
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    tags Map<String,String>
    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String,String>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    tokenDomains List<String>
    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
    visibilityConfig WebAclVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
    applicationIntegrationUrl string
    The URL to use in SDK integrations with managed rule groups.
    arn string
    The ARN of the WAF WebACL.
    associationConfig WebAclAssociationConfig
    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
    capacity number
    Web ACL capacity units (WCUs) currently being used by this web ACL.
    captchaConfig WebAclCaptchaConfig
    Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
    challengeConfig WebAclChallengeConfig
    Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
    customResponseBodies WebAclCustomResponseBody[]
    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
    defaultAction WebAclDefaultAction
    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
    description string
    Friendly description of the WebACL.
    lockToken string
    name string
    Friendly name of the WebACL.
    ruleJson string
    Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. See the AWS documentation for the JSON structure.
    rules WebAclRule[]
    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
    scope string
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    tags {[key: string]: string}
    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll {[key: string]: string}
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    tokenDomains string[]
    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
    visibilityConfig WebAclVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
    application_integration_url str
    The URL to use in SDK integrations with managed rule groups.
    arn str
    The ARN of the WAF WebACL.
    association_config WebAclAssociationConfigArgs
    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
    capacity int
    Web ACL capacity units (WCUs) currently being used by this web ACL.
    captcha_config WebAclCaptchaConfigArgs
    Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
    challenge_config WebAclChallengeConfigArgs
    Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
    custom_response_bodies Sequence[WebAclCustomResponseBodyArgs]
    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
    default_action WebAclDefaultActionArgs
    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
    description str
    Friendly description of the WebACL.
    lock_token str
    name str
    Friendly name of the WebACL.
    rule_json str
    Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. See the AWS documentation for the JSON structure.
    rules Sequence[WebAclRuleArgs]
    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
    scope str
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    tags Mapping[str, str]
    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tags_all Mapping[str, str]
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    token_domains Sequence[str]
    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
    visibility_config WebAclVisibilityConfigArgs
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
    applicationIntegrationUrl String
    The URL to use in SDK integrations with managed rule groups.
    arn String
    The ARN of the WAF WebACL.
    associationConfig Property Map
    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
    capacity Number
    Web ACL capacity units (WCUs) currently being used by this web ACL.
    captchaConfig Property Map
    Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
    challengeConfig Property Map
    Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
    customResponseBodies List<Property Map>
    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
    defaultAction Property Map
    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
    description String
    Friendly description of the WebACL.
    lockToken String
    name String
    Friendly name of the WebACL.
    ruleJson String
    Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. See the AWS documentation for the JSON structure.
    rules List<Property Map>
    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
    scope String
    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
    tags Map<String>
    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    tokenDomains List<String>
    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
    visibilityConfig Property Map
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

    Supporting Types

    Note: There are over 200 nested types for this resource. Only the first 200 types are included in this documentation.

    WebAclAssociationConfig, WebAclAssociationConfigArgs

    RequestBodies List<WebAclAssociationConfigRequestBody>
    Customizes the request body that your protected resource forward to AWS WAF for inspection. See request_body below for details.
    RequestBodies []WebAclAssociationConfigRequestBody
    Customizes the request body that your protected resource forward to AWS WAF for inspection. See request_body below for details.
    requestBodies List<WebAclAssociationConfigRequestBody>
    Customizes the request body that your protected resource forward to AWS WAF for inspection. See request_body below for details.
    requestBodies WebAclAssociationConfigRequestBody[]
    Customizes the request body that your protected resource forward to AWS WAF for inspection. See request_body below for details.
    request_bodies Sequence[WebAclAssociationConfigRequestBody]
    Customizes the request body that your protected resource forward to AWS WAF for inspection. See request_body below for details.
    requestBodies List<Property Map>
    Customizes the request body that your protected resource forward to AWS WAF for inspection. See request_body below for details.

    WebAclAssociationConfigRequestBody, WebAclAssociationConfigRequestBodyArgs

    ApiGateways List<WebAclAssociationConfigRequestBodyApiGateway>
    Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when scope is set to CLOUDFRONT. See api_gateway below for details.
    AppRunnerServices List<WebAclAssociationConfigRequestBodyAppRunnerService>
    Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See app_runner_service below for details.
    Cloudfronts List<WebAclAssociationConfigRequestBodyCloudfront>
    Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cloudfront below for details.
    CognitoUserPools List<WebAclAssociationConfigRequestBodyCognitoUserPool>
    Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cognito_user_pool below for details.
    VerifiedAccessInstances List<WebAclAssociationConfigRequestBodyVerifiedAccessInstance>
    Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See verified_access_instance below for details.
    ApiGateways []WebAclAssociationConfigRequestBodyApiGateway
    Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when scope is set to CLOUDFRONT. See api_gateway below for details.
    AppRunnerServices []WebAclAssociationConfigRequestBodyAppRunnerService
    Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See app_runner_service below for details.
    Cloudfronts []WebAclAssociationConfigRequestBodyCloudfront
    Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cloudfront below for details.
    CognitoUserPools []WebAclAssociationConfigRequestBodyCognitoUserPool
    Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cognito_user_pool below for details.
    VerifiedAccessInstances []WebAclAssociationConfigRequestBodyVerifiedAccessInstance
    Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See verified_access_instance below for details.
    apiGateways List<WebAclAssociationConfigRequestBodyApiGateway>
    Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when scope is set to CLOUDFRONT. See api_gateway below for details.
    appRunnerServices List<WebAclAssociationConfigRequestBodyAppRunnerService>
    Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See app_runner_service below for details.
    cloudfronts List<WebAclAssociationConfigRequestBodyCloudfront>
    Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cloudfront below for details.
    cognitoUserPools List<WebAclAssociationConfigRequestBodyCognitoUserPool>
    Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cognito_user_pool below for details.
    verifiedAccessInstances List<WebAclAssociationConfigRequestBodyVerifiedAccessInstance>
    Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See verified_access_instance below for details.
    apiGateways WebAclAssociationConfigRequestBodyApiGateway[]
    Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when scope is set to CLOUDFRONT. See api_gateway below for details.
    appRunnerServices WebAclAssociationConfigRequestBodyAppRunnerService[]
    Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See app_runner_service below for details.
    cloudfronts WebAclAssociationConfigRequestBodyCloudfront[]
    Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cloudfront below for details.
    cognitoUserPools WebAclAssociationConfigRequestBodyCognitoUserPool[]
    Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cognito_user_pool below for details.
    verifiedAccessInstances WebAclAssociationConfigRequestBodyVerifiedAccessInstance[]
    Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See verified_access_instance below for details.
    api_gateways Sequence[WebAclAssociationConfigRequestBodyApiGateway]
    Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when scope is set to CLOUDFRONT. See api_gateway below for details.
    app_runner_services Sequence[WebAclAssociationConfigRequestBodyAppRunnerService]
    Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See app_runner_service below for details.
    cloudfronts Sequence[WebAclAssociationConfigRequestBodyCloudfront]
    Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cloudfront below for details.
    cognito_user_pools Sequence[WebAclAssociationConfigRequestBodyCognitoUserPool]
    Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cognito_user_pool below for details.
    verified_access_instances Sequence[WebAclAssociationConfigRequestBodyVerifiedAccessInstance]
    Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See verified_access_instance below for details.
    apiGateways List<Property Map>
    Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when scope is set to CLOUDFRONT. See api_gateway below for details.
    appRunnerServices List<Property Map>
    Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See app_runner_service below for details.
    cloudfronts List<Property Map>
    Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cloudfront below for details.
    cognitoUserPools List<Property Map>
    Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cognito_user_pool below for details.
    verifiedAccessInstances List<Property Map>
    Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See verified_access_instance below for details.

    WebAclAssociationConfigRequestBodyApiGateway, WebAclAssociationConfigRequestBodyApiGatewayArgs

    DefaultSizeInspectionLimit string
    Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    DefaultSizeInspectionLimit string
    Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    defaultSizeInspectionLimit String
    Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    defaultSizeInspectionLimit string
    Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    default_size_inspection_limit str
    Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    defaultSizeInspectionLimit String
    Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

    WebAclAssociationConfigRequestBodyAppRunnerService, WebAclAssociationConfigRequestBodyAppRunnerServiceArgs

    DefaultSizeInspectionLimit string
    Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    DefaultSizeInspectionLimit string
    Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    defaultSizeInspectionLimit String
    Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    defaultSizeInspectionLimit string
    Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    default_size_inspection_limit str
    Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    defaultSizeInspectionLimit String
    Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

    WebAclAssociationConfigRequestBodyCloudfront, WebAclAssociationConfigRequestBodyCloudfrontArgs

    DefaultSizeInspectionLimit string
    Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    DefaultSizeInspectionLimit string
    Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    defaultSizeInspectionLimit String
    Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    defaultSizeInspectionLimit string
    Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    default_size_inspection_limit str
    Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    defaultSizeInspectionLimit String
    Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

    WebAclAssociationConfigRequestBodyCognitoUserPool, WebAclAssociationConfigRequestBodyCognitoUserPoolArgs

    DefaultSizeInspectionLimit string
    Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    DefaultSizeInspectionLimit string
    Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    defaultSizeInspectionLimit String
    Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    defaultSizeInspectionLimit string
    Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    default_size_inspection_limit str
    Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    defaultSizeInspectionLimit String
    Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

    WebAclAssociationConfigRequestBodyVerifiedAccessInstance, WebAclAssociationConfigRequestBodyVerifiedAccessInstanceArgs

    DefaultSizeInspectionLimit string
    Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    DefaultSizeInspectionLimit string
    Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    defaultSizeInspectionLimit String
    Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    defaultSizeInspectionLimit string
    Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    default_size_inspection_limit str
    Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.
    defaultSizeInspectionLimit String
    Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

    WebAclCaptchaConfig, WebAclCaptchaConfigArgs

    ImmunityTimeProperty WebAclCaptchaConfigImmunityTimeProperty
    Defines custom immunity time. See immunity_time_property below for details.
    ImmunityTimeProperty WebAclCaptchaConfigImmunityTimeProperty
    Defines custom immunity time. See immunity_time_property below for details.
    immunityTimeProperty WebAclCaptchaConfigImmunityTimeProperty
    Defines custom immunity time. See immunity_time_property below for details.
    immunityTimeProperty WebAclCaptchaConfigImmunityTimeProperty
    Defines custom immunity time. See immunity_time_property below for details.
    immunity_time_property WebAclCaptchaConfigImmunityTimeProperty
    Defines custom immunity time. See immunity_time_property below for details.
    immunityTimeProperty Property Map
    Defines custom immunity time. See immunity_time_property below for details.

    WebAclCaptchaConfigImmunityTimeProperty, WebAclCaptchaConfigImmunityTimePropertyArgs

    ImmunityTime int
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
    ImmunityTime int
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
    immunityTime Integer
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
    immunityTime number
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
    immunity_time int
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
    immunityTime Number
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

    WebAclChallengeConfig, WebAclChallengeConfigArgs

    ImmunityTimeProperty WebAclChallengeConfigImmunityTimeProperty
    Defines custom immunity time. See immunity_time_property below for details.
    ImmunityTimeProperty WebAclChallengeConfigImmunityTimeProperty
    Defines custom immunity time. See immunity_time_property below for details.
    immunityTimeProperty WebAclChallengeConfigImmunityTimeProperty
    Defines custom immunity time. See immunity_time_property below for details.
    immunityTimeProperty WebAclChallengeConfigImmunityTimeProperty
    Defines custom immunity time. See immunity_time_property below for details.
    immunity_time_property WebAclChallengeConfigImmunityTimeProperty
    Defines custom immunity time. See immunity_time_property below for details.
    immunityTimeProperty Property Map
    Defines custom immunity time. See immunity_time_property below for details.

    WebAclChallengeConfigImmunityTimeProperty, WebAclChallengeConfigImmunityTimePropertyArgs

    ImmunityTime int
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
    ImmunityTime int
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
    immunityTime Integer
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
    immunityTime number
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
    immunity_time int
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
    immunityTime Number
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

    WebAclCustomResponseBody, WebAclCustomResponseBodyArgs

    Content string
    Payload of the custom response.
    ContentType string
    Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
    Key string
    Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.
    Content string
    Payload of the custom response.
    ContentType string
    Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
    Key string
    Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.
    content String
    Payload of the custom response.
    contentType String
    Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
    key String
    Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.
    content string
    Payload of the custom response.
    contentType string
    Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
    key string
    Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.
    content str
    Payload of the custom response.
    content_type str
    Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
    key str
    Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.
    content String
    Payload of the custom response.
    contentType String
    Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
    key String
    Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.

    WebAclDefaultAction, WebAclDefaultActionArgs

    Allow WebAclDefaultActionAllow
    Specifies that AWS WAF should allow requests by default. See allow below for details.
    Block WebAclDefaultActionBlock
    Specifies that AWS WAF should block requests by default. See block below for details.
    Allow WebAclDefaultActionAllow
    Specifies that AWS WAF should allow requests by default. See allow below for details.
    Block WebAclDefaultActionBlock
    Specifies that AWS WAF should block requests by default. See block below for details.
    allow WebAclDefaultActionAllow
    Specifies that AWS WAF should allow requests by default. See allow below for details.
    block WebAclDefaultActionBlock
    Specifies that AWS WAF should block requests by default. See block below for details.
    allow WebAclDefaultActionAllow
    Specifies that AWS WAF should allow requests by default. See allow below for details.
    block WebAclDefaultActionBlock
    Specifies that AWS WAF should block requests by default. See block below for details.
    allow WebAclDefaultActionAllow
    Specifies that AWS WAF should allow requests by default. See allow below for details.
    block WebAclDefaultActionBlock
    Specifies that AWS WAF should block requests by default. See block below for details.
    allow Property Map
    Specifies that AWS WAF should allow requests by default. See allow below for details.
    block Property Map
    Specifies that AWS WAF should block requests by default. See block below for details.

