Struct aws_sdk_wafv2::model::IpSetForwardedIpConfig

source · []
#[non_exhaustive]
pub struct IpSetForwardedIpConfig {
    pub header_name: Option<String>,
    pub fallback_behavior: Option<FallbackBehavior>,
    pub position: Option<ForwardedIpPosition>,
}
Expand description

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.

If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.

This configuration is used only for IPSetReferenceStatement. For GeoMatchStatement and RateBasedStatement, use ForwardedIPConfig instead.

Fields (Non-exhaustive)

This struct is marked as non-exhaustive
Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.
header_name: Option<String>

The name of the HTTP header to use for the IP address. For example, to use the X-Forwarded-For (XFF) header, set this to X-Forwarded-For.

If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.

fallback_behavior: Option<FallbackBehavior>

The match status to assign to the web request if the request doesn't have a valid IP address in the specified position.

If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.

You can specify the following fallback behaviors:

  • MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.

  • NO_MATCH - Treat the web request as not matching the rule statement.

position: Option<ForwardedIpPosition>

The position in the header to search for the IP address. The header can contain IP addresses of the original client and also of proxies. For example, the header value could be 10.1.1.1, 127.0.0.0, 10.10.10.10 where the first IP address identifies the original client and the rest identify proxies that the request went through.

The options for this setting are the following:

  • FIRST - Inspect the first IP address in the list of IP addresses in the header. This is usually the client's original IP.

  • LAST - Inspect the last IP address in the list of IP addresses in the header.

  • ANY - Inspect all IP addresses in the header for a match. If the header contains more than 10 IP addresses, WAF inspects the last 10.

Implementations

The name of the HTTP header to use for the IP address. For example, to use the X-Forwarded-For (XFF) header, set this to X-Forwarded-For.

If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.

The match status to assign to the web request if the request doesn't have a valid IP address in the specified position.

If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.

You can specify the following fallback behaviors:

  • MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.

  • NO_MATCH - Treat the web request as not matching the rule statement.

The position in the header to search for the IP address. The header can contain IP addresses of the original client and also of proxies. For example, the header value could be 10.1.1.1, 127.0.0.0, 10.10.10.10 where the first IP address identifies the original client and the rest identify proxies that the request went through.

The options for this setting are the following:

  • FIRST - Inspect the first IP address in the list of IP addresses in the header. This is usually the client's original IP.

  • LAST - Inspect the last IP address in the list of IP addresses in the header.

  • ANY - Inspect all IP addresses in the header for a match. If the header contains more than 10 IP addresses, WAF inspects the last 10.

Creates a new builder-style object to manufacture IpSetForwardedIpConfig

Trait Implementations

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

Formats the value using the given formatter. Read more

This method tests for self and other values to be equal, and is used by ==. Read more

This method tests for !=.

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

The resulting type after obtaining ownership.

Creates owned data from borrowed data, usually by cloning. Read more

Uses borrowed data to replace owned data, usually by cloning. Read more

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more