Struct aws_sdk_networkfirewall::model::RulesSourceList

#[non_exhaustive]
pub struct RulesSourceList {
    pub targets: Option<Vec<String>>,
    pub target_types: Option<Vec<TargetType>>,
    pub generated_rules_type: Option<GeneratedRulesType>,
}

Stateful inspection criteria for a domain list rule group.

For HTTPS traffic, domain filtering is SNI-based. It uses the server name indicator extension of the TLS handshake.

By default, Network Firewall domain list inspection only includes traffic coming from the VPC where you deploy the firewall. To inspect traffic from IP addresses outside of the deployment VPC, you set the HOME_NET rule variable to include the CIDR range of the deployment VPC plus the other CIDR ranges. For more information, see RuleVariables in this guide and Stateful domain list rule groups in Network Firewall in the Network Firewall Developer Guide.

Fields (Non-exhaustive)

Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.

targets: Option<Vec<String>>

The domains that you want to inspect for in your traffic flows. Valid domain specifications are the following:

• Explicit names. For example, abc.example.com matches only the domain abc.example.com.

• Names that use a domain wildcard, which you indicate with an initial '.'. For example,.example.com matches example.com and matches all subdomains of example.com, such as abc.example.com and www.example.com.

target_types: Option<Vec<TargetType>>

The protocols you want to inspect. Specify TLS_SNI for HTTPS. Specify HTTP_HOST for HTTP. You can specify either or both.

generated_rules_type: Option<GeneratedRulesType>

Whether you want to allow or deny access to the domains in your target list.

Implementations

impl RulesSourceList

pub fn targets(&self) -> Option<&[String]>

The domains that you want to inspect for in your traffic flows. Valid domain specifications are the following:

• Explicit names. For example, abc.example.com matches only the domain abc.example.com.

• Names that use a domain wildcard, which you indicate with an initial '.'. For example,.example.com matches example.com and matches all subdomains of example.com, such as abc.example.com and www.example.com.

pub fn target_types(&self) -> Option<&[TargetType]>

The protocols you want to inspect. Specify TLS_SNI for HTTPS. Specify HTTP_HOST for HTTP. You can specify either or both.

pub fn generated_rules_type(&self) -> Option<&GeneratedRulesType>

Whether you want to allow or deny access to the domains in your target list.

impl RulesSourceList

pub fn builder() -> Builder

Creates a new builder-style object to manufacture RulesSourceList

Trait Implementations

impl Clone for RulesSourceList

fn clone(&self) -> RulesSourceList

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for RulesSourceList

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl PartialEq<RulesSourceList> for RulesSourceList

fn eq(&self, other: &RulesSourceList) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &RulesSourceList) -> bool

This method tests for !=.

impl StructuralPartialEq for RulesSourceList