    WebAclDefaultActionAllow, WebAclDefaultActionAllowArgs

    CustomRequestHandling WebAclDefaultActionAllowCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    CustomRequestHandling WebAclDefaultActionAllowCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling WebAclDefaultActionAllowCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling WebAclDefaultActionAllowCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    custom_request_handling WebAclDefaultActionAllowCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling Property Map
    Defines custom handling for the web request. See custom_request_handling below for details.

    WebAclDefaultActionAllowCustomRequestHandling, WebAclDefaultActionAllowCustomRequestHandlingArgs

    InsertHeaders List<WebAclDefaultActionAllowCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    InsertHeaders []WebAclDefaultActionAllowCustomRequestHandlingInsertHeader
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders List<WebAclDefaultActionAllowCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders WebAclDefaultActionAllowCustomRequestHandlingInsertHeader[]
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insert_headers Sequence[WebAclDefaultActionAllowCustomRequestHandlingInsertHeader]
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders List<Property Map>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    WebAclDefaultActionAllowCustomRequestHandlingInsertHeader, WebAclDefaultActionAllowCustomRequestHandlingInsertHeaderArgs

    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.
    name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value string
    Value of the custom header.
    name str
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value str
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.

    WebAclDefaultActionBlock, WebAclDefaultActionBlockArgs

    CustomResponse WebAclDefaultActionBlockCustomResponse
    Defines a custom response for the web request. See custom_response below for details.
    CustomResponse WebAclDefaultActionBlockCustomResponse
    Defines a custom response for the web request. See custom_response below for details.
    customResponse WebAclDefaultActionBlockCustomResponse
    Defines a custom response for the web request. See custom_response below for details.
    customResponse WebAclDefaultActionBlockCustomResponse
    Defines a custom response for the web request. See custom_response below for details.
    custom_response WebAclDefaultActionBlockCustomResponse
    Defines a custom response for the web request. See custom_response below for details.
    customResponse Property Map
    Defines a custom response for the web request. See custom_response below for details.

    WebAclDefaultActionBlockCustomResponse, WebAclDefaultActionBlockCustomResponseArgs

    ResponseCode int
    The HTTP status code to return to the client.
    CustomResponseBodyKey string
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    ResponseHeaders List<WebAclDefaultActionBlockCustomResponseResponseHeader>
    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.
    ResponseCode int
    The HTTP status code to return to the client.
    CustomResponseBodyKey string
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    ResponseHeaders []WebAclDefaultActionBlockCustomResponseResponseHeader
    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.
    responseCode Integer
    The HTTP status code to return to the client.
    customResponseBodyKey String
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    responseHeaders List<WebAclDefaultActionBlockCustomResponseResponseHeader>
    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.
    responseCode number
    The HTTP status code to return to the client.
    customResponseBodyKey string
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    responseHeaders WebAclDefaultActionBlockCustomResponseResponseHeader[]
    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.
    response_code int
    The HTTP status code to return to the client.
    custom_response_body_key str
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    response_headers Sequence[WebAclDefaultActionBlockCustomResponseResponseHeader]
    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.
    responseCode Number
    The HTTP status code to return to the client.
    customResponseBodyKey String
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    responseHeaders List<Property Map>
    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    WebAclDefaultActionBlockCustomResponseResponseHeader, WebAclDefaultActionBlockCustomResponseResponseHeaderArgs

    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.
    name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value string
    Value of the custom header.
    name str
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value str
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.

    WebAclRule, WebAclRuleArgs

    Name string
    Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.
    Priority int
    If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
    Statement WebAclRuleStatement
    The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.
    VisibilityConfig WebAclRuleVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
    Action WebAclRuleAction
    Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.
    CaptchaConfig WebAclRuleCaptchaConfig
    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.
    OverrideAction WebAclRuleOverrideAction
    Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.
    RuleLabels List<WebAclRuleRuleLabel>
    Labels to apply to web requests that match the rule match statement. See rule_label below for details.
    Name string
    Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.
    Priority int
    If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
    Statement WebAclRuleStatement
    The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.
    VisibilityConfig WebAclRuleVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
    Action WebAclRuleAction
    Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.
    CaptchaConfig WebAclRuleCaptchaConfig
    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.
    OverrideAction WebAclRuleOverrideAction
    Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.
    RuleLabels []WebAclRuleRuleLabel
    Labels to apply to web requests that match the rule match statement. See rule_label below for details.
    name String
    Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.
    priority Integer
    If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
    statement WebAclRuleStatement
    The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.
    visibilityConfig WebAclRuleVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
    action WebAclRuleAction
    Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.
    captchaConfig WebAclRuleCaptchaConfig
    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.
    overrideAction WebAclRuleOverrideAction
    Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.
    ruleLabels List<WebAclRuleRuleLabel>
    Labels to apply to web requests that match the rule match statement. See rule_label below for details.
    name string
    Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.
    priority number
    If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
    statement WebAclRuleStatement
    The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.
    visibilityConfig WebAclRuleVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
    action WebAclRuleAction
    Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.
    captchaConfig WebAclRuleCaptchaConfig
    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.
    overrideAction WebAclRuleOverrideAction
    Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.
    ruleLabels WebAclRuleRuleLabel[]
    Labels to apply to web requests that match the rule match statement. See rule_label below for details.
    name str
    Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.
    priority int
    If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
    statement WebAclRuleStatement
    The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.
    visibility_config WebAclRuleVisibilityConfig
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
    action WebAclRuleAction
    Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.
    captcha_config WebAclRuleCaptchaConfig
    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.
    override_action WebAclRuleOverrideAction
    Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.
    rule_labels Sequence[WebAclRuleRuleLabel]
    Labels to apply to web requests that match the rule match statement. See rule_label below for details.
    name String
    Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.
    priority Number
    If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
    statement Property Map
    The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.
    visibilityConfig Property Map
    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
    action Property Map
    Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.
    captchaConfig Property Map
    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.
    overrideAction Property Map
    Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.
    ruleLabels List<Property Map>
    Labels to apply to web requests that match the rule match statement. See rule_label below for details.

    WebAclRuleAction, WebAclRuleActionArgs

    Allow WebAclRuleActionAllow
    Instructs AWS WAF to allow the web request. See allow below for details.
    Block WebAclRuleActionBlock
    Instructs AWS WAF to block the web request. See block below for details.
    Captcha WebAclRuleActionCaptcha
    Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.
    Challenge WebAclRuleActionChallenge
    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.
    Count WebAclRuleActionCount
    Instructs AWS WAF to count the web request and allow it. See count below for details.
    Allow WebAclRuleActionAllow
    Instructs AWS WAF to allow the web request. See allow below for details.
    Block WebAclRuleActionBlock
    Instructs AWS WAF to block the web request. See block below for details.
    Captcha WebAclRuleActionCaptcha
    Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.
    Challenge WebAclRuleActionChallenge
    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.
    Count WebAclRuleActionCount
    Instructs AWS WAF to count the web request and allow it. See count below for details.
    allow WebAclRuleActionAllow
    Instructs AWS WAF to allow the web request. See allow below for details.
    block WebAclRuleActionBlock
    Instructs AWS WAF to block the web request. See block below for details.
    captcha WebAclRuleActionCaptcha
    Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.
    challenge WebAclRuleActionChallenge
    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.
    count WebAclRuleActionCount
    Instructs AWS WAF to count the web request and allow it. See count below for details.
    allow WebAclRuleActionAllow
    Instructs AWS WAF to allow the web request. See allow below for details.
    block WebAclRuleActionBlock
    Instructs AWS WAF to block the web request. See block below for details.
    captcha WebAclRuleActionCaptcha
    Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.
    challenge WebAclRuleActionChallenge
    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.
    count WebAclRuleActionCount
    Instructs AWS WAF to count the web request and allow it. See count below for details.
    allow WebAclRuleActionAllow
    Instructs AWS WAF to allow the web request. See allow below for details.
    block WebAclRuleActionBlock
    Instructs AWS WAF to block the web request. See block below for details.
    captcha WebAclRuleActionCaptcha
    Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.
    challenge WebAclRuleActionChallenge
    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.
    count WebAclRuleActionCount
    Instructs AWS WAF to count the web request and allow it. See count below for details.
    allow Property Map
    Instructs AWS WAF to allow the web request. See allow below for details.
    block Property Map
    Instructs AWS WAF to block the web request. See block below for details.
    captcha Property Map
    Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.
    challenge Property Map
    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.
    count Property Map
    Instructs AWS WAF to count the web request and allow it. See count below for details.

    WebAclRuleActionAllow, WebAclRuleActionAllowArgs

    CustomRequestHandling WebAclRuleActionAllowCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    CustomRequestHandling WebAclRuleActionAllowCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling WebAclRuleActionAllowCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling WebAclRuleActionAllowCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    custom_request_handling WebAclRuleActionAllowCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling Property Map
    Defines custom handling for the web request. See custom_request_handling below for details.

    WebAclRuleActionAllowCustomRequestHandling, WebAclRuleActionAllowCustomRequestHandlingArgs

    InsertHeaders List<WebAclRuleActionAllowCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    InsertHeaders []WebAclRuleActionAllowCustomRequestHandlingInsertHeader
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders List<WebAclRuleActionAllowCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders WebAclRuleActionAllowCustomRequestHandlingInsertHeader[]
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insert_headers Sequence[WebAclRuleActionAllowCustomRequestHandlingInsertHeader]
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders List<Property Map>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    WebAclRuleActionAllowCustomRequestHandlingInsertHeader, WebAclRuleActionAllowCustomRequestHandlingInsertHeaderArgs

    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.
    name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value string
    Value of the custom header.
    name str
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value str
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.

    WebAclRuleActionBlock, WebAclRuleActionBlockArgs

    CustomResponse WebAclRuleActionBlockCustomResponse
    Defines a custom response for the web request. See custom_response below for details.
    CustomResponse WebAclRuleActionBlockCustomResponse
    Defines a custom response for the web request. See custom_response below for details.
    customResponse WebAclRuleActionBlockCustomResponse
    Defines a custom response for the web request. See custom_response below for details.
    customResponse WebAclRuleActionBlockCustomResponse
    Defines a custom response for the web request. See custom_response below for details.
    custom_response WebAclRuleActionBlockCustomResponse
    Defines a custom response for the web request. See custom_response below for details.
    customResponse Property Map
    Defines a custom response for the web request. See custom_response below for details.

    WebAclRuleActionBlockCustomResponse, WebAclRuleActionBlockCustomResponseArgs

    ResponseCode int
    The HTTP status code to return to the client.
    CustomResponseBodyKey string
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    ResponseHeaders List<WebAclRuleActionBlockCustomResponseResponseHeader>
    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.
    ResponseCode int
    The HTTP status code to return to the client.
    CustomResponseBodyKey string
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    ResponseHeaders []WebAclRuleActionBlockCustomResponseResponseHeader
    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.
    responseCode Integer
    The HTTP status code to return to the client.
    customResponseBodyKey String
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    responseHeaders List<WebAclRuleActionBlockCustomResponseResponseHeader>
    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.
    responseCode number
    The HTTP status code to return to the client.
    customResponseBodyKey string
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    responseHeaders WebAclRuleActionBlockCustomResponseResponseHeader[]
    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.
    response_code int
    The HTTP status code to return to the client.
    custom_response_body_key str
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    response_headers Sequence[WebAclRuleActionBlockCustomResponseResponseHeader]
    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.
    responseCode Number
    The HTTP status code to return to the client.
    customResponseBodyKey String
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    responseHeaders List<Property Map>
    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    WebAclRuleActionBlockCustomResponseResponseHeader, WebAclRuleActionBlockCustomResponseResponseHeaderArgs

    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.
    name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value string
    Value of the custom header.
    name str
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value str
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.

    WebAclRuleActionCaptcha, WebAclRuleActionCaptchaArgs

    CustomRequestHandling WebAclRuleActionCaptchaCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    CustomRequestHandling WebAclRuleActionCaptchaCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling WebAclRuleActionCaptchaCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling WebAclRuleActionCaptchaCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    custom_request_handling WebAclRuleActionCaptchaCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling Property Map
    Defines custom handling for the web request. See custom_request_handling below for details.

    WebAclRuleActionCaptchaCustomRequestHandling, WebAclRuleActionCaptchaCustomRequestHandlingArgs

    InsertHeaders List<WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    InsertHeaders []WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders List<WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader[]
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insert_headers Sequence[WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader]
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders List<Property Map>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader, WebAclRuleActionCaptchaCustomRequestHandlingInsertHeaderArgs

    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.
    name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value string
    Value of the custom header.
    name str
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value str
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.

    WebAclRuleActionChallenge, WebAclRuleActionChallengeArgs

    CustomRequestHandling WebAclRuleActionChallengeCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    CustomRequestHandling WebAclRuleActionChallengeCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling WebAclRuleActionChallengeCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling WebAclRuleActionChallengeCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    custom_request_handling WebAclRuleActionChallengeCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling Property Map
    Defines custom handling for the web request. See custom_request_handling below for details.

