Module aws_sdk_wafv2::model [−][src]
Expand description
Data structures used by operation inputs/outputs.
Modules
Structs
A single action condition for a Condition in a logging filter.
Inspect all of the elements that WAF has parsed and extracted from the web request
All query arguments of a web request.
Specifies that WAF should allow the request and optionally defines additional
A logical rule statement used to combine other rule statements with AND logic. You provide more than one Statement within the AndStatement.
Specifies that WAF should block the request and optionally defines additional
The body of a web request. This immediately follows the request headers.
A rule statement that defines a string match search for WAF to apply to web requests. The byte match statement provides the bytes to search for, the location in requests that you want WAF to search, and other settings. The bytes to search for are typically a string that corresponds with ASCII characters. In the WAF console and the developer guide, this is refered to as a string match statement.
Specifies that WAF should run a CAPTCHA check against the request:
Specifies how WAF should handle CAPTCHA evaluations. This is available at the web ACL level and in each rule.
The result from the inspection of the web request for a valid CAPTCHA token.
Specifies that WAF should count the request. Optionally defines additional custom
A custom header for custom request and response handling. This is used in CustomResponse and CustomRequestHandling.
Custom request handling behavior that inserts custom headers into a web request. You can
A custom response to send to the client. You can define a custom response for rule
The response body to use in a custom response to a web request. This is referenced by
In a WebACL, this is the action that you want WAF to perform
Specifies a single rule in a rule group whose action you want to override to Count. When you exclude a rule,
The part of a web request that you want WAF to inspect. Include the single FieldToMatch type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in FieldToMatch for each rule statement that requires it. To inspect more than one component of a web request, create a separate rule statement for each component.
A single logging filter, used in LoggingFilter.
A rule group that's defined for an Firewall Manager WAF policy.
The processing guidance for an Firewall Manager rule. This is like a regular rule Statement, but it can only contain a rule group reference.
The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.
A rule statement used to identify web requests based on country of origin.
Part of the response from GetSampledRequests. This is a complex type
Part of the response from GetSampledRequests. This is a complex type
Determines how long a CAPTCHA token remains valid after the client successfully solves a CAPTCHA puzzle.
Contains one or more IP addresses or blocks of IP addresses specified in Classless
The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.
A rule statement used to detect web requests coming from particular IP addresses or address ranges. To use this, create an IPSet that specifies the addresses you want to detect, then use the ARN of that set in this statement. To create an IP set, see CreateIPSet.
High-level information about an IPSet, returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage an IPSet, and the ARN, that you provide to the IPSetReferenceStatement to use the address set in a Rule.
The body of a web request, inspected as JSON. The body immediately follows the request
The patterns to look for in the JSON body. WAF inspects the results of these
A single label container. This is used as an element of a label array in multiple
A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL.
A single label name condition for a Condition in a logging
List of labels used by one or more of the rules of a RuleGroup. This
Defines an association between logging destinations and a web ACL
Filtering that specifies which web requests are kept in the logs and which are dropped,
A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.
High-level information about a managed rule group, returned by ListAvailableManagedRuleGroups. This provides information like the name and vendor name, that you provide when you add a ManagedRuleGroupStatement to a web ACL. Managed rule groups include Amazon Web Services Managed Rules rule groups, which are free of charge to WAF customers, and Amazon Web Services Marketplace managed rule groups, which you can subscribe to through Amazon Web Services Marketplace.
Describes a single version of a managed rule group.
A set of rules that is managed by Amazon Web Services and Amazon Web Services Marketplace sellers to provide versioned managed
High-level information for a managed rule set.
Information for a single version of a managed rule set.
The HTTP method of a web request. The method indicates the type of operation that the request is asking the origin to perform.
Specifies that WAF should do nothing. This is used for the OverrideAction setting
A logical rule statement used to negate the results of another rule statement. You provide one Statement within the NotStatement.
A logical rule statement used to combine other rule statements with OR logic. You provide more than one Statement within the OrStatement.
The action to use in the place of the action that results from the rule group evaluation. Set the override action to none to leave the result of the rule group alone. Set it to count to override the result to count only.
The query string of a web request. This is the part of a URL that appears after a ? character, if any.
A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. You can use this to put a temporary block on requests from an IP address that is sending excessive requests.
The set of IP addresses that are currently blocked for a RateBasedStatement.
A single regular expression. This is used in a RegexPatternSet.
A rule statement used to search web request components for a match against a single regular expression.
Contains one or more regular expressions.
A rule statement used to search web request components for matches with regular expressions. To use this, create a RegexPatternSet that specifies the expressions that you want to detect, then use the ARN of that set in this statement. A web request matches the pattern set rule statement if the request component matches any of the patterns in the set. To create a regex pattern set, see CreateRegexPatternSet.
High-level information about a RegexPatternSet, returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage a RegexPatternSet, and the ARN, that you provide to the RegexPatternSetReferenceStatement to use the pattern set in a Rule.
The action that WAF should take on a web request when it matches a rule's
A rule group defines a collection of rules to inspect and control web requests that you can use in a WebACL. When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements.
A rule statement used to run the rules that are defined in a RuleGroup. To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.
High-level information about a RuleGroup, returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage a RuleGroup, and the ARN, that you provide to the RuleGroupReferenceStatement to use the rule group in a Rule.
High-level information about a Rule, returned by operations like DescribeManagedRuleGroup. This provides information like the ID, that you can use to retrieve and manage a RuleGroup, and the ARN, that you provide to the RuleGroupReferenceStatement to use the rule group in a Rule.
Represents a single sampled web request. The response from GetSampledRequests includes a SampledHTTPRequests complex type
One of the headers in a web request, identified by name, for example,
One query argument in a web request, identified by name, for example
A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.
Attackers sometimes insert malicious SQL code into web requests in an effort to extract data from your database. To allow or block web requests that appear to contain malicious SQL code, create one or more SQL injection match conditions. An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want WAF to inspect. Later in the process, when you create a web ACL, you specify whether to allow or block requests that appear to contain malicious SQL code.
The processing guidance for a Rule, used by WAF to determine whether a web request matches the rule.
A tag associated with an Amazon Web Services resource. Tags are key:value pairs that you can use to
The collection of tagging definitions for an Amazon Web Services resource. Tags are key:value pairs
Text transformations eliminate some of the unusual formatting that attackers use in web
In a GetSampledRequests request, the StartTime and
The path component of the URI of a web request. This is the part of a web request that identifies a resource. For example, /images/daily-ad.jpg.
A version of the named managed rule group, that the rule group's vendor publishes for
Defines and enables Amazon CloudWatch metrics and web request sample collection.
A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, or an AppSync GraphQL API.
High-level information about a WebACL, returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage a WebACL, and the ARN, that you provide to operations like AssociateWebACL.
A rule statement that defines a cross-site scripting (XSS) match search for WAF to apply to web requests.