Struct aws_sdk_wafv2::types::FieldToMatch

source · 
#[non_exhaustive]
pub struct FieldToMatch {
    pub single_header: Option<SingleHeader>,
    pub single_query_argument: Option<SingleQueryArgument>,
    pub all_query_arguments: Option<AllQueryArguments>,
    pub uri_path: Option<UriPath>,
    pub query_string: Option<QueryString>,
    pub body: Option<Body>,
    pub method: Option<Method>,
    pub json_body: Option<JsonBody>,
    pub headers: Option<Headers>,
    pub cookies: Option<Cookies>,
    pub header_order: Option<HeaderOrder>,
    pub ja3_fingerprint: Option<Ja3Fingerprint>,
}
Expand description

Specifies a web request component to be used in a rule match statement or in a logging configuration.

  • In a rule statement, this is the part of the web request that you want WAF to inspect. Include the single FieldToMatch type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in FieldToMatch for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component.

    Example JSON for a QueryString field to match:

    "FieldToMatch": { "QueryString": {} }

    Example JSON for a Method field to match specification:

    "FieldToMatch": { "Method": { "Name": "DELETE" } }

  • In a logging configuration, this is used in the RedactedFields property to specify a field to redact from the logging records. For this use case, note the following:

    • Even though all FieldToMatch settings are available, the only valid settings for field redaction are UriPath, QueryString, SingleHeader, and Method.

    • In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, but for field redaction, you are specifying the component type to redact from the logs.

Fields (Non-exhaustive)§

This struct is marked as non-exhaustive
Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.
§single_header: Option<SingleHeader>

Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn't case sensitive.

Example JSON: "SingleHeader": { "Name": "haystack" }

Alternately, you can filter and inspect all headers with the Headers FieldToMatch setting.

§single_query_argument: Option<SingleQueryArgument>

Inspect a single query argument. Provide the name of the query argument to inspect, such as UserName or SalesRegion. The name can be up to 30 characters long and isn't case sensitive.

Example JSON: "SingleQueryArgument": { "Name": "myArgument" }

§all_query_arguments: Option<AllQueryArguments>

Inspect all query arguments.

§uri_path: Option<UriPath>

Inspect the request URI path. This is the part of the web request that identifies a resource, for example, /images/daily-ad.jpg.

§query_string: Option<QueryString>

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

§body: Option<Body>

Inspect the request body as plain text. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.

WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.

  • For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).

  • For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig, for additional processing fees.

For information about how to handle oversized request bodies, see the Body object configuration.

§method: Option<Method>

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

§json_body: Option<JsonBody>

Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.

WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.

  • For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).

  • For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig, for additional processing fees.

For information about how to handle oversized request bodies, see the JsonBody object configuration.

§headers: Option<Headers>

Inspect the request headers. You must configure scope and pattern matching filters in the Headers object, to define the set of headers to and the parts of the headers that WAF inspects.

Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to WAF for inspection by the underlying host service. You must configure how to handle any oversize header content in the Headers object. WAF applies the pattern matching filters to the headers that it receives from the underlying host service.

§cookies: Option<Cookies>

Inspect the request cookies. You must configure scope and pattern matching filters in the Cookies object, to define the set of cookies and the parts of the cookies that WAF inspects.

Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie content in the Cookies object. WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.

§header_order: Option<HeaderOrder>

Inspect a string containing the list of the request's header names, ordered as they appear in the web request that WAF receives for inspection. WAF generates the string and then uses that as the field to match component in its inspection. WAF separates the header names in the string using colons and no added spaces, for example host:user-agent:accept:authorization:referer.

§ja3_fingerprint: Option<Ja3Fingerprint>

Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.

You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.

You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.

Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.

Implementations§

source§

impl FieldToMatch

source

pub fn single_header(&self) -> Option<&SingleHeader>

Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn't case sensitive.

Example JSON: "SingleHeader": { "Name": "haystack" }

Alternately, you can filter and inspect all headers with the Headers FieldToMatch setting.

source

pub fn single_query_argument(&self) -> Option<&SingleQueryArgument>

Inspect a single query argument. Provide the name of the query argument to inspect, such as UserName or SalesRegion. The name can be up to 30 characters long and isn't case sensitive.

Example JSON: "SingleQueryArgument": { "Name": "myArgument" }

source

pub fn all_query_arguments(&self) -> Option<&AllQueryArguments>

Inspect all query arguments.

source

pub fn uri_path(&self) -> Option<&UriPath>

Inspect the request URI path. This is the part of the web request that identifies a resource, for example, /images/daily-ad.jpg.

source

pub fn query_string(&self) -> Option<&QueryString>

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

source

pub fn body(&self) -> Option<&Body>

Inspect the request body as plain text. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.

WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.

  • For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).

  • For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig, for additional processing fees.

For information about how to handle oversized request bodies, see the Body object configuration.

source

pub fn method(&self) -> Option<&Method>

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

source

pub fn json_body(&self) -> Option<&JsonBody>

Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.

WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.

  • For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).

  • For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig, for additional processing fees.

For information about how to handle oversized request bodies, see the JsonBody object configuration.

source

pub fn headers(&self) -> Option<&Headers>

Inspect the request headers. You must configure scope and pattern matching filters in the Headers object, to define the set of headers to and the parts of the headers that WAF inspects.

Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to WAF for inspection by the underlying host service. You must configure how to handle any oversize header content in the Headers object. WAF applies the pattern matching filters to the headers that it receives from the underlying host service.

source

pub fn cookies(&self) -> Option<&Cookies>

Inspect the request cookies. You must configure scope and pattern matching filters in the Cookies object, to define the set of cookies and the parts of the cookies that WAF inspects.

Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie content in the Cookies object. WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.

source

pub fn header_order(&self) -> Option<&HeaderOrder>

Inspect a string containing the list of the request's header names, ordered as they appear in the web request that WAF receives for inspection. WAF generates the string and then uses that as the field to match component in its inspection. WAF separates the header names in the string using colons and no added spaces, for example host:user-agent:accept:authorization:referer.

source

pub fn ja3_fingerprint(&self) -> Option<&Ja3Fingerprint>

Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.

You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.

You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.

Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.

source§

impl FieldToMatch

source

pub fn builder() -> FieldToMatchBuilder

Creates a new builder-style object to manufacture FieldToMatch.

Trait Implementations§

source§

impl Clone for FieldToMatch

source§

fn clone(&self) -> FieldToMatch

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for FieldToMatch

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl PartialEq for FieldToMatch

source§

fn eq(&self, other: &FieldToMatch) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl StructuralPartialEq for FieldToMatch

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T> Instrument for T

source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> IntoEither for T

source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

impl<Unshared, Shared> IntoShared<Shared> for Unshared
where Shared: FromUnshared<Unshared>,

source§

fn into_shared(self) -> Shared

Creates a shared type from an unshared type.
source§

impl<T> Same for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
source§

impl<T> WithSubscriber for T

source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more