    WebAclRuleActionChallengeCustomRequestHandling, WebAclRuleActionChallengeCustomRequestHandlingArgs

    InsertHeaders List<WebAclRuleActionChallengeCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    InsertHeaders []WebAclRuleActionChallengeCustomRequestHandlingInsertHeader
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders List<WebAclRuleActionChallengeCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders WebAclRuleActionChallengeCustomRequestHandlingInsertHeader[]
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insert_headers Sequence[WebAclRuleActionChallengeCustomRequestHandlingInsertHeader]
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders List<Property Map>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    WebAclRuleActionChallengeCustomRequestHandlingInsertHeader, WebAclRuleActionChallengeCustomRequestHandlingInsertHeaderArgs

    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.
    name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value string
    Value of the custom header.
    name str
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value str
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.

    WebAclRuleActionCount, WebAclRuleActionCountArgs

    CustomRequestHandling WebAclRuleActionCountCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    CustomRequestHandling WebAclRuleActionCountCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling WebAclRuleActionCountCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling WebAclRuleActionCountCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    custom_request_handling WebAclRuleActionCountCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling Property Map
    Defines custom handling for the web request. See custom_request_handling below for details.

    WebAclRuleActionCountCustomRequestHandling, WebAclRuleActionCountCustomRequestHandlingArgs

    InsertHeaders List<WebAclRuleActionCountCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    InsertHeaders []WebAclRuleActionCountCustomRequestHandlingInsertHeader
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders List<WebAclRuleActionCountCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders WebAclRuleActionCountCustomRequestHandlingInsertHeader[]
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insert_headers Sequence[WebAclRuleActionCountCustomRequestHandlingInsertHeader]
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders List<Property Map>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    WebAclRuleActionCountCustomRequestHandlingInsertHeader, WebAclRuleActionCountCustomRequestHandlingInsertHeaderArgs

    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.
    name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value string
    Value of the custom header.
    name str
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value str
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.

    WebAclRuleCaptchaConfig, WebAclRuleCaptchaConfigArgs

    ImmunityTimeProperty WebAclRuleCaptchaConfigImmunityTimeProperty
    Defines custom immunity time. See immunity_time_property below for details.
    ImmunityTimeProperty WebAclRuleCaptchaConfigImmunityTimeProperty
    Defines custom immunity time. See immunity_time_property below for details.
    immunityTimeProperty WebAclRuleCaptchaConfigImmunityTimeProperty
    Defines custom immunity time. See immunity_time_property below for details.
    immunityTimeProperty WebAclRuleCaptchaConfigImmunityTimeProperty
    Defines custom immunity time. See immunity_time_property below for details.
    immunity_time_property WebAclRuleCaptchaConfigImmunityTimeProperty
    Defines custom immunity time. See immunity_time_property below for details.
    immunityTimeProperty Property Map
    Defines custom immunity time. See immunity_time_property below for details.

    WebAclRuleCaptchaConfigImmunityTimeProperty, WebAclRuleCaptchaConfigImmunityTimePropertyArgs

    ImmunityTime int
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
    ImmunityTime int
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
    immunityTime Integer
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
    immunityTime number
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
    immunity_time int
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
    immunityTime Number
    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

    WebAclRuleOverrideAction, WebAclRuleOverrideActionArgs

    Count WebAclRuleOverrideActionCount
    Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.
    None WebAclRuleOverrideActionNone
    Don't override the rule action setting. Configured as an empty block {}.
    Count WebAclRuleOverrideActionCount
    Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.
    None WebAclRuleOverrideActionNone
    Don't override the rule action setting. Configured as an empty block {}.
    count WebAclRuleOverrideActionCount
    Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.
    none WebAclRuleOverrideActionNone
    Don't override the rule action setting. Configured as an empty block {}.
    count WebAclRuleOverrideActionCount
    Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.
    none WebAclRuleOverrideActionNone
    Don't override the rule action setting. Configured as an empty block {}.
    count WebAclRuleOverrideActionCount
    Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.
    none WebAclRuleOverrideActionNone
    Don't override the rule action setting. Configured as an empty block {}.
    count Property Map
    Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.
    none Property Map
    Don't override the rule action setting. Configured as an empty block {}.

    WebAclRuleRuleLabel, WebAclRuleRuleLabelArgs

    Name string
    Label string.
    Name string
    Label string.
    name String
    Label string.
    name string
    Label string.
    name str
    Label string.
    name String
    Label string.

    WebAclRuleStatement, WebAclRuleStatementArgs

    AndStatement WebAclRuleStatementAndStatement
    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
    ByteMatchStatement WebAclRuleStatementByteMatchStatement
    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
    GeoMatchStatement WebAclRuleStatementGeoMatchStatement
    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
    IpSetReferenceStatement WebAclRuleStatementIpSetReferenceStatement
    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
    LabelMatchStatement WebAclRuleStatementLabelMatchStatement
    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
    ManagedRuleGroupStatement WebAclRuleStatementManagedRuleGroupStatement
    Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See managed_rule_group_statement below for details.
    NotStatement WebAclRuleStatementNotStatement
    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
    OrStatement WebAclRuleStatementOrStatement
    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
    RateBasedStatement WebAclRuleStatementRateBasedStatement
    Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.
    RegexMatchStatement WebAclRuleStatementRegexMatchStatement
    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
    RegexPatternSetReferenceStatement WebAclRuleStatementRegexPatternSetReferenceStatement
    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
    RuleGroupReferenceStatement WebAclRuleStatementRuleGroupReferenceStatement
    Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See rule_group_reference_statement below for details.
    SizeConstraintStatement WebAclRuleStatementSizeConstraintStatement
    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
    SqliMatchStatement WebAclRuleStatementSqliMatchStatement
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
    XssMatchStatement WebAclRuleStatementXssMatchStatement
    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.
    AndStatement WebAclRuleStatementAndStatement
    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
    ByteMatchStatement WebAclRuleStatementByteMatchStatement
    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
    GeoMatchStatement WebAclRuleStatementGeoMatchStatement
    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
    IpSetReferenceStatement WebAclRuleStatementIpSetReferenceStatement
    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
    LabelMatchStatement WebAclRuleStatementLabelMatchStatement
    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
    ManagedRuleGroupStatement WebAclRuleStatementManagedRuleGroupStatement
    Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See managed_rule_group_statement below for details.
    NotStatement WebAclRuleStatementNotStatement
    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
    OrStatement WebAclRuleStatementOrStatement
    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
    RateBasedStatement WebAclRuleStatementRateBasedStatement
    Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.
    RegexMatchStatement WebAclRuleStatementRegexMatchStatement
    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
    RegexPatternSetReferenceStatement WebAclRuleStatementRegexPatternSetReferenceStatement
    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
    RuleGroupReferenceStatement WebAclRuleStatementRuleGroupReferenceStatement
    Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See rule_group_reference_statement below for details.
    SizeConstraintStatement WebAclRuleStatementSizeConstraintStatement
    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
    SqliMatchStatement WebAclRuleStatementSqliMatchStatement
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
    XssMatchStatement WebAclRuleStatementXssMatchStatement
    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.
    andStatement WebAclRuleStatementAndStatement
    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
    byteMatchStatement WebAclRuleStatementByteMatchStatement
    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
    geoMatchStatement WebAclRuleStatementGeoMatchStatement
    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
    ipSetReferenceStatement WebAclRuleStatementIpSetReferenceStatement
    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
    labelMatchStatement WebAclRuleStatementLabelMatchStatement
    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
    managedRuleGroupStatement WebAclRuleStatementManagedRuleGroupStatement
    Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See managed_rule_group_statement below for details.
    notStatement WebAclRuleStatementNotStatement
    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
    orStatement WebAclRuleStatementOrStatement
    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
    rateBasedStatement WebAclRuleStatementRateBasedStatement
    Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.
    regexMatchStatement WebAclRuleStatementRegexMatchStatement
    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
    regexPatternSetReferenceStatement WebAclRuleStatementRegexPatternSetReferenceStatement
    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
    ruleGroupReferenceStatement WebAclRuleStatementRuleGroupReferenceStatement
    Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See rule_group_reference_statement below for details.
    sizeConstraintStatement WebAclRuleStatementSizeConstraintStatement
    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
    sqliMatchStatement WebAclRuleStatementSqliMatchStatement
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
    xssMatchStatement WebAclRuleStatementXssMatchStatement
    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.
    andStatement WebAclRuleStatementAndStatement
    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
    byteMatchStatement WebAclRuleStatementByteMatchStatement
    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
    geoMatchStatement WebAclRuleStatementGeoMatchStatement
    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
    ipSetReferenceStatement WebAclRuleStatementIpSetReferenceStatement
    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
    labelMatchStatement WebAclRuleStatementLabelMatchStatement
    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
    managedRuleGroupStatement WebAclRuleStatementManagedRuleGroupStatement
    Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See managed_rule_group_statement below for details.
    notStatement WebAclRuleStatementNotStatement
    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
    orStatement WebAclRuleStatementOrStatement
    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
    rateBasedStatement WebAclRuleStatementRateBasedStatement
    Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.
    regexMatchStatement WebAclRuleStatementRegexMatchStatement
    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
    regexPatternSetReferenceStatement WebAclRuleStatementRegexPatternSetReferenceStatement
    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
    ruleGroupReferenceStatement WebAclRuleStatementRuleGroupReferenceStatement
    Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See rule_group_reference_statement below for details.
    sizeConstraintStatement WebAclRuleStatementSizeConstraintStatement
    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
    sqliMatchStatement WebAclRuleStatementSqliMatchStatement
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
    xssMatchStatement WebAclRuleStatementXssMatchStatement
    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.
    and_statement WebAclRuleStatementAndStatement
    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
    byte_match_statement WebAclRuleStatementByteMatchStatement
    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
    geo_match_statement WebAclRuleStatementGeoMatchStatement
    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
    ip_set_reference_statement WebAclRuleStatementIpSetReferenceStatement
    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
    label_match_statement WebAclRuleStatementLabelMatchStatement
    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
    managed_rule_group_statement WebAclRuleStatementManagedRuleGroupStatement
    Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See managed_rule_group_statement below for details.
    not_statement WebAclRuleStatementNotStatement
    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
    or_statement WebAclRuleStatementOrStatement
    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
    rate_based_statement WebAclRuleStatementRateBasedStatement
    Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.
    regex_match_statement WebAclRuleStatementRegexMatchStatement
    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
    regex_pattern_set_reference_statement WebAclRuleStatementRegexPatternSetReferenceStatement
    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
    rule_group_reference_statement WebAclRuleStatementRuleGroupReferenceStatement
    Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See rule_group_reference_statement below for details.
    size_constraint_statement WebAclRuleStatementSizeConstraintStatement
    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
    sqli_match_statement WebAclRuleStatementSqliMatchStatement
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
    xss_match_statement WebAclRuleStatementXssMatchStatement
    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.
    andStatement Property Map
    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
    byteMatchStatement Property Map
    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
    geoMatchStatement Property Map
    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
    ipSetReferenceStatement Property Map
    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
    labelMatchStatement Property Map
    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
    managedRuleGroupStatement Property Map
    Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See managed_rule_group_statement below for details.
    notStatement Property Map
    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
    orStatement Property Map
    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
    rateBasedStatement Property Map
    Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.
    regexMatchStatement Property Map
    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
    regexPatternSetReferenceStatement Property Map
    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
    ruleGroupReferenceStatement Property Map
    Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See rule_group_reference_statement below for details.
    sizeConstraintStatement Property Map
    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
    sqliMatchStatement Property Map
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
    xssMatchStatement Property Map
    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

    WebAclRuleStatementAndStatement, WebAclRuleStatementAndStatementArgs

    Statements List<WebAclRuleStatement>
    The statements to combine.
    Statements []WebAclRuleStatement
    The statements to combine.
    statements List<WebAclRuleStatement>
    The statements to combine.
    statements WebAclRuleStatement[]
    The statements to combine.
    statements Sequence[WebAclRuleStatement]
    The statements to combine.
    statements List<Property Map>
    The statements to combine.

