Struct aws_sdk_wafv2::types::JsonBody
source · #[non_exhaustive]pub struct JsonBody {
pub match_pattern: Option<JsonMatchPattern>,
pub match_scope: JsonMatchScope,
pub invalid_fallback_behavior: Option<BodyParsingFallbackBehavior>,
pub oversize_handling: Option<OversizeHandling>,
}
Expand description
Inspect the body of the web request as JSON. The body immediately follows the request headers.
This is used to indicate the web request component to inspect, in the FieldToMatch
specification.
Use the specifications in this object to indicate which parts of the JSON body to inspect using the rule's inspection criteria. WAF inspects only the parts of the JSON that result from the matches that you indicate.
Example JSON: "JsonBody": { "MatchPattern": { "All": {} }, "MatchScope": "ALL" }
Fields (Non-exhaustive)§
This struct is marked as non-exhaustive
Struct { .. }
syntax; cannot be matched against without a wildcard ..
; and struct update syntax will not work.match_pattern: Option<JsonMatchPattern>
The patterns to look for in the JSON body. WAF inspects the results of these pattern matches against the rule inspection criteria.
match_scope: JsonMatchScope
The parts of the JSON to match against using the MatchPattern
. If you specify ALL
, WAF matches against keys and values.
All
does not require a match to be found in the keys and a match to be found in the values. It requires a match to be found in the keys or the values or both. To require a match in the keys and in the values, use a logical AND
statement to combine two match rules, one that inspects the keys and another that inspects the values.
invalid_fallback_behavior: Option<BodyParsingFallbackBehavior>
What WAF should do if it fails to completely parse the JSON body. The options are the following:
-
EVALUATE_AS_STRING
- Inspect the body as plain text. WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string. -
MATCH
- Treat the web request as matching the rule statement. WAF applies the rule action to the request. -
NO_MATCH
- Treat the web request as not matching the rule statement.
If you don't provide this setting, WAF parses and evaluates the content only up to the first parsing failure that it encounters.
WAF does its best to parse the entire JSON body, but might be forced to stop for reasons such as invalid characters, duplicate keys, truncation, and any content whose root node isn't an object or an array.
WAF parses the JSON in the following examples as two valid key, value pairs:
-
Missing comma:
{"key1":"value1""key2":"value2"}
-
Missing colon:
{"key1":"value1","key2""value2"}
-
Extra colons:
{"key1"::"value1","key2""value2"}
oversize_handling: Option<OversizeHandling>
What WAF should do if the body is larger than WAF can inspect.
WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.
-
For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
-
For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL
AssociationConfig
, for additional processing fees.
The options for oversize handling are the following:
-
CONTINUE
- Inspect the available body contents normally, according to the rule inspection criteria. -
MATCH
- Treat the web request as matching the rule statement. WAF applies the rule action to the request. -
NO_MATCH
- Treat the web request as not matching the rule statement.
You can combine the MATCH
or NO_MATCH
settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.
Default: CONTINUE
Implementations§
source§impl JsonBody
impl JsonBody
sourcepub fn match_pattern(&self) -> Option<&JsonMatchPattern>
pub fn match_pattern(&self) -> Option<&JsonMatchPattern>
The patterns to look for in the JSON body. WAF inspects the results of these pattern matches against the rule inspection criteria.
sourcepub fn match_scope(&self) -> &JsonMatchScope
pub fn match_scope(&self) -> &JsonMatchScope
The parts of the JSON to match against using the MatchPattern
. If you specify ALL
, WAF matches against keys and values.
All
does not require a match to be found in the keys and a match to be found in the values. It requires a match to be found in the keys or the values or both. To require a match in the keys and in the values, use a logical AND
statement to combine two match rules, one that inspects the keys and another that inspects the values.
sourcepub fn invalid_fallback_behavior(&self) -> Option<&BodyParsingFallbackBehavior>
pub fn invalid_fallback_behavior(&self) -> Option<&BodyParsingFallbackBehavior>
What WAF should do if it fails to completely parse the JSON body. The options are the following:
-
EVALUATE_AS_STRING
- Inspect the body as plain text. WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string. -
MATCH
- Treat the web request as matching the rule statement. WAF applies the rule action to the request. -
NO_MATCH
- Treat the web request as not matching the rule statement.
If you don't provide this setting, WAF parses and evaluates the content only up to the first parsing failure that it encounters.
WAF does its best to parse the entire JSON body, but might be forced to stop for reasons such as invalid characters, duplicate keys, truncation, and any content whose root node isn't an object or an array.
WAF parses the JSON in the following examples as two valid key, value pairs:
-
Missing comma:
{"key1":"value1""key2":"value2"}
-
Missing colon:
{"key1":"value1","key2""value2"}
-
Extra colons:
{"key1"::"value1","key2""value2"}
sourcepub fn oversize_handling(&self) -> Option<&OversizeHandling>
pub fn oversize_handling(&self) -> Option<&OversizeHandling>
What WAF should do if the body is larger than WAF can inspect.
WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.
-
For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
-
For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL
AssociationConfig
, for additional processing fees.
The options for oversize handling are the following:
-
CONTINUE
- Inspect the available body contents normally, according to the rule inspection criteria. -
MATCH
- Treat the web request as matching the rule statement. WAF applies the rule action to the request. -
NO_MATCH
- Treat the web request as not matching the rule statement.
You can combine the MATCH
or NO_MATCH
settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.
Default: CONTINUE
Trait Implementations§
source§impl PartialEq for JsonBody
impl PartialEq for JsonBody
impl StructuralPartialEq for JsonBody
Auto Trait Implementations§
impl Freeze for JsonBody
impl RefUnwindSafe for JsonBody
impl Send for JsonBody
impl Sync for JsonBody
impl Unpin for JsonBody
impl UnwindSafe for JsonBody
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> Instrument for T
impl<T> Instrument for T
source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
source§impl<T> IntoEither for T
impl<T> IntoEither for T
source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left
is true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moresource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left(&self)
returns true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read more