Crate rusoto_waf [] [src]

This is the AWS WAF API Reference for using AWS WAF with Amazon CloudFront. The AWS WAF actions and data types listed in the reference are available for protecting Amazon CloudFront distributions. You can use these actions and data types via the endpoint waf.amazonaws.com. This guide is for developers who need detailed information about the AWS WAF API actions, data types, and errors. For detailed information about AWS WAF features and an overview of how to use the AWS WAF API, see the AWS WAF Developer Guide.

If you're using the service, you're probably looking for WafClient and Waf.

Structs

ActivatedRule

The ActivatedRule object in an UpdateWebACL request specifies a Rule that you want to insert or delete, the priority of the Rule in the WebACL, and the action that you want AWS WAF to take when a web request matches the Rule (ALLOW, BLOCK, or COUNT).

To specify whether to insert or delete a Rule, use the Action parameter in the WebACLUpdate data type.

ByteMatchSet

In a GetByteMatchSet request, ByteMatchSet is a complex type that contains the ByteMatchSetId and Name of a ByteMatchSet, and the values that you specified when you updated the ByteMatchSet.

A complex type that contains ByteMatchTuple objects, which specify the parts of web requests that you want AWS WAF to inspect and the values that you want AWS WAF to search for. If a ByteMatchSet contains more than one ByteMatchTuple object, a request needs to match the settings in only one ByteMatchTuple to be considered a match.

ByteMatchSetSummary

Returned by ListByteMatchSets. Each ByteMatchSetSummary object includes the Name and ByteMatchSetId for one ByteMatchSet.

ByteMatchSetUpdate

In an UpdateByteMatchSet request, ByteMatchSetUpdate specifies whether to insert or delete a ByteMatchTuple and includes the settings for the ByteMatchTuple.

ByteMatchTuple

The bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings.

CreateByteMatchSetRequest
CreateByteMatchSetResponse
CreateIPSetRequest
CreateIPSetResponse
CreateRateBasedRuleRequest
CreateRateBasedRuleResponse
CreateRuleRequest
CreateRuleResponse
CreateSizeConstraintSetRequest
CreateSizeConstraintSetResponse
CreateSqlInjectionMatchSetRequest

A request to create a SqlInjectionMatchSet.

CreateSqlInjectionMatchSetResponse

The response to a CreateSqlInjectionMatchSet request.

CreateWebACLRequest
CreateWebACLResponse
CreateXssMatchSetRequest

A request to create an XssMatchSet.

CreateXssMatchSetResponse

The response to a CreateXssMatchSet request.

DeleteByteMatchSetRequest
DeleteByteMatchSetResponse
DeleteIPSetRequest
DeleteIPSetResponse
DeleteRateBasedRuleRequest
DeleteRateBasedRuleResponse
DeleteRuleRequest
DeleteRuleResponse
DeleteSizeConstraintSetRequest
DeleteSizeConstraintSetResponse
DeleteSqlInjectionMatchSetRequest

A request to delete a SqlInjectionMatchSet from AWS WAF.

DeleteSqlInjectionMatchSetResponse

The response to a request to delete a SqlInjectionMatchSet from AWS WAF.

DeleteWebACLRequest
DeleteWebACLResponse
DeleteXssMatchSetRequest

A request to delete an XssMatchSet from AWS WAF.

DeleteXssMatchSetResponse

The response to a request to delete an XssMatchSet from AWS WAF.

FieldToMatch

Specifies where in a web request to look for TargetString.

GetByteMatchSetRequest
GetByteMatchSetResponse
GetChangeTokenRequest
GetChangeTokenResponse
GetChangeTokenStatusRequest
GetChangeTokenStatusResponse
GetIPSetRequest
GetIPSetResponse
GetRateBasedRuleManagedKeysRequest
GetRateBasedRuleManagedKeysResponse
GetRateBasedRuleRequest
GetRateBasedRuleResponse
GetRuleRequest
GetRuleResponse
GetSampledRequestsRequest
GetSampledRequestsResponse
GetSizeConstraintSetRequest
GetSizeConstraintSetResponse
GetSqlInjectionMatchSetRequest

A request to get a SqlInjectionMatchSet.

GetSqlInjectionMatchSetResponse

The response to a GetSqlInjectionMatchSet request.

GetWebACLRequest
GetWebACLResponse
GetXssMatchSetRequest

A request to get an XssMatchSet.

GetXssMatchSetResponse

The response to a GetXssMatchSet request.

HTTPHeader

The response from a GetSampledRequests request includes an HTTPHeader complex type that appears as Headers in the response syntax. HTTPHeader contains the names and values of all of the headers that appear in one of the web requests that were returned by GetSampledRequests.

HTTPRequest

The response from a GetSampledRequests request includes an HTTPRequest complex type that appears as Request in the response syntax. HTTPRequest contains information about one of the web requests that were returned by GetSampledRequests.

IPSet

Contains one or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports /8, /16, /24, and /32 IP address ranges for IPv4, and /24, /32, /48, /56, /64 and /128 for IPv6.

To specify an individual IP address, you specify the four-part IP address followed by a /32, for example, 192.0.2.0/31. To block a range of IP addresses, you can specify a /128, /64, /56, /48, /32, /24, /16, or /8 CIDR. For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.

IPSetDescriptor

Specifies the IP address type (IPV4 or IPV6) and the IP address range (in CIDR format) that web requests originate from.

IPSetSummary

Contains the identifier and the name of the IPSet.

IPSetUpdate

Specifies the type of update to perform to an IPSet with UpdateIPSet.

ListByteMatchSetsRequest
ListByteMatchSetsResponse
ListIPSetsRequest
ListIPSetsResponse
ListRateBasedRulesRequest
ListRateBasedRulesResponse
ListRulesRequest
ListRulesResponse
ListSizeConstraintSetsRequest
ListSizeConstraintSetsResponse
ListSqlInjectionMatchSetsRequest

A request to list the SqlInjectionMatchSet objects created by the current AWS account.

ListSqlInjectionMatchSetsResponse

The response to a ListSqlInjectionMatchSets request.

ListWebACLsRequest
ListWebACLsResponse
ListXssMatchSetsRequest

A request to list the XssMatchSet objects created by the current AWS account.

ListXssMatchSetsResponse

The response to a ListXssMatchSets request.

Predicate

Specifies the ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, and SizeConstraintSet objects that you want to add to a Rule and, for each object, indicates whether you want to negate the settings, for example, requests that do NOT originate from the IP address 192.0.2.44.

RateBasedRule

A RateBasedRule is identical to a regular Rule, with one addition: a RateBasedRule counts the number of requests that arrive from a specified IP address every five minutes. For example, based on recent requests that you've seen from an attacker, you might create a RateBasedRule that includes the following conditions:

  • The requests come from 192.0.2.44.

  • They contain the value BadBot in the User-Agent header.

In the rule, you also define the rate limit as 15,000.

Requests that meet both of these conditions and exceed 15,000 requests every five minutes trigger the rule's action (block or count), which is defined in the web ACL.

Rule

A combination of ByteMatchSet, IPSet, and/or SqlInjectionMatchSet objects that identify the web requests that you want to allow, block, or count. For example, you might create a Rule that includes the following predicates:

  • An IPSet that causes AWS WAF to search for web requests that originate from the IP address 192.0.2.44

  • A ByteMatchSet that causes AWS WAF to search for web requests for which the value of the User-Agent header is BadBot.

To match the settings in this Rule, a request must originate from 192.0.2.44 AND include a User-Agent header for which the value is BadBot.

RuleSummary

Contains the identifier and the friendly name or description of the Rule.

RuleUpdate

Specifies a Predicate (such as an IPSet) and indicates whether you want to add it to a Rule or delete it from a Rule.

SampledHTTPRequest

The response from a GetSampledRequests request includes a SampledHTTPRequests complex type that appears as SampledRequests in the response syntax. SampledHTTPRequests contains one SampledHTTPRequest object for each web request that is returned by GetSampledRequests.

SizeConstraint

Specifies a constraint on the size of a part of the web request. AWS WAF uses the Size, ComparisonOperator, and FieldToMatch to build an expression in the form of "Size ComparisonOperator size in bytes of FieldToMatch". If that expression is true, the SizeConstraint is considered to match.

SizeConstraintSet

A complex type that contains SizeConstraint objects, which specify the parts of web requests that you want AWS WAF to inspect the size of. If a SizeConstraintSet contains more than one SizeConstraint object, a request only needs to match one constraint to be considered a match.

SizeConstraintSetSummary

The Id and Name of a SizeConstraintSet.

SizeConstraintSetUpdate

Specifies the part of a web request that you want to inspect the size of and indicates whether you want to add the specification to a SizeConstraintSet or delete it from a SizeConstraintSet.

SqlInjectionMatchSet

A complex type that contains SqlInjectionMatchTuple objects, which specify the parts of web requests that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header. If a SqlInjectionMatchSet contains more than one SqlInjectionMatchTuple object, a request needs to include snippets of SQL code in only one of the specified parts of the request to be considered a match.

SqlInjectionMatchSetSummary

The Id and Name of a SqlInjectionMatchSet.

SqlInjectionMatchSetUpdate

Specifies the part of a web request that you want to inspect for snippets of malicious SQL code and indicates whether you want to add the specification to a SqlInjectionMatchSet or delete it from a SqlInjectionMatchSet.

SqlInjectionMatchTuple

Specifies the part of a web request that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.

TimeWindow

In a GetSampledRequests request, the StartTime and EndTime objects specify the time range for which you want AWS WAF to return a sample of web requests.

In a GetSampledRequests response, the StartTime and EndTime objects specify the time range for which AWS WAF actually returned a sample of web requests. AWS WAF gets the specified number of requests from among the first 5,000 requests that your AWS resource receives during the specified time period. If your resource receives more than 5,000 requests during that period, AWS WAF stops sampling after the 5,000th request. In that case, EndTime is the time that AWS WAF received the 5,000th request.

UpdateByteMatchSetRequest
UpdateByteMatchSetResponse
UpdateIPSetRequest
UpdateIPSetResponse
UpdateRateBasedRuleRequest
UpdateRateBasedRuleResponse
UpdateRuleRequest
UpdateRuleResponse
UpdateSizeConstraintSetRequest
UpdateSizeConstraintSetResponse
UpdateSqlInjectionMatchSetRequest

A request to update a SqlInjectionMatchSet.

UpdateSqlInjectionMatchSetResponse

The response to an UpdateSqlInjectionMatchSets request.

UpdateWebACLRequest
UpdateWebACLResponse
UpdateXssMatchSetRequest

A request to update an XssMatchSet.

UpdateXssMatchSetResponse

The response to an UpdateXssMatchSets request.

WafAction

For the action that is associated with a rule in a WebACL, specifies the action that you want AWS WAF to perform when a web request matches all of the conditions in a rule. For the default action in a WebACL, specifies the action that you want AWS WAF to take when a web request doesn't match all of the conditions in any of the rules in a WebACL.

WafClient

A client for the WAF API.

WebACL

Contains the Rules that identify the requests that you want to allow, block, or count. In a WebACL, you also specify a default action (ALLOW or BLOCK), and the action for each Rule that you add to a WebACL, for example, block requests from specified IP addresses or block requests from specified referrers. You also associate the WebACL with a CloudFront distribution to identify the requests that you want AWS WAF to filter. If you add more than one Rule to a WebACL, a request needs to match only one of the specifications to be allowed, blocked, or counted. For more information, see UpdateWebACL.

WebACLSummary

Contains the identifier and the name or description of the WebACL.

WebACLUpdate

Specifies whether to insert a Rule into or delete a Rule from a WebACL.

XssMatchSet

A complex type that contains XssMatchTuple objects, which specify the parts of web requests that you want AWS WAF to inspect for cross-site scripting attacks and, if you want AWS WAF to inspect a header, the name of the header. If a XssMatchSet contains more than one XssMatchTuple object, a request needs to include cross-site scripting attacks in only one of the specified parts of the request to be considered a match.

XssMatchSetSummary

The Id and Name of an XssMatchSet.

XssMatchSetUpdate

Specifies the part of a web request that you want to inspect for cross-site scripting attacks and indicates whether you want to add the specification to an XssMatchSet or delete it from an XssMatchSet.

XssMatchTuple

Specifies the part of a web request that you want AWS WAF to inspect for cross-site scripting attacks and, if you want AWS WAF to inspect a header, the name of the header.

Enums

CreateByteMatchSetError

Errors returned by CreateByteMatchSet

CreateIPSetError

Errors returned by CreateIPSet

CreateRateBasedRuleError

Errors returned by CreateRateBasedRule

CreateRuleError

Errors returned by CreateRule

CreateSizeConstraintSetError

Errors returned by CreateSizeConstraintSet

CreateSqlInjectionMatchSetError

Errors returned by CreateSqlInjectionMatchSet

CreateWebACLError

Errors returned by CreateWebACL

CreateXssMatchSetError

Errors returned by CreateXssMatchSet

DeleteByteMatchSetError

Errors returned by DeleteByteMatchSet

DeleteIPSetError

Errors returned by DeleteIPSet

DeleteRateBasedRuleError

Errors returned by DeleteRateBasedRule

DeleteRuleError

Errors returned by DeleteRule

DeleteSizeConstraintSetError

Errors returned by DeleteSizeConstraintSet

DeleteSqlInjectionMatchSetError

Errors returned by DeleteSqlInjectionMatchSet

DeleteWebACLError

Errors returned by DeleteWebACL

DeleteXssMatchSetError

Errors returned by DeleteXssMatchSet

GetByteMatchSetError

Errors returned by GetByteMatchSet

GetChangeTokenError

Errors returned by GetChangeToken

GetChangeTokenStatusError

Errors returned by GetChangeTokenStatus

GetIPSetError

Errors returned by GetIPSet

GetRateBasedRuleError

Errors returned by GetRateBasedRule

GetRateBasedRuleManagedKeysError

Errors returned by GetRateBasedRuleManagedKeys

GetRuleError

Errors returned by GetRule

GetSampledRequestsError

Errors returned by GetSampledRequests

GetSizeConstraintSetError

Errors returned by GetSizeConstraintSet

GetSqlInjectionMatchSetError

Errors returned by GetSqlInjectionMatchSet

GetWebACLError

Errors returned by GetWebACL

GetXssMatchSetError

Errors returned by GetXssMatchSet

ListByteMatchSetsError

Errors returned by ListByteMatchSets

ListIPSetsError

Errors returned by ListIPSets

ListRateBasedRulesError

Errors returned by ListRateBasedRules

ListRulesError

Errors returned by ListRules

ListSizeConstraintSetsError

Errors returned by ListSizeConstraintSets

ListSqlInjectionMatchSetsError

Errors returned by ListSqlInjectionMatchSets

ListWebACLsError

Errors returned by ListWebACLs

ListXssMatchSetsError

Errors returned by ListXssMatchSets

UpdateByteMatchSetError

Errors returned by UpdateByteMatchSet

UpdateIPSetError

Errors returned by UpdateIPSet

UpdateRateBasedRuleError

Errors returned by UpdateRateBasedRule

UpdateRuleError

Errors returned by UpdateRule

UpdateSizeConstraintSetError

Errors returned by UpdateSizeConstraintSet

UpdateSqlInjectionMatchSetError

Errors returned by UpdateSqlInjectionMatchSet

UpdateWebACLError

Errors returned by UpdateWebACL

UpdateXssMatchSetError

Errors returned by UpdateXssMatchSet

Traits

Waf

Trait representing the capabilities of the WAF API. WAF clients implement this trait.