    WebAclRuleStatementByteMatchStatement, WebAclRuleStatementByteMatchStatementArgs

    PositionalConstraint string
    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    SearchString string
    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    TextTransformations List<WebAclRuleStatementByteMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    FieldToMatch WebAclRuleStatementByteMatchStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    PositionalConstraint string
    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    SearchString string
    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    TextTransformations []WebAclRuleStatementByteMatchStatementTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    FieldToMatch WebAclRuleStatementByteMatchStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    positionalConstraint String
    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    searchString String
    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    textTransformations List<WebAclRuleStatementByteMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch WebAclRuleStatementByteMatchStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    positionalConstraint string
    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    searchString string
    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    textTransformations WebAclRuleStatementByteMatchStatementTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch WebAclRuleStatementByteMatchStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    positional_constraint str
    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    search_string str
    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    text_transformations Sequence[WebAclRuleStatementByteMatchStatementTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    field_to_match WebAclRuleStatementByteMatchStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    positionalConstraint String
    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    searchString String
    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch Property Map
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

    WebAclRuleStatementByteMatchStatementFieldToMatch, WebAclRuleStatementByteMatchStatementFieldToMatchArgs

    AllQueryArguments WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body WebAclRuleStatementByteMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    Cookies WebAclRuleStatementByteMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    HeaderOrders List<WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    Headers List<WebAclRuleStatementByteMatchStatementFieldToMatchHeader>
    Inspect the request headers. See headers below for details.
    Ja3Fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    JsonBody WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    Method WebAclRuleStatementByteMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString WebAclRuleStatementByteMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    SingleQueryArgument WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    UriPath WebAclRuleStatementByteMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    AllQueryArguments WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body WebAclRuleStatementByteMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    Cookies WebAclRuleStatementByteMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    HeaderOrders []WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    Headers []WebAclRuleStatementByteMatchStatementFieldToMatchHeader
    Inspect the request headers. See headers below for details.
    Ja3Fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    JsonBody WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    Method WebAclRuleStatementByteMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString WebAclRuleStatementByteMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    SingleQueryArgument WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    UriPath WebAclRuleStatementByteMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementByteMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementByteMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders List<WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers List<WebAclRuleStatementByteMatchStatementFieldToMatchHeader>
    Inspect the request headers. See headers below for details.
    ja3Fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementByteMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString WebAclRuleStatementByteMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    singleQueryArgument WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uriPath WebAclRuleStatementByteMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementByteMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementByteMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder[]
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers WebAclRuleStatementByteMatchStatementFieldToMatchHeader[]
    Inspect the request headers. See headers below for details.
    ja3Fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementByteMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString WebAclRuleStatementByteMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    singleQueryArgument WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uriPath WebAclRuleStatementByteMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    all_query_arguments WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementByteMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementByteMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    header_orders Sequence[WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder]
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers Sequence[WebAclRuleStatementByteMatchStatementFieldToMatchHeader]
    Inspect the request headers. See headers below for details.
    ja3_fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    json_body WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementByteMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    query_string WebAclRuleStatementByteMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    single_header WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    single_query_argument WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uri_path WebAclRuleStatementByteMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments Property Map
    Inspect all query arguments.
    body Property Map
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies Property Map
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders List<Property Map>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers List<Property Map>
    Inspect the request headers. See headers below for details.
    ja3Fingerprint Property Map
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody Property Map
    Inspect the request body as JSON. See json_body for details.
    method Property Map
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString Property Map
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader Property Map
    Inspect a single header. See single_header below for details.
    singleQueryArgument Property Map
    Inspect a single query argument. See single_query_argument below for details.
    uriPath Property Map
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    WebAclRuleStatementByteMatchStatementFieldToMatchBody, WebAclRuleStatementByteMatchStatementFieldToMatchBodyArgs

    OversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    OversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling String
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversize_handling str
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling String
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

    WebAclRuleStatementByteMatchStatementFieldToMatchCookies, WebAclRuleStatementByteMatchStatementFieldToMatchCookiesArgs

    MatchPatterns List<WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    MatchPatterns []WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns List<WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern[]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    match_patterns Sequence[WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    match_scope str
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversize_handling str
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns List<Property Map>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

    WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs

    All WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedCookies List<string>
    IncludedCookies List<string>
    All WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedCookies []string
    IncludedCookies []string
    all WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>
    all WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedCookies string[]
    includedCookies string[]
    all WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_cookies Sequence[str]
    included_cookies Sequence[str]
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>

    WebAclRuleStatementByteMatchStatementFieldToMatchHeader, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderArgs

    MatchPattern WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    MatchPattern WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    match_pattern WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    match_scope str
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern Property Map
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs

    All WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders List<string>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders List<string>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    All WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders []string
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders []string
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders string[]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders string[]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_headers Sequence[str]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    included_headers Sequence[str]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrderArgs

    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementByteMatchStatementFieldToMatchJa3FingerprintArgs

    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallback_behavior str
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

    WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody, WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyArgs

    MatchPattern WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    MatchPattern WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    match_pattern WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    match_scope str
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalid_fallback_behavior str
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversize_handling str
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern Property Map
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs

    All WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    IncludedPaths List<string>
    All WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    IncludedPaths []string
    all WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>
    all WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    includedPaths string[]
    all WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    included_paths Sequence[str]
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>

    WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeaderArgs

    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.

    WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs

    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.

    WebAclRuleStatementByteMatchStatementTextTransformation, WebAclRuleStatementByteMatchStatementTextTransformationArgs

    Priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    Transformation to apply, please refer to the Text Transformation documentation for more details.

    WebAclRuleStatementGeoMatchStatement, WebAclRuleStatementGeoMatchStatementArgs

    CountryCodes List<string>
    Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    ForwardedIpConfig WebAclRuleStatementGeoMatchStatementForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.
    CountryCodes []string
    Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    ForwardedIpConfig WebAclRuleStatementGeoMatchStatementForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.
    countryCodes List<String>
    Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    forwardedIpConfig WebAclRuleStatementGeoMatchStatementForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.
    countryCodes string[]
    Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    forwardedIpConfig WebAclRuleStatementGeoMatchStatementForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.
    country_codes Sequence[str]
    Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    forwarded_ip_config WebAclRuleStatementGeoMatchStatementForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.
    countryCodes List<String>
    Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    forwardedIpConfig Property Map
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

    WebAclRuleStatementGeoMatchStatementForwardedIpConfig, WebAclRuleStatementGeoMatchStatementForwardedIpConfigArgs

    FallbackBehavior string
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    HeaderName string
    Name of the HTTP header to use for the IP address.
    FallbackBehavior string
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    HeaderName string
    Name of the HTTP header to use for the IP address.
    fallbackBehavior String
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName String
    Name of the HTTP header to use for the IP address.
    fallbackBehavior string
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName string
    Name of the HTTP header to use for the IP address.
    fallback_behavior str
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    header_name str
    Name of the HTTP header to use for the IP address.
    fallbackBehavior String
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName String
    Name of the HTTP header to use for the IP address.

    WebAclRuleStatementIpSetReferenceStatement, WebAclRuleStatementIpSetReferenceStatementArgs

    Arn string
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    IpSetForwardedIpConfig WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.
    Arn string
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    IpSetForwardedIpConfig WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.
    arn String
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    ipSetForwardedIpConfig WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.
    arn string
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    ipSetForwardedIpConfig WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.
    arn str
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    ip_set_forwarded_ip_config WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.
    arn String
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    ipSetForwardedIpConfig Property Map
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

    WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig, WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs

    FallbackBehavior string
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    HeaderName string
    Name of the HTTP header to use for the IP address.
    Position string
    Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
    FallbackBehavior string
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    HeaderName string
    Name of the HTTP header to use for the IP address.
    Position string
    Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
    fallbackBehavior String
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName String
    Name of the HTTP header to use for the IP address.
    position String
    Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
    fallbackBehavior string
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName string
    Name of the HTTP header to use for the IP address.
    position string
    Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
    fallback_behavior str
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    header_name str
    Name of the HTTP header to use for the IP address.
    position str
    Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
    fallbackBehavior String
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName String
    Name of the HTTP header to use for the IP address.
    position String
    Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

    WebAclRuleStatementLabelMatchStatement, WebAclRuleStatementLabelMatchStatementArgs

    Key string
    String to match against.
    Scope string
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.
    Key string
    String to match against.
    Scope string
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.
    key String
    String to match against.
    scope String
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.
    key string
    String to match against.
    scope string
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.
    key str
    String to match against.
    scope str
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.
    key String
    String to match against.
    scope String
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

    WebAclRuleStatementManagedRuleGroupStatement, WebAclRuleStatementManagedRuleGroupStatementArgs

    Name string
    Name of the managed rule group.
    VendorName string
    Name of the managed rule group vendor.
    ManagedRuleGroupConfigs List<WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig>
    Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See managed_rule_group_configs for more details
    RuleActionOverrides List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride>
    Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See rule_action_override below for details.
    ScopeDownStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement
    Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details.
    Version string
    Version of the managed rule group. You can set Version_1.0 or Version_1.1 etc. If you want to use the default version, do not set anything.
    Name string
    Name of the managed rule group.
    VendorName string
    Name of the managed rule group vendor.
    ManagedRuleGroupConfigs []WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig
    Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See managed_rule_group_configs for more details
    RuleActionOverrides []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride
    Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See rule_action_override below for details.
    ScopeDownStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement
    Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details.
    Version string
    Version of the managed rule group. You can set Version_1.0 or Version_1.1 etc. If you want to use the default version, do not set anything.
    name String
    Name of the managed rule group.
    vendorName String
    Name of the managed rule group vendor.
    managedRuleGroupConfigs List<WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig>
    Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See managed_rule_group_configs for more details
    ruleActionOverrides List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride>
    Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See rule_action_override below for details.
    scopeDownStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement
    Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details.
    version String
    Version of the managed rule group. You can set Version_1.0 or Version_1.1 etc. If you want to use the default version, do not set anything.
    name string
    Name of the managed rule group.
    vendorName string
    Name of the managed rule group vendor.
    managedRuleGroupConfigs WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig[]
    Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See managed_rule_group_configs for more details
    ruleActionOverrides WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride[]
    Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See rule_action_override below for details.
    scopeDownStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement
    Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details.
    version string
    Version of the managed rule group. You can set Version_1.0 or Version_1.1 etc. If you want to use the default version, do not set anything.
    name str
    Name of the managed rule group.
    vendor_name str
    Name of the managed rule group vendor.
    managed_rule_group_configs Sequence[WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig]
    Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See managed_rule_group_configs for more details
    rule_action_overrides Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride]
    Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See rule_action_override below for details.
    scope_down_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement
    Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details.
    version str
    Version of the managed rule group. You can set Version_1.0 or Version_1.1 etc. If you want to use the default version, do not set anything.
    name String
    Name of the managed rule group.
    vendorName String
    Name of the managed rule group vendor.
    managedRuleGroupConfigs List<Property Map>
    Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See managed_rule_group_configs for more details
    ruleActionOverrides List<Property Map>
    Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See rule_action_override below for details.
    scopeDownStatement Property Map
    Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details.
    version String
    Version of the managed rule group. You can set Version_1.0 or Version_1.1 etc. If you want to use the default version, do not set anything.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs

    AwsManagedRulesAcfpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet
    Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client.
    AwsManagedRulesAtpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet
    Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.
    AwsManagedRulesBotControlRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet
    Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See aws_managed_rules_bot_control_rule_set for more details
    LoginPath string
    The path of the login endpoint for your application.
    PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField
    Details about your login page password field. See password_field for more details.
    PayloadType string
    The payload type for your login endpoint, either JSON or form encoded.
    UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField
    Details about your login page username field. See username_field for more details.
    AwsManagedRulesAcfpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet
    Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client.
    AwsManagedRulesAtpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet
    Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.
    AwsManagedRulesBotControlRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet
    Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See aws_managed_rules_bot_control_rule_set for more details
    LoginPath string
    The path of the login endpoint for your application.
    PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField
    Details about your login page password field. See password_field for more details.
    PayloadType string
    The payload type for your login endpoint, either JSON or form encoded.
    UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField
    Details about your login page username field. See username_field for more details.
    awsManagedRulesAcfpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet
    Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client.
    awsManagedRulesAtpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet
    Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.
    awsManagedRulesBotControlRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet
    Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See aws_managed_rules_bot_control_rule_set for more details
    loginPath String
    The path of the login endpoint for your application.
    passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField
    Details about your login page password field. See password_field for more details.
    payloadType String
    The payload type for your login endpoint, either JSON or form encoded.
    usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField
    Details about your login page username field. See username_field for more details.
    awsManagedRulesAcfpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet
    Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client.
    awsManagedRulesAtpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet
    Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.
    awsManagedRulesBotControlRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet
    Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See aws_managed_rules_bot_control_rule_set for more details
    loginPath string
    The path of the login endpoint for your application.
    passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField
    Details about your login page password field. See password_field for more details.
    payloadType string
    The payload type for your login endpoint, either JSON or form encoded.
    usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField
    Details about your login page username field. See username_field for more details.
    aws_managed_rules_acfp_rule_set WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet
    Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client.
    aws_managed_rules_atp_rule_set WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet
    Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.
    aws_managed_rules_bot_control_rule_set WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet
    Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See aws_managed_rules_bot_control_rule_set for more details
    login_path str
    The path of the login endpoint for your application.
    password_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField
    Details about your login page password field. See password_field for more details.
    payload_type str
    The payload type for your login endpoint, either JSON or form encoded.
    username_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField
    Details about your login page username field. See username_field for more details.
    awsManagedRulesAcfpRuleSet Property Map
    Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client.
    awsManagedRulesAtpRuleSet Property Map
    Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.
    awsManagedRulesBotControlRuleSet Property Map
    Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See aws_managed_rules_bot_control_rule_set for more details
    loginPath String
    The path of the login endpoint for your application.
    passwordField Property Map
    Details about your login page password field. See password_field for more details.
    payloadType String
    The payload type for your login endpoint, either JSON or form encoded.
    usernameField Property Map
    Details about your login page username field. See username_field for more details.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetArgs

    CreationPath string
    The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
    RegistrationPagePath string
    The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
    RequestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection
    The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
    EnableRegexInPath bool
    Whether or not to allow the use of regular expressions in the login page path.
    ResponseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection
    The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.
    CreationPath string
    The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
    RegistrationPagePath string
    The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
    RequestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection
    The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
    EnableRegexInPath bool
    Whether or not to allow the use of regular expressions in the login page path.
    ResponseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection
    The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.
    creationPath String
    The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
    registrationPagePath String
    The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
    requestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection
    The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
    enableRegexInPath Boolean
    Whether or not to allow the use of regular expressions in the login page path.
    responseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection
    The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.
    creationPath string
    The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
    registrationPagePath string
    The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
    requestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection
    The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
    enableRegexInPath boolean
    Whether or not to allow the use of regular expressions in the login page path.
    responseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection
    The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.
    creation_path str
    The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
    registration_page_path str
    The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
    request_inspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection
    The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
    enable_regex_in_path bool
    Whether or not to allow the use of regular expressions in the login page path.
    response_inspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection
    The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.
    creationPath String
    The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
    registrationPagePath String
    The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
    requestInspection Property Map
    The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
    enableRegexInPath Boolean
    Whether or not to allow the use of regular expressions in the login page path.
    responseInspection Property Map
    The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionArgs

    PayloadType string
    The payload type for your login endpoint, either JSON or form encoded.
    AddressFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields
    The names of the fields in the request payload that contain your customer's primary physical address. See address_fields for more details.
    EmailField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField
    The name of the field in the request payload that contains your customer's email. See email_field for more details.
    PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField
    Details about your login page password field. See password_field for more details.
    PhoneNumberFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields
    The names of the fields in the request payload that contain your customer's primary phone number. See phone_number_fields for more details.
    UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField
    Details about your login page username field. See username_field for more details.
    PayloadType string
    The payload type for your login endpoint, either JSON or form encoded.
    AddressFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields
    The names of the fields in the request payload that contain your customer's primary physical address. See address_fields for more details.
    EmailField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField
    The name of the field in the request payload that contains your customer's email. See email_field for more details.
    PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField
    Details about your login page password field. See password_field for more details.
    PhoneNumberFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields
    The names of the fields in the request payload that contain your customer's primary phone number. See phone_number_fields for more details.
    UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField
    Details about your login page username field. See username_field for more details.
    payloadType String
    The payload type for your login endpoint, either JSON or form encoded.
    addressFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields
    The names of the fields in the request payload that contain your customer's primary physical address. See address_fields for more details.
    emailField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField
    The name of the field in the request payload that contains your customer's email. See email_field for more details.
    passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField
    Details about your login page password field. See password_field for more details.
    phoneNumberFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields
    The names of the fields in the request payload that contain your customer's primary phone number. See phone_number_fields for more details.
    usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField
    Details about your login page username field. See username_field for more details.
    payloadType string
    The payload type for your login endpoint, either JSON or form encoded.
    addressFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields
    The names of the fields in the request payload that contain your customer's primary physical address. See address_fields for more details.
    emailField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField
    The name of the field in the request payload that contains your customer's email. See email_field for more details.
    passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField
    Details about your login page password field. See password_field for more details.
    phoneNumberFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields
    The names of the fields in the request payload that contain your customer's primary phone number. See phone_number_fields for more details.
    usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField
    Details about your login page username field. See username_field for more details.
    payload_type str
    The payload type for your login endpoint, either JSON or form encoded.
    address_fields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields
    The names of the fields in the request payload that contain your customer's primary physical address. See address_fields for more details.
    email_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField
    The name of the field in the request payload that contains your customer's email. See email_field for more details.
    password_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField
    Details about your login page password field. See password_field for more details.
    phone_number_fields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields
    The names of the fields in the request payload that contain your customer's primary phone number. See phone_number_fields for more details.
    username_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField
    Details about your login page username field. See username_field for more details.
    payloadType String
    The payload type for your login endpoint, either JSON or form encoded.
    addressFields Property Map
    The names of the fields in the request payload that contain your customer's primary physical address. See address_fields for more details.
    emailField Property Map
    The name of the field in the request payload that contains your customer's email. See email_field for more details.
    passwordField Property Map
    Details about your login page password field. See password_field for more details.
    phoneNumberFields Property Map
    The names of the fields in the request payload that contain your customer's primary phone number. See phone_number_fields for more details.
    usernameField Property Map
    Details about your login page username field. See username_field for more details.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFieldsArgs

    Identifiers List<string>
    Identifiers []string
    identifiers List<String>
    identifiers string[]
    identifiers Sequence[str]
    identifiers List<String>

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailFieldArgs

    Identifier string
    The name of the field in the request payload that contains your customer's email.
    Identifier string
    The name of the field in the request payload that contains your customer's email.
    identifier String
    The name of the field in the request payload that contains your customer's email.
    identifier string
    The name of the field in the request payload that contains your customer's email.
    identifier str
    The name of the field in the request payload that contains your customer's email.
    identifier String
    The name of the field in the request payload that contains your customer's email.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordFieldArgs

    Identifier string
    The name of the password field.
    Identifier string
    The name of the password field.
    identifier String
    The name of the password field.
    identifier string
    The name of the password field.
    identifier str
    The name of the password field.
    identifier String
    The name of the password field.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFieldsArgs

    Identifiers List<string>
    Identifiers []string
    identifiers List<String>
    identifiers string[]
    identifiers Sequence[str]
    identifiers List<String>

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameFieldArgs

    Identifier string
    The name of the username field.
    Identifier string
    The name of the username field.
    identifier String
    The name of the username field.
    identifier string
    The name of the username field.
    identifier str
    The name of the username field.
    identifier String
    The name of the username field.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionArgs

    BodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains
    Configures inspection of the response body. See body_contains for more details.
    Header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader
    Configures inspection of the response header.See header for more details.
    Json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson
    Configures inspection of the response JSON. See json for more details.
    StatusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode
    Configures inspection of the response status code.See status_code for more details.
    BodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains
    Configures inspection of the response body. See body_contains for more details.
    Header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader
    Configures inspection of the response header.See header for more details.
    Json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson
    Configures inspection of the response JSON. See json for more details.
    StatusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode
    Configures inspection of the response status code.See status_code for more details.
    bodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains
    Configures inspection of the response body. See body_contains for more details.
    header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader
    Configures inspection of the response header.See header for more details.
    json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson
    Configures inspection of the response JSON. See json for more details.
    statusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode
    Configures inspection of the response status code.See status_code for more details.
    bodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains
    Configures inspection of the response body. See body_contains for more details.
    header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader
    Configures inspection of the response header.See header for more details.
    json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson
    Configures inspection of the response JSON. See json for more details.
    statusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode
    Configures inspection of the response status code.See status_code for more details.
    body_contains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains
    Configures inspection of the response body. See body_contains for more details.
    header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader
    Configures inspection of the response header.See header for more details.
    json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson
    Configures inspection of the response JSON. See json for more details.
    status_code WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode
    Configures inspection of the response status code.See status_code for more details.
    bodyContains Property Map
    Configures inspection of the response body. See body_contains for more details.
    header Property Map
    Configures inspection of the response header.See header for more details.
    json Property Map
    Configures inspection of the response JSON. See json for more details.
    statusCode Property Map
    Configures inspection of the response status code.See status_code for more details.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContainsArgs

    FailureStrings List<string>
    Strings in the body of the response that indicate a failed login attempt.
    SuccessStrings List<string>
    Strings in the body of the response that indicate a successful login attempt.
    FailureStrings []string
    Strings in the body of the response that indicate a failed login attempt.
    SuccessStrings []string
    Strings in the body of the response that indicate a successful login attempt.
    failureStrings List<String>
    Strings in the body of the response that indicate a failed login attempt.
    successStrings List<String>
    Strings in the body of the response that indicate a successful login attempt.
    failureStrings string[]
    Strings in the body of the response that indicate a failed login attempt.
    successStrings string[]
    Strings in the body of the response that indicate a successful login attempt.
    failure_strings Sequence[str]
    Strings in the body of the response that indicate a failed login attempt.
    success_strings Sequence[str]
    Strings in the body of the response that indicate a successful login attempt.
    failureStrings List<String>
    Strings in the body of the response that indicate a failed login attempt.
    successStrings List<String>
    Strings in the body of the response that indicate a successful login attempt.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeaderArgs

    FailureValues List<string>
    Values in the response header with the specified name that indicate a failed login attempt.
    Name string
    The name of the header to use.
    SuccessValues List<string>
    Values in the response header with the specified name that indicate a successful login attempt.
    FailureValues []string
    Values in the response header with the specified name that indicate a failed login attempt.
    Name string
    The name of the header to use.
    SuccessValues []string
    Values in the response header with the specified name that indicate a successful login attempt.
    failureValues List<String>
    Values in the response header with the specified name that indicate a failed login attempt.
    name String
    The name of the header to use.
    successValues List<String>
    Values in the response header with the specified name that indicate a successful login attempt.
    failureValues string[]
    Values in the response header with the specified name that indicate a failed login attempt.
    name string
    The name of the header to use.
    successValues string[]
    Values in the response header with the specified name that indicate a successful login attempt.
    failure_values Sequence[str]
    Values in the response header with the specified name that indicate a failed login attempt.
    name str
    The name of the header to use.
    success_values Sequence[str]
    Values in the response header with the specified name that indicate a successful login attempt.
    failureValues List<String>
    Values in the response header with the specified name that indicate a failed login attempt.
    name String
    The name of the header to use.
    successValues List<String>
    Values in the response header with the specified name that indicate a successful login attempt.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJsonArgs

    FailureValues List<string>
    Values in the response header with the specified name that indicate a failed login attempt.
    Identifier string
    The identifier for the value to match against in the JSON.
    SuccessValues List<string>
    Values in the response header with the specified name that indicate a successful login attempt.
    FailureValues []string
    Values in the response header with the specified name that indicate a failed login attempt.
    Identifier string
    The identifier for the value to match against in the JSON.
    SuccessValues []string
    Values in the response header with the specified name that indicate a successful login attempt.
    failureValues List<String>
    Values in the response header with the specified name that indicate a failed login attempt.
    identifier String
    The identifier for the value to match against in the JSON.
    successValues List<String>
    Values in the response header with the specified name that indicate a successful login attempt.
    failureValues string[]
    Values in the response header with the specified name that indicate a failed login attempt.
    identifier string
    The identifier for the value to match against in the JSON.
    successValues string[]
    Values in the response header with the specified name that indicate a successful login attempt.
    failure_values Sequence[str]
    Values in the response header with the specified name that indicate a failed login attempt.
    identifier str
    The identifier for the value to match against in the JSON.
    success_values Sequence[str]
    Values in the response header with the specified name that indicate a successful login attempt.
    failureValues List<String>
    Values in the response header with the specified name that indicate a failed login attempt.
    identifier String
    The identifier for the value to match against in the JSON.
    successValues List<String>
    Values in the response header with the specified name that indicate a successful login attempt.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCodeArgs

    FailureCodes List<int>
    Status codes in the response that indicate a failed login attempt.
    SuccessCodes List<int>
    Status codes in the response that indicate a successful login attempt.
    FailureCodes []int
    Status codes in the response that indicate a failed login attempt.
    SuccessCodes []int
    Status codes in the response that indicate a successful login attempt.
    failureCodes List<Integer>
    Status codes in the response that indicate a failed login attempt.
    successCodes List<Integer>
    Status codes in the response that indicate a successful login attempt.
    failureCodes number[]
    Status codes in the response that indicate a failed login attempt.
    successCodes number[]
    Status codes in the response that indicate a successful login attempt.
    failure_codes Sequence[int]
    Status codes in the response that indicate a failed login attempt.
    success_codes Sequence[int]
    Status codes in the response that indicate a successful login attempt.
    failureCodes List<Number>
    Status codes in the response that indicate a failed login attempt.
    successCodes List<Number>
    Status codes in the response that indicate a successful login attempt.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetArgs

    LoginPath string
    The path of the login endpoint for your application.
    EnableRegexInPath bool
    Whether or not to allow the use of regular expressions in the login page path.
    RequestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection
    The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
    ResponseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection
    The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.
    LoginPath string
    The path of the login endpoint for your application.
    EnableRegexInPath bool
    Whether or not to allow the use of regular expressions in the login page path.
    RequestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection
    The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
    ResponseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection
    The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.
    loginPath String
    The path of the login endpoint for your application.
    enableRegexInPath Boolean
    Whether or not to allow the use of regular expressions in the login page path.
    requestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection
    The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
    responseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection
    The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.
    loginPath string
    The path of the login endpoint for your application.
    enableRegexInPath boolean
    Whether or not to allow the use of regular expressions in the login page path.
    requestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection
    The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
    responseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection
    The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.
    login_path str
    The path of the login endpoint for your application.
    enable_regex_in_path bool
    Whether or not to allow the use of regular expressions in the login page path.
    request_inspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection
    The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
    response_inspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection
    The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.
    loginPath String
    The path of the login endpoint for your application.
    enableRegexInPath Boolean
    Whether or not to allow the use of regular expressions in the login page path.
    requestInspection Property Map
    The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
    responseInspection Property Map
    The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionArgs

    PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField
    Details about your login page password field. See password_field for more details.
    PayloadType string
    The payload type for your login endpoint, either JSON or form encoded.
    UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField
    Details about your login page username field. See username_field for more details.
    PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField
    Details about your login page password field. See password_field for more details.
    PayloadType string
    The payload type for your login endpoint, either JSON or form encoded.
    UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField
    Details about your login page username field. See username_field for more details.
    passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField
    Details about your login page password field. See password_field for more details.
    payloadType String
    The payload type for your login endpoint, either JSON or form encoded.
    usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField
    Details about your login page username field. See username_field for more details.
    passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField
    Details about your login page password field. See password_field for more details.
    payloadType string
    The payload type for your login endpoint, either JSON or form encoded.
    usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField
    Details about your login page username field. See username_field for more details.
    password_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField
    Details about your login page password field. See password_field for more details.
    payload_type str
    The payload type for your login endpoint, either JSON or form encoded.
    username_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField
    Details about your login page username field. See username_field for more details.
    passwordField Property Map
    Details about your login page password field. See password_field for more details.
    payloadType String
    The payload type for your login endpoint, either JSON or form encoded.
    usernameField Property Map
    Details about your login page username field. See username_field for more details.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordFieldArgs

    Identifier string
    The name of the password field.
    Identifier string
    The name of the password field.
    identifier String
    The name of the password field.
    identifier string
    The name of the password field.
    identifier str
    The name of the password field.
    identifier String
    The name of the password field.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameFieldArgs

    Identifier string
    The name of the username field.
    Identifier string
    The name of the username field.
    identifier String
    The name of the username field.
    identifier string
    The name of the username field.
    identifier str
    The name of the username field.
    identifier String
    The name of the username field.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionArgs

    BodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains
    Configures inspection of the response body. See body_contains for more details.
    Header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader
    Configures inspection of the response header.See header for more details.
    Json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson
    Configures inspection of the response JSON. See json for more details.
    StatusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode
    Configures inspection of the response status code.See status_code for more details.
    BodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains
    Configures inspection of the response body. See body_contains for more details.
    Header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader
    Configures inspection of the response header.See header for more details.
    Json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson
    Configures inspection of the response JSON. See json for more details.
    StatusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode
    Configures inspection of the response status code.See status_code for more details.
    bodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains
    Configures inspection of the response body. See body_contains for more details.
    header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader
    Configures inspection of the response header.See header for more details.
    json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson
    Configures inspection of the response JSON. See json for more details.
    statusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode
    Configures inspection of the response status code.See status_code for more details.
    bodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains
    Configures inspection of the response body. See body_contains for more details.
    header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader
    Configures inspection of the response header.See header for more details.
    json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson
    Configures inspection of the response JSON. See json for more details.
    statusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode
    Configures inspection of the response status code.See status_code for more details.
    body_contains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains
    Configures inspection of the response body. See body_contains for more details.
    header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader
    Configures inspection of the response header.See header for more details.
    json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson
    Configures inspection of the response JSON. See json for more details.
    status_code WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode
    Configures inspection of the response status code.See status_code for more details.
    bodyContains Property Map
    Configures inspection of the response body. See body_contains for more details.
    header Property Map
    Configures inspection of the response header.See header for more details.
    json Property Map
    Configures inspection of the response JSON. See json for more details.
    statusCode Property Map
    Configures inspection of the response status code.See status_code for more details.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContainsArgs

    FailureStrings List<string>
    Strings in the body of the response that indicate a failed login attempt.
    SuccessStrings List<string>
    Strings in the body of the response that indicate a successful login attempt.
    FailureStrings []string
    Strings in the body of the response that indicate a failed login attempt.
    SuccessStrings []string
    Strings in the body of the response that indicate a successful login attempt.
    failureStrings List<String>
    Strings in the body of the response that indicate a failed login attempt.
    successStrings List<String>
    Strings in the body of the response that indicate a successful login attempt.
    failureStrings string[]
    Strings in the body of the response that indicate a failed login attempt.
    successStrings string[]
    Strings in the body of the response that indicate a successful login attempt.
    failure_strings Sequence[str]
    Strings in the body of the response that indicate a failed login attempt.
    success_strings Sequence[str]
    Strings in the body of the response that indicate a successful login attempt.
    failureStrings List<String>
    Strings in the body of the response that indicate a failed login attempt.
    successStrings List<String>
    Strings in the body of the response that indicate a successful login attempt.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeaderArgs

    FailureValues List<string>
    Values in the response header with the specified name that indicate a failed login attempt.
    Name string
    The name of the header to use.
    SuccessValues List<string>
    Values in the response header with the specified name that indicate a successful login attempt.
    FailureValues []string
    Values in the response header with the specified name that indicate a failed login attempt.
    Name string
    The name of the header to use.
    SuccessValues []string
    Values in the response header with the specified name that indicate a successful login attempt.
    failureValues List<String>
    Values in the response header with the specified name that indicate a failed login attempt.
    name String
    The name of the header to use.
    successValues List<String>
    Values in the response header with the specified name that indicate a successful login attempt.
    failureValues string[]
    Values in the response header with the specified name that indicate a failed login attempt.
    name string
    The name of the header to use.
    successValues string[]
    Values in the response header with the specified name that indicate a successful login attempt.
    failure_values Sequence[str]
    Values in the response header with the specified name that indicate a failed login attempt.
    name str
    The name of the header to use.
    success_values Sequence[str]
    Values in the response header with the specified name that indicate a successful login attempt.
    failureValues List<String>
    Values in the response header with the specified name that indicate a failed login attempt.
    name String
    The name of the header to use.
    successValues List<String>
    Values in the response header with the specified name that indicate a successful login attempt.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJsonArgs

    FailureValues List<string>
    Values in the response header with the specified name that indicate a failed login attempt.
    Identifier string
    The identifier for the value to match against in the JSON.
    SuccessValues List<string>
    Values in the response header with the specified name that indicate a successful login attempt.
    FailureValues []string
    Values in the response header with the specified name that indicate a failed login attempt.
    Identifier string
    The identifier for the value to match against in the JSON.
    SuccessValues []string
    Values in the response header with the specified name that indicate a successful login attempt.
    failureValues List<String>
    Values in the response header with the specified name that indicate a failed login attempt.
    identifier String
    The identifier for the value to match against in the JSON.
    successValues List<String>
    Values in the response header with the specified name that indicate a successful login attempt.
    failureValues string[]
    Values in the response header with the specified name that indicate a failed login attempt.
    identifier string
    The identifier for the value to match against in the JSON.
    successValues string[]
    Values in the response header with the specified name that indicate a successful login attempt.
    failure_values Sequence[str]
    Values in the response header with the specified name that indicate a failed login attempt.
    identifier str
    The identifier for the value to match against in the JSON.
    success_values Sequence[str]
    Values in the response header with the specified name that indicate a successful login attempt.
    failureValues List<String>
    Values in the response header with the specified name that indicate a failed login attempt.
    identifier String
    The identifier for the value to match against in the JSON.
    successValues List<String>
    Values in the response header with the specified name that indicate a successful login attempt.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCodeArgs

    FailureCodes List<int>
    Status codes in the response that indicate a failed login attempt.
    SuccessCodes List<int>
    Status codes in the response that indicate a successful login attempt.
    FailureCodes []int
    Status codes in the response that indicate a failed login attempt.
    SuccessCodes []int
    Status codes in the response that indicate a successful login attempt.
    failureCodes List<Integer>
    Status codes in the response that indicate a failed login attempt.
    successCodes List<Integer>
    Status codes in the response that indicate a successful login attempt.
    failureCodes number[]
    Status codes in the response that indicate a failed login attempt.
    successCodes number[]
    Status codes in the response that indicate a successful login attempt.
    failure_codes Sequence[int]
    Status codes in the response that indicate a failed login attempt.
    success_codes Sequence[int]
    Status codes in the response that indicate a successful login attempt.
    failureCodes List<Number>
    Status codes in the response that indicate a failed login attempt.
    successCodes List<Number>
    Status codes in the response that indicate a successful login attempt.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSetArgs

    InspectionLevel string
    The inspection level to use for the Bot Control rule group.
    EnableMachineLearning bool
    Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to true.
    InspectionLevel string
    The inspection level to use for the Bot Control rule group.
    EnableMachineLearning bool
    Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to true.
    inspectionLevel String
    The inspection level to use for the Bot Control rule group.
    enableMachineLearning Boolean
    Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to true.
    inspectionLevel string
    The inspection level to use for the Bot Control rule group.
    enableMachineLearning boolean
    Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to true.
    inspection_level str
    The inspection level to use for the Bot Control rule group.
    enable_machine_learning bool
    Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to true.
    inspectionLevel String
    The inspection level to use for the Bot Control rule group.
    enableMachineLearning Boolean
    Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to true.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordFieldArgs

    Identifier string
    The name of the password field.
    Identifier string
    The name of the password field.
    identifier String
    The name of the password field.
    identifier string
    The name of the password field.
    identifier str
    The name of the password field.
    identifier String
    The name of the password field.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameFieldArgs

    Identifier string
    The name of the username field.
    Identifier string
    The name of the username field.
    identifier String
    The name of the username field.
    identifier string
    The name of the username field.
    identifier str
    The name of the username field.
    identifier String
    The name of the username field.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideArgs

    ActionToUse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse
    Override action to use, in place of the configured action of the rule in the rule group. See action for details.
    Name string
    Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.
    ActionToUse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse
    Override action to use, in place of the configured action of the rule in the rule group. See action for details.
    Name string
    Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.
    actionToUse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse
    Override action to use, in place of the configured action of the rule in the rule group. See action for details.
    name String
    Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.
    actionToUse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse
    Override action to use, in place of the configured action of the rule in the rule group. See action for details.
    name string
    Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.
    action_to_use WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse
    Override action to use, in place of the configured action of the rule in the rule group. See action for details.
    name str
    Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.
    actionToUse Property Map
    Override action to use, in place of the configured action of the rule in the rule group. See action for details.
    name String
    Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseArgs

    allow Property Map
    block Property Map
    captcha Property Map
    Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.
    challenge Property Map
    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.
    count Property Map

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowArgs

    CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    custom_request_handling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling Property Map
    Defines custom handling for the web request. See custom_request_handling below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs

    InsertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    InsertHeaders []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader[]
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insert_headers Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader]
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders List<Property Map>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs

    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.
    name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value string
    Value of the custom header.
    name str
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value str
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockArgs

    CustomResponse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse
    Defines a custom response for the web request. See custom_response below for details.
    CustomResponse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse
    Defines a custom response for the web request. See custom_response below for details.
    customResponse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse
    Defines a custom response for the web request. See custom_response below for details.
    customResponse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse
    Defines a custom response for the web request. See custom_response below for details.
    custom_response WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse
    Defines a custom response for the web request. See custom_response below for details.
    customResponse Property Map
    Defines a custom response for the web request. See custom_response below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseArgs

    ResponseCode int
    The HTTP status code to return to the client.
    CustomResponseBodyKey string
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    ResponseHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader>
    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.
    ResponseCode int
    The HTTP status code to return to the client.
    CustomResponseBodyKey string
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    ResponseHeaders []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader
    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.
    responseCode Integer
    The HTTP status code to return to the client.
    customResponseBodyKey String
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    responseHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader>
    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.
    responseCode number
    The HTTP status code to return to the client.
    customResponseBodyKey string
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    responseHeaders WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader[]
    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.
    response_code int
    The HTTP status code to return to the client.
    custom_response_body_key str
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    response_headers Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader]
    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.
    responseCode Number
    The HTTP status code to return to the client.
    customResponseBodyKey String
    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
    responseHeaders List<Property Map>
    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs

    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.
    name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value string
    Value of the custom header.
    name str
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value str
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaArgs

    CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    custom_request_handling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling Property Map
    Defines custom handling for the web request. See custom_request_handling below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs

    InsertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    InsertHeaders []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader[]
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insert_headers Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader]
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders List<Property Map>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs

    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.
    name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value string
    Value of the custom header.
    name str
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value str
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeArgs

    CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    custom_request_handling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling Property Map
    Defines custom handling for the web request. See custom_request_handling below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs

    InsertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    InsertHeaders []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader[]
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insert_headers Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader]
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders List<Property Map>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs

    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.
    name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value string
    Value of the custom header.
    name str
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value str
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountArgs

    CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    custom_request_handling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling
    Defines custom handling for the web request. See custom_request_handling below for details.
    customRequestHandling Property Map
    Defines custom handling for the web request. See custom_request_handling below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingArgs

    InsertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    InsertHeaders []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader[]
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insert_headers Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader]
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.
    insertHeaders List<Property Map>
    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs

    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    Name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    Value string
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.
    name string
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value string
    Value of the custom header.
    name str
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value str
    Value of the custom header.
    name String
    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
    value String
    Value of the custom header.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementArgs

    AndStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement
    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
    ByteMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement
    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
    GeoMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement
    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
    IpSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement
    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
    LabelMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement
    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
    NotStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement
    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
    OrStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement
    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
    RegexMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement
    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
    RegexPatternSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement
    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
    SizeConstraintStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement
    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
    SqliMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
    XssMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement
    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.
    AndStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement
    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
    ByteMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement
    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
    GeoMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement
    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
    IpSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement
    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
    LabelMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement
    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
    NotStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement
    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
    OrStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement
    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
    RegexMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement
    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
    RegexPatternSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement
    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
    SizeConstraintStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement
    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
    SqliMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
    XssMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement
    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.
    andStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement
    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
    byteMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement
    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
    geoMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement
    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
    ipSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement
    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
    labelMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement
    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
    notStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement
    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
    orStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement
    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
    regexMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement
    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
    regexPatternSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement
    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
    sizeConstraintStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement
    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
    sqliMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
    xssMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement
    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.
    andStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement
    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
    byteMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement
    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
    geoMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement
    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
    ipSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement
    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
    labelMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement
    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
    notStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement
    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
    orStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement
    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
    regexMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement
    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
    regexPatternSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement
    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
    sizeConstraintStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement
    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
    sqliMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
    xssMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement
    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.
    and_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement
    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
    byte_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement
    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
    geo_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement
    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
    ip_set_reference_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement
    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
    label_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement
    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
    not_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement
    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
    or_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement
    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
    regex_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement
    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
    regex_pattern_set_reference_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement
    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
    size_constraint_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement
    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
    sqli_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
    xss_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement
    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.
    andStatement Property Map
    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
    byteMatchStatement Property Map
    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
    geoMatchStatement Property Map
    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
    ipSetReferenceStatement Property Map
    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
    labelMatchStatement Property Map
    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
    notStatement Property Map
    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
    orStatement Property Map
    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
    regexMatchStatement Property Map
    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
    regexPatternSetReferenceStatement Property Map
    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
    sizeConstraintStatement Property Map
    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
    sqliMatchStatement Property Map
    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
    xssMatchStatement Property Map
    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementArgs

    Statements List<WebAclRuleStatement>
    The statements to combine.
    Statements []WebAclRuleStatement
    The statements to combine.
    statements List<WebAclRuleStatement>
    The statements to combine.
    statements WebAclRuleStatement[]
    The statements to combine.
    statements Sequence[WebAclRuleStatement]
    The statements to combine.
    statements List<Property Map>
    The statements to combine.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementArgs

    PositionalConstraint string
    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    SearchString string
    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    TextTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    PositionalConstraint string
    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    SearchString string
    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    TextTransformations []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    positionalConstraint String
    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    searchString String
    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    textTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    positionalConstraint string
    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    searchString string
    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    textTransformations WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    positional_constraint str
    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    search_string str
    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    text_transformations Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    field_to_match WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    positionalConstraint String
    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
    searchString String
    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch Property Map
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchArgs

    AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    HeaderOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    Headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader>
    Inspect the request headers. See headers below for details.
    Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    HeaderOrders []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    Headers []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader
    Inspect the request headers. See headers below for details.
    Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader>
    Inspect the request headers. See headers below for details.
    ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder[]
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader[]
    Inspect the request headers. See headers below for details.
    ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    all_query_arguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    header_orders Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder]
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader]
    Inspect the request headers. See headers below for details.
    ja3_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    json_body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    query_string WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    single_header WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    single_query_argument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uri_path WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments Property Map
    Inspect all query arguments.
    body Property Map
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies Property Map
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders List<Property Map>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers List<Property Map>
    Inspect the request headers. See headers below for details.
    ja3Fingerprint Property Map
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody Property Map
    Inspect the request body as JSON. See json_body for details.
    method Property Map
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString Property Map
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader Property Map
    Inspect a single header. See single_header below for details.
    singleQueryArgument Property Map
    Inspect a single query argument. See single_query_argument below for details.
    uriPath Property Map
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBodyArgs

    OversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    OversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling String
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversize_handling str
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling String
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesArgs

    MatchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    MatchPatterns []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern[]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    match_patterns Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    match_scope str
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversize_handling str
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns List<Property Map>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs

    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderArgs

    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    match_scope str
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern Property Map
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs

    All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders List<string>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders List<string>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders []string
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders []string
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders string[]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders string[]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_headers Sequence[str]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    included_headers Sequence[str]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrderArgs

    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3FingerprintArgs

    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallback_behavior str
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyArgs

    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    match_scope str
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalid_fallback_behavior str
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversize_handling str
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern Property Map
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs

    all Property Map
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeaderArgs

    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs

    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformationArgs

    Priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    Transformation to apply, please refer to the Text Transformation documentation for more details.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementArgs

    CountryCodes List<string>
    Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    ForwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.
    CountryCodes []string
    Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    ForwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.
    countryCodes List<String>
    Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    forwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.
    countryCodes string[]
    Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    forwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.
    country_codes Sequence[str]
    Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    forwarded_ip_config WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.
    countryCodes List<String>
    Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
    forwardedIpConfig Property Map
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfigArgs

    FallbackBehavior string
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    HeaderName string
    Name of the HTTP header to use for the IP address.
    FallbackBehavior string
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    HeaderName string
    Name of the HTTP header to use for the IP address.
    fallbackBehavior String
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName String
    Name of the HTTP header to use for the IP address.
    fallbackBehavior string
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName string
    Name of the HTTP header to use for the IP address.
    fallback_behavior str
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    header_name str
    Name of the HTTP header to use for the IP address.
    fallbackBehavior String
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName String
    Name of the HTTP header to use for the IP address.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementArgs

    Arn string
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    IpSetForwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.
    Arn string
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    IpSetForwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.
    arn String
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    ipSetForwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.
    arn string
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    ipSetForwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.
    arn str
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    ip_set_forwarded_ip_config WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.
    arn String
    The Amazon Resource Name (ARN) of the IP Set that this statement references.
    ipSetForwardedIpConfig Property Map
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs

    FallbackBehavior string
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    HeaderName string
    Name of the HTTP header to use for the IP address.
    Position string
    Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
    FallbackBehavior string
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    HeaderName string
    Name of the HTTP header to use for the IP address.
    Position string
    Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
    fallbackBehavior String
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName String
    Name of the HTTP header to use for the IP address.
    position String
    Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
    fallbackBehavior string
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName string
    Name of the HTTP header to use for the IP address.
    position string
    Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
    fallback_behavior str
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    header_name str
    Name of the HTTP header to use for the IP address.
    position str
    Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
    fallbackBehavior String
    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
    headerName String
    Name of the HTTP header to use for the IP address.
    position String
    Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatementArgs

    Key string
    String to match against.
    Scope string
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.
    Key string
    String to match against.
    Scope string
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.
    key String
    String to match against.
    scope String
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.
    key string
    String to match against.
    scope string
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.
    key str
    String to match against.
    scope str
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.
    key String
    String to match against.
    scope String
    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementArgs

    Statements List<WebAclRuleStatement>
    The statements to combine.
    Statements []WebAclRuleStatement
    The statements to combine.
    statements List<WebAclRuleStatement>
    The statements to combine.
    statements WebAclRuleStatement[]
    The statements to combine.
    statements Sequence[WebAclRuleStatement]
    The statements to combine.
    statements List<Property Map>
    The statements to combine.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementArgs

    Statements List<WebAclRuleStatement>
    The statements to combine.
    Statements []WebAclRuleStatement
    The statements to combine.
    statements List<WebAclRuleStatement>
    The statements to combine.
    statements WebAclRuleStatement[]
    The statements to combine.
    statements Sequence[WebAclRuleStatement]
    The statements to combine.
    statements List<Property Map>
    The statements to combine.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementArgs

    RegexString string
    String representing the regular expression. Minimum of 1 and maximum of 512 characters.
    TextTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    RegexString string
    String representing the regular expression. Minimum of 1 and maximum of 512 characters.
    TextTransformations []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    regexString String
    String representing the regular expression. Minimum of 1 and maximum of 512 characters.
    textTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    regexString string
    String representing the regular expression. Minimum of 1 and maximum of 512 characters.
    textTransformations WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    regex_string str
    String representing the regular expression. Minimum of 1 and maximum of 512 characters.
    text_transformations Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    field_to_match WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch
    The part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    regexString String
    String representing the regular expression. Minimum of 1 and maximum of 512 characters.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch Property Map
    The part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchArgs

    AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    HeaderOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    Headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader>
    Inspect the request headers. See headers below for details.
    Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    HeaderOrders []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    Headers []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader
    Inspect the request headers. See headers below for details.
    Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader>
    Inspect the request headers. See headers below for details.
    ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder[]
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader[]
    Inspect the request headers. See headers below for details.
    ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    all_query_arguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    header_orders Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder]
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader]
    Inspect the request headers. See headers below for details.
    ja3_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    json_body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    query_string WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    single_header WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    single_query_argument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uri_path WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments Property Map
    Inspect all query arguments.
    body Property Map
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies Property Map
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders List<Property Map>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers List<Property Map>
    Inspect the request headers. See headers below for details.
    ja3Fingerprint Property Map
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody Property Map
    Inspect the request body as JSON. See json_body for details.
    method Property Map
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString Property Map
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader Property Map
    Inspect a single header. See single_header below for details.
    singleQueryArgument Property Map
    Inspect a single query argument. See single_query_argument below for details.
    uriPath Property Map
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBodyArgs

    OversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    OversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling String
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversize_handling str
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling String
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesArgs

    MatchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    MatchPatterns []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern[]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    match_patterns Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    match_scope str
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversize_handling str
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns List<Property Map>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternArgs

    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderArgs

    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    match_scope str
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern Property Map
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternArgs

    All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders List<string>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders List<string>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders []string
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders []string
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders string[]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders string[]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_headers Sequence[str]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    included_headers Sequence[str]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrderArgs

    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3FingerprintArgs

    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallback_behavior str
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyArgs

    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    match_scope str
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalid_fallback_behavior str
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversize_handling str
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern Property Map
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternArgs

    all Property Map
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeaderArgs

    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgumentArgs

    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformationArgs

    Priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    Transformation to apply, please refer to the Text Transformation documentation for more details.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementArgs

    Arn string
    The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
    TextTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    Arn string
    The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
    TextTransformations []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    arn String
    The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
    textTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    arn string
    The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
    textTransformations WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    arn str
    The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
    text_transformations Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    field_to_match WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    arn String
    The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch Property Map
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchArgs

    AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    HeaderOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    Headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader>
    Inspect the request headers. See headers below for details.
    Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    HeaderOrders []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    Headers []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader
    Inspect the request headers. See headers below for details.
    Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader>
    Inspect the request headers. See headers below for details.
    ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder[]
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader[]
    Inspect the request headers. See headers below for details.
    ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    all_query_arguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    header_orders Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder]
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader]
    Inspect the request headers. See headers below for details.
    ja3_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    json_body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    query_string WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    single_header WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    single_query_argument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uri_path WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments Property Map
    Inspect all query arguments.
    body Property Map
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies Property Map
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders List<Property Map>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers List<Property Map>
    Inspect the request headers. See headers below for details.
    ja3Fingerprint Property Map
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody Property Map
    Inspect the request body as JSON. See json_body for details.
    method Property Map
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString Property Map
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader Property Map
    Inspect a single header. See single_header below for details.
    singleQueryArgument Property Map
    Inspect a single query argument. See single_query_argument below for details.
    uriPath Property Map
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBodyArgs

    OversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    OversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling String
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversize_handling str
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling String
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesArgs

    MatchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    MatchPatterns []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern[]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    match_patterns Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    match_scope str
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversize_handling str
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns List<Property Map>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternArgs

    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderArgs

    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    match_scope str
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern Property Map
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternArgs

    All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders List<string>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders List<string>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders []string
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders []string
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders string[]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders string[]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_headers Sequence[str]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    included_headers Sequence[str]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrderArgs

    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3FingerprintArgs

    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallback_behavior str
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyArgs

    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    match_scope str
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalid_fallback_behavior str
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversize_handling str
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern Property Map
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternArgs

    all Property Map
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeaderArgs

    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgumentArgs

    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformationArgs

    Priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    Transformation to apply, please refer to the Text Transformation documentation for more details.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementArgs

    ComparisonOperator string
    Operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
    Size int
    Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
    TextTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    ComparisonOperator string
    Operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
    Size int
    Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
    TextTransformations []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    comparisonOperator String
    Operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
    size Integer
    Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
    textTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    comparisonOperator string
    Operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
    size number
    Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
    textTransformations WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    comparison_operator str
    Operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
    size int
    Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
    text_transformations Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    field_to_match WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    comparisonOperator String
    Operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
    size Number
    Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch Property Map
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchArgs

    AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    HeaderOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    Headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader>
    Inspect the request headers. See headers below for details.
    Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    HeaderOrders []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    Headers []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader
    Inspect the request headers. See headers below for details.
    Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader>
    Inspect the request headers. See headers below for details.
    ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder[]
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader[]
    Inspect the request headers. See headers below for details.
    ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    all_query_arguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    header_orders Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder]
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader]
    Inspect the request headers. See headers below for details.
    ja3_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    json_body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    query_string WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    single_header WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    single_query_argument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uri_path WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments Property Map
    Inspect all query arguments.
    body Property Map
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies Property Map
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders List<Property Map>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers List<Property Map>
    Inspect the request headers. See headers below for details.
    ja3Fingerprint Property Map
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody Property Map
    Inspect the request body as JSON. See json_body for details.
    method Property Map
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString Property Map
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader Property Map
    Inspect a single header. See single_header below for details.
    singleQueryArgument Property Map
    Inspect a single query argument. See single_query_argument below for details.
    uriPath Property Map
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBodyArgs

    OversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    OversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling String
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversize_handling str
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling String
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesArgs

    MatchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    MatchPatterns []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern[]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    match_patterns Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    match_scope str
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversize_handling str
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns List<Property Map>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternArgs

    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderArgs

    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    match_scope str
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern Property Map
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternArgs

    All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders List<string>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders List<string>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders []string
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders []string
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders string[]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders string[]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_headers Sequence[str]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    included_headers Sequence[str]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrderArgs

    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3FingerprintArgs

    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallback_behavior str
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyArgs

    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    match_scope str
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalid_fallback_behavior str
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversize_handling str
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern Property Map
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternArgs

    all Property Map
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeaderArgs

    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgumentArgs

    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformationArgs

    Priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    Transformation to apply, please refer to the Text Transformation documentation for more details.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementArgs

    TextTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    SensitivityLevel string
    Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.
    TextTransformations []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    SensitivityLevel string
    Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.
    textTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    sensitivityLevel String
    Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.
    textTransformations WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    sensitivityLevel string
    Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.
    text_transformations Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    field_to_match WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    sensitivity_level str
    Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch Property Map
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    sensitivityLevel String
    Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchArgs

    AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    HeaderOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    Headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader>
    Inspect the request headers. See headers below for details.
    Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    HeaderOrders []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    Headers []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader
    Inspect the request headers. See headers below for details.
    Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader>
    Inspect the request headers. See headers below for details.
    ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder[]
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader[]
    Inspect the request headers. See headers below for details.
    ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    all_query_arguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    header_orders Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder]
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader]
    Inspect the request headers. See headers below for details.
    ja3_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    json_body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    query_string WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    single_header WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    single_query_argument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uri_path WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments Property Map
    Inspect all query arguments.
    body Property Map
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies Property Map
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders List<Property Map>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers List<Property Map>
    Inspect the request headers. See headers below for details.
    ja3Fingerprint Property Map
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody Property Map
    Inspect the request body as JSON. See json_body for details.
    method Property Map
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString Property Map
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader Property Map
    Inspect a single header. See single_header below for details.
    singleQueryArgument Property Map
    Inspect a single query argument. See single_query_argument below for details.
    uriPath Property Map
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBodyArgs

    OversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    OversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling String
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversize_handling str
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling String
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesArgs

    MatchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    MatchPatterns []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern[]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    match_patterns Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    match_scope str
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversize_handling str
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns List<Property Map>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternArgs

    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderArgs

    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    match_scope str
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern Property Map
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternArgs

    All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders List<string>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders List<string>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders []string
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders []string
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders string[]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders string[]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_headers Sequence[str]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    included_headers Sequence[str]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrderArgs

    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3FingerprintArgs

    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallback_behavior str
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyArgs

    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    match_scope str
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalid_fallback_behavior str
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversize_handling str
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern Property Map
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternArgs

    all Property Map
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeaderArgs

    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgumentArgs

    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformationArgs

    Priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    Transformation to apply, please refer to the Text Transformation documentation for more details.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementArgs

    TextTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    TextTransformations []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformation
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    textTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformation>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    textTransformations WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformation[]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    text_transformations Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformation]
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    field_to_match WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatch
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
    textTransformations List<Property Map>
    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
    fieldToMatch Property Map
    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchArgs

    AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    HeaderOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    Headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeader>
    Inspect the request headers. See headers below for details.
    Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    HeaderOrders []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    Headers []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeader
    Inspect the request headers. See headers below for details.
    Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeader>
    Inspect the request headers. See headers below for details.
    ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder[]
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeader[]
    Inspect the request headers. See headers below for details.
    ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    all_query_arguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments
    Inspect all query arguments.
    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBody
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookies
    Inspect the cookies in the web request. See cookies below for details.
    header_orders Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder]
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeader]
    Inspect the request headers. See headers below for details.
    ja3_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    json_body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody
    Inspect the request body as JSON. See json_body for details.
    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchMethod
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    query_string WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    single_header WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader
    Inspect a single header. See single_header below for details.
    single_query_argument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument
    Inspect a single query argument. See single_query_argument below for details.
    uri_path WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    allQueryArguments Property Map
    Inspect all query arguments.
    body Property Map
    Inspect the request body, which immediately follows the request headers. See body below for details.
    cookies Property Map
    Inspect the cookies in the web request. See cookies below for details.
    headerOrders List<Property Map>
    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
    headers List<Property Map>
    Inspect the request headers. See headers below for details.
    ja3Fingerprint Property Map
    Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
    jsonBody Property Map
    Inspect the request body as JSON. See json_body for details.
    method Property Map
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString Property Map
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader Property Map
    Inspect a single header. See single_header below for details.
    singleQueryArgument Property Map
    Inspect a single query argument. See single_query_argument below for details.
    uriPath Property Map
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBodyArgs

    OversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    OversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling String
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling string
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversize_handling str
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.
    oversizeHandling String
    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesArgs

    MatchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    MatchPatterns []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    MatchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    OversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern[]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope string
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling string
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    match_patterns Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern]
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    match_scope str
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversize_handling str
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.
    matchPatterns List<Property Map>
    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
    matchScope String
    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
    oversizeHandling String
    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternArgs

    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedCookies List<String>
    includedCookies List<String>

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderArgs

    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    MatchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope string
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    match_scope str
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    matchPattern Property Map
    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
    matchScope String
    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternArgs

    All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders List<string>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders List<string>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    ExcludedHeaders []string
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    IncludedHeaders []string
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders string[]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders string[]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll
    An empty configuration block that is used for inspecting all headers.
    excluded_headers Sequence[str]
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    included_headers Sequence[str]
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
    all Property Map
    An empty configuration block that is used for inspecting all headers.
    excludedHeaders List<String>
    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
    includedHeaders List<String>
    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrderArgs

    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    OversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling string
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversize_handling str
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.
    oversizeHandling String
    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa3FingerprintArgs

    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    FallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior string
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallback_behavior str
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.
    fallbackBehavior String
    The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyArgs

    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    MatchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    InvalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    OversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope string
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior string
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling string
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    match_scope str
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalid_fallback_behavior str
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversize_handling str
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.
    matchPattern Property Map
    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
    matchScope String
    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
    invalidFallbackBehavior String
    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
    oversizeHandling String
    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternArgs

    all Property Map
    An empty configuration block that is used for inspecting all headers.
    includedPaths List<String>

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeaderArgs

    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgumentArgs

    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    Name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name string
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name str
    Name of the query header to inspect. This setting must be provided as lower case characters.
    name String
    Name of the query header to inspect. This setting must be provided as lower case characters.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformationArgs

    Priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    Priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    Type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Integer
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority number
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type string
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority int
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type str
    Transformation to apply, please refer to the Text Transformation documentation for more details.
    priority Number
    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
    type String
    Transformation to apply, please refer to the Text Transformation documentation for more details.

    WebAclRuleStatementNotStatement, WebAclRuleStatementNotStatementArgs

    Statements List<WebAclRuleStatement>
    The statements to combine.
    Statements []WebAclRuleStatement
    The statements to combine.
    statements List<WebAclRuleStatement>
    The statements to combine.
    statements WebAclRuleStatement[]
    The statements to combine.
    statements Sequence[WebAclRuleStatement]
    The statements to combine.
    statements List<Property Map>
    The statements to combine.

    WebAclRuleStatementOrStatement, WebAclRuleStatementOrStatementArgs

    Statements List<WebAclRuleStatement>
    The statements to combine.
    Statements []WebAclRuleStatement
    The statements to combine.
    statements List<WebAclRuleStatement>
    The statements to combine.
    statements WebAclRuleStatement[]
    The statements to combine.
    statements Sequence[WebAclRuleStatement]
    The statements to combine.
    statements List<Property Map>
    The statements to combine.

    WebAclRuleStatementRateBasedStatement, WebAclRuleStatementRateBasedStatementArgs

    Limit int
    Limit on requests per 5-minute period for a single originating IP address.
    AggregateKeyType string
    Setting that indicates how to aggregate the request counts. Valid values include: CONSTANT, CUSTOM_KEYS, FORWARDED_IP, or IP. Default: IP.
    CustomKeys List<WebAclRuleStatementRateBasedStatementCustomKey>
    Aggregate the request counts using one or more web request components as the aggregate keys. See custom_key below for details.
    EvaluationWindowSec int

    The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are 60, 120, 300, and 600. Defaults to 300 (5 minutes).

    NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.

    ForwardedIpConfig WebAclRuleStatementRateBasedStatementForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If aggregate_key_type is set to FORWARDED_IP, this block is required. See forwarded_ip_config below for details.
    ScopeDownStatement WebAclRuleStatementRateBasedStatementScopeDownStatement
    Optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details. If aggregate_key_type is set to CONSTANT, this block is required.
    Limit int
    Limit on requests per 5-minute period for a single originating IP address.
    AggregateKeyType string
    Setting that indicates how to aggregate the request counts. Valid values include: CONSTANT, CUSTOM_KEYS, FORWARDED_IP, or IP. Default: IP.
    CustomKeys []WebAclRuleStatementRateBasedStatementCustomKey
    Aggregate the request counts using one or more web request components as the aggregate keys. See custom_key below for details.
    EvaluationWindowSec int

    The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are 60, 120, 300, and 600. Defaults to 300 (5 minutes).

    NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.

    ForwardedIpConfig WebAclRuleStatementRateBasedStatementForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If aggregate_key_type is set to FORWARDED_IP, this block is required. See forwarded_ip_config below for details.
    ScopeDownStatement WebAclRuleStatementRateBasedStatementScopeDownStatement
    Optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details. If aggregate_key_type is set to CONSTANT, this block is required.
    limit Integer
    Limit on requests per 5-minute period for a single originating IP address.
    aggregateKeyType String
    Setting that indicates how to aggregate the request counts. Valid values include: CONSTANT, CUSTOM_KEYS, FORWARDED_IP, or IP. Default: IP.
    customKeys List<WebAclRuleStatementRateBasedStatementCustomKey>
    Aggregate the request counts using one or more web request components as the aggregate keys. See custom_key below for details.
    evaluationWindowSec Integer

    The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are 60, 120, 300, and 600. Defaults to 300 (5 minutes).

    NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.

    forwardedIpConfig WebAclRuleStatementRateBasedStatementForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If aggregate_key_type is set to FORWARDED_IP, this block is required. See forwarded_ip_config below for details.
    scopeDownStatement WebAclRuleStatementRateBasedStatementScopeDownStatement
    Optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details. If aggregate_key_type is set to CONSTANT, this block is required.
    limit number
    Limit on requests per 5-minute period for a single originating IP address.
    aggregateKeyType string
    Setting that indicates how to aggregate the request counts. Valid values include: CONSTANT, CUSTOM_KEYS, FORWARDED_IP, or IP. Default: IP.
    customKeys WebAclRuleStatementRateBasedStatementCustomKey[]
    Aggregate the request counts using one or more web request components as the aggregate keys. See custom_key below for details.
    evaluationWindowSec number

    The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are 60, 120, 300, and 600. Defaults to 300 (5 minutes).

    NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.

    forwardedIpConfig WebAclRuleStatementRateBasedStatementForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If aggregate_key_type is set to FORWARDED_IP, this block is required. See forwarded_ip_config below for details.
    scopeDownStatement WebAclRuleStatementRateBasedStatementScopeDownStatement
    Optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details. If aggregate_key_type is set to CONSTANT, this block is required.
    limit int
    Limit on requests per 5-minute period for a single originating IP address.
    aggregate_key_type str
    Setting that indicates how to aggregate the request counts. Valid values include: CONSTANT, CUSTOM_KEYS, FORWARDED_IP, or IP. Default: IP.
    custom_keys Sequence[WebAclRuleStatementRateBasedStatementCustomKey]
    Aggregate the request counts using one or more web request components as the aggregate keys. See custom_key below for details.
    evaluation_window_sec int

    The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are 60, 120, 300, and 600. Defaults to 300 (5 minutes).

    NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.

    forwarded_ip_config WebAclRuleStatementRateBasedStatementForwardedIpConfig
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If aggregate_key_type is set to FORWARDED_IP, this block is required. See forwarded_ip_config below for details.
    scope_down_statement WebAclRuleStatementRateBasedStatementScopeDownStatement
    Optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details. If aggregate_key_type is set to CONSTANT, this block is required.
    limit Number
    Limit on requests per 5-minute period for a single originating IP address.
    aggregateKeyType String
    Setting that indicates how to aggregate the request counts. Valid values include: CONSTANT, CUSTOM_KEYS, FORWARDED_IP, or IP. Default: IP.
    customKeys List<Property Map>
    Aggregate the request counts using one or more web request components as the aggregate keys. See custom_key below for details.
    evaluationWindowSec Number

    The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are 60, 120, 300, and 600. Defaults to 300 (5 minutes).

    NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.

    forwardedIpConfig Property Map
    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If aggregate_key_type is set to FORWARDED_IP, this block is required. See forwarded_ip_config below for details.
    scopeDownStatement Property Map
    Optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details. If aggregate_key_type is set to CONSTANT, this block is required